1
2// This file was autogenerated by go-to-protobuf. Do not edit it manually!
3
4syntax = "proto2";
5
6package github.com.openshift.api.network.v1;
7
8import "k8s.io/apimachinery/pkg/apis/meta/v1/generated.proto";
9import "k8s.io/apimachinery/pkg/runtime/schema/generated.proto";
10
11// Package-wide variables from generator "generated".
12option go_package = "github.com/openshift/api/network/v1";
13
14// ClusterNetwork describes the cluster network. There is normally only one object of this type,
15// named "default", which is created by the SDN network plugin based on the master configuration
16// when the cluster is brought up for the first time.
17//
18// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
19// +kubebuilder:resource:scope="Cluster"
20// +kubebuilder:printcolumn:name="Cluster Network",type=string,JSONPath=`.network`,description="The primary cluster network CIDR"
21// +kubebuilder:printcolumn:name="Service Network",type=string,JSONPath=`.serviceNetwork`,description="The service network CIDR"
22// +kubebuilder:printcolumn:name="Plugin Name",type=string,JSONPath=`.pluginName`,description="The Openshift SDN network plug-in in use"
23// +openshift:compatibility-gen:level=1
24message ClusterNetwork {
25 // metadata is the standard object's metadata.
26 // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
27 optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1;
28
29 // Network is a CIDR string specifying the global overlay network's L3 space
30 // +kubebuilder:validation:Pattern=`^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])/([0-9]|[12][0-9]|3[0-2])$`
31 optional string network = 2;
32
33 // HostSubnetLength is the number of bits of network to allocate to each node. eg, 8 would mean that each node would have a /24 slice of the overlay network for its pods
34 // +kubebuilder:validation:Minimum=2
35 // +kubebuilder:validation:Maximum=30
36 optional uint32 hostsubnetlength = 3;
37
38 // ServiceNetwork is the CIDR range that Service IP addresses are allocated from
39 // +kubebuilder:validation:Pattern=`^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])/([0-9]|[12][0-9]|3[0-2])$`
40 optional string serviceNetwork = 4;
41
42 // PluginName is the name of the network plugin being used
43 optional string pluginName = 5;
44
45 // ClusterNetworks is a list of ClusterNetwork objects that defines the global overlay network's L3 space by specifying a set of CIDR and netmasks that the SDN can allocate addresses from.
46 repeated ClusterNetworkEntry clusterNetworks = 6;
47
48 // VXLANPort sets the VXLAN destination port used by the cluster.
49 // It is set by the master configuration file on startup and cannot be edited manually.
50 // Valid values for VXLANPort are integers 1-65535 inclusive and if unset defaults to 4789.
51 // Changing VXLANPort allows users to resolve issues between openshift SDN and other software trying to use the same VXLAN destination port.
52 // +kubebuilder:validation:Minimum=1
53 // +kubebuilder:validation:Maximum=65535
54 // +kubebuilder:validation:Optional
55 // +optional
56 optional uint32 vxlanPort = 7;
57
58 // MTU is the MTU for the overlay network. This should be 50 less than the MTU of the network connecting the nodes. It is normally autodetected by the cluster network operator.
59 // +kubebuilder:validation:Minimum=576
60 // +kubebuilder:validation:Maximum=65536
61 // +kubebuilder:validation:Optional
62 // +optional
63 optional uint32 mtu = 8;
64}
65
66// ClusterNetworkEntry defines an individual cluster network. The CIDRs cannot overlap with other cluster network CIDRs, CIDRs reserved for external ips, CIDRs reserved for service networks, and CIDRs reserved for ingress ips.
67message ClusterNetworkEntry {
68 // CIDR defines the total range of a cluster networks address space.
69 // +kubebuilder:validation:Pattern=`^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])/([0-9]|[12][0-9]|3[0-2])$`
70 optional string cidr = 1;
71
72 // HostSubnetLength is the number of bits of the accompanying CIDR address to allocate to each node. eg, 8 would mean that each node would have a /24 slice of the overlay network for its pods.
73 // +kubebuilder:validation:Minimum=2
74 // +kubebuilder:validation:Maximum=30
75 optional uint32 hostSubnetLength = 2;
76}
77
78// ClusterNetworkList is a collection of ClusterNetworks
79//
80// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
81// +openshift:compatibility-gen:level=1
82message ClusterNetworkList {
83 // metadata is the standard list's metadata.
84 // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
85 optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1;
86
87 // Items is the list of cluster networks
88 repeated ClusterNetwork items = 2;
89}
90
91// EgressNetworkPolicy describes the current egress network policy for a Namespace. When using
92// the 'redhat/openshift-ovs-multitenant' network plugin, traffic from a pod to an IP address
93// outside the cluster will be checked against each EgressNetworkPolicyRule in the pod's
94// namespace's EgressNetworkPolicy, in order. If no rule matches (or no EgressNetworkPolicy
95// is present) then the traffic will be allowed by default.
96//
97// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
98// +openshift:compatibility-gen:level=1
99message EgressNetworkPolicy {
100 // metadata is the standard object's metadata.
101 // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
102 optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1;
103
104 // spec is the specification of the current egress network policy
105 optional EgressNetworkPolicySpec spec = 2;
106}
107
108// EgressNetworkPolicyList is a collection of EgressNetworkPolicy
109//
110// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
111// +openshift:compatibility-gen:level=1
112message EgressNetworkPolicyList {
113 // metadata is the standard list's metadata.
114 // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
115 optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1;
116
117 // items is the list of policies
118 repeated EgressNetworkPolicy items = 2;
119}
120
121// EgressNetworkPolicyPeer specifies a target to apply egress network policy to
122message EgressNetworkPolicyPeer {
123 // CIDRSelector is the CIDR range to allow/deny traffic to. If this is set, dnsName must be unset
124 // Ideally we would have liked to use the cidr openapi format for this property.
