1apiVersion: apiextensions.k8s.io/v1
2kind: CustomResourceDefinition
3metadata:
4 annotations:
5 api-approved.openshift.io: https://github.com/openshift/api/pull/527
6 name: egressnetworkpolicies.network.openshift.io
7spec:
8 group: network.openshift.io
9 names:
10 kind: EgressNetworkPolicy
11 listKind: EgressNetworkPolicyList
12 plural: egressnetworkpolicies
13 singular: egressnetworkpolicy
14 scope: Namespaced
15 versions:
16 - name: v1
17 schema:
18 openAPIV3Schema:
19 description: "EgressNetworkPolicy describes the current egress network policy for a Namespace. When using the 'redhat/openshift-ovs-multitenant' network plugin, traffic from a pod to an IP address outside the cluster will be checked against each EgressNetworkPolicyRule in the pod's namespace's EgressNetworkPolicy, in order. If no rule matches (or no EgressNetworkPolicy is present) then the traffic will be allowed by default. \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)."
20 type: object
21 required:
22 - spec
23 properties:
24 apiVersion:
25 description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
26 type: string
27 kind:
28 description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
29 type: string
30 metadata:
31 type: object
32 spec:
33 description: spec is the specification of the current egress network policy
34 type: object
35 required:
36 - egress
37 properties:
38 egress:
39 description: egress contains the list of egress policy rules
40 type: array
41 items:
42 description: EgressNetworkPolicyRule contains a single egress network policy rule
43 type: object
44 required:
45 - to
46 - type
47 properties:
48 to:
49 description: to is the target that traffic is allowed/denied to
50 type: object
51 properties:
52 cidrSelector:
53 description: CIDRSelector is the CIDR range to allow/deny traffic to. If this is set, dnsName must be unset Ideally we would have liked to use the cidr openapi format for this property. But openshift-sdn only supports v4 while specifying the cidr format allows both v4 and v6 cidrs We are therefore using a regex pattern to validate instead.
54 type: string
55 pattern: ^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])/([0-9]|[12][0-9]|3[0-2])$
56 dnsName:
57 description: DNSName is the domain name to allow/deny traffic to. If this is set, cidrSelector must be unset
58 type: string
59 pattern: ^([A-Za-z0-9-]+\.)*[A-Za-z0-9-]+\.?$
60 type:
61 description: type marks this as an "Allow" or "Deny" rule
62 type: string
63 pattern: ^Allow|Deny$
64 served: true
65 storage: true
66status:
67 acceptedNames:
68 kind: ""
69 plural: ""
70 conditions: []
71 storedVersions: []
View as plain text