1apiVersion: apiextensions.k8s.io/v1
2kind: CustomResourceDefinition
3metadata:
4 labels:
5 addonmanager.kubernetes.io/mode: Reconcile
6 name: hostendpoints.crd.projectcalico.org
7spec:
8 group: crd.projectcalico.org
9 names:
10 kind: HostEndpoint
11 listKind: HostEndpointList
12 plural: hostendpoints
13 singular: hostendpoint
14 scope: Cluster
15 versions:
16 - name: v1
17 schema:
18 openAPIV3Schema:
19 properties:
20 apiVersion:
21 description: 'APIVersion defines the versioned schema of this representation
22 of an object. Servers should convert recognized schemas to the latest
23 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
24 type: string
25 kind:
26 description: 'Kind