125 // But openshift-sdn only supports v4 while specifying the cidr format allows both v4 and v6 cidrs
126 // We are therefore using a regex pattern to validate instead.
127 // +kubebuilder:validation:Pattern=`^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])/([0-9]|[12][0-9]|3[0-2])$`
128 optional string cidrSelector = 1;
129
130 // DNSName is the domain name to allow/deny traffic to. If this is set, cidrSelector must be unset
131 // +kubebuilder:validation:Pattern=`^([A-Za-z0-9-]+\.)*[A-Za-z0-9-]+\.?$`
132 optional string dnsName = 2;
133}
134
135// EgressNetworkPolicyRule contains a single egress network policy rule
136message EgressNetworkPolicyRule {
137 // type marks this as an "Allow" or "Deny" rule
138 optional string type = 1;
139
140 // to is the target that traffic is allowed/denied to
141 optional EgressNetworkPolicyPeer to = 2;
142}
143
144// EgressNetworkPolicySpec provides a list of policies on outgoing network traffic
145message EgressNetworkPolicySpec {
146 // egress contains the list of egress policy rules
147 repeated EgressNetworkPolicyRule egress = 1;
148}
149
150// HostSubnet describes the container subnet network on a node. The HostSubnet object must have the
151// same name as the Node object it corresponds to.
152//
153// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
154// +kubebuilder:printcolumn:name="Host",type=string,JSONPath=`.host`,description="The name of the node"
155// +kubebuilder:printcolumn:name="Host IP",type=string,JSONPath=`.hostIP`,description="The IP address to be used as a VTEP by other nodes in the overlay network"
156// +kubebuilder:printcolumn:name="Subnet",type=string,JSONPath=`.subnet`,description="The CIDR range of the overlay network assigned to the node for its pods"
157// +kubebuilder:printcolumn:name="Egress CIDRs",type=string,JSONPath=`.egressCIDRs`,description="The network egress CIDRs"
158// +kubebuilder:printcolumn:name="Egress IPs",type=string,JSONPath=`.egressIPs`,description="The network egress IP addresses"
159// +openshift:compatibility-gen:level=1
160message HostSubnet {
161 // metadata is the standard object's metadata.
162 // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
163 optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1;
164
165 // Host is the name of the node. (This is the same as the object's name, but both fields must be set.)
166 // +kubebuilder:validation:Pattern=`^[a-z0-9.-]+$`
167 optional string host = 2;
168
169 // HostIP is the IP address to be used as a VTEP by other nodes in the overlay network
170 // +kubebuilder:validation:Pattern=`^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])$`
171 optional string hostIP = 3;
172
173 // Subnet is the CIDR range of the overlay network assigned to the node for its pods
174 // +kubebuilder:validation:Pattern=`^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])/([0-9]|[12][0-9]|3[0-2])$`
175 optional string subnet = 4;
176
177 // EgressIPs is the list of automatic egress IP addresses currently hosted by this node.
178 // If EgressCIDRs is empty, this can be set by hand; if EgressCIDRs is set then the
179 // master will overwrite the value here with its own allocation of egress IPs.
180 // +optional
181 repeated string egressIPs = 5;
182
183 // EgressCIDRs is the list of CIDR ranges available for automatically assigning
184 // egress IPs to this node from. If this field is set then EgressIPs should be
185 // treated as read-only.
186 // +optional
187 repeated string egressCIDRs = 6;
188}
189
190// HostSubnetList is a collection of HostSubnets
191//
192// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
193// +openshift:compatibility-gen:level=1
194message HostSubnetList {
195 // metadata is the standard list's metadata.
196 // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
197 optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1;
198
199 // Items is the list of host subnets
200 repeated HostSubnet items = 2;
201}
202
203// NetNamespace describes a single isolated network. When using the redhat/openshift-ovs-multitenant
204// plugin, every Namespace will have a corresponding NetNamespace object with the same name.
205// (When using redhat/openshift-ovs-subnet, NetNamespaces are not used.)
206//
207// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
208// +kubebuilder:printcolumn:name="NetID",type=integer,JSONPath=`.netid`,description="The network identifier of the network namespace"
209// +kubebuilder:printcolumn:name="Egress IPs",type=string,JSONPath=`.egressIPs`,description="The network egress IP addresses"
210// +openshift:compatibility-gen:level=1
211message NetNamespace {
212 // metadata is the standard object's metadata.
213 // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
214 optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1;
215
216 // NetName is the name of the network namespace. (This is the same as the object's name, but both fields must be set.)
217 // +kubebuilder:validation:Pattern=`^[a-z0-9.-]+$`
218 optional string netname = 2;
219
220 // NetID is the network identifier of the network namespace assigned to each overlay network packet. This can be manipulated with the "oc adm pod-network" commands.
221 // +kubebuilder:validation:Minimum=0
222 // +kubebuilder:validation:Maximum=16777215
223 optional uint32 netid = 3;
224
225 // EgressIPs is a list of reserved IPs that will be used as the source for external traffic coming from pods in this namespace.
226 // (If empty, external traffic will be masqueraded to Node IPs.)
227 // +optional
228 repeated string egressIPs = 4;
229}
230
231// NetNamespaceList is a collection of NetNamespaces
232//
233// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
234// +openshift:compatibility-gen:level=1
235message NetNamespaceList {
236 // metadata is the standard list's metadata.
237 // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
238 optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1;
239
240 // Items is the list of net namespaces
241 repeated NetNamespace items = 2;
242}
243
View as plain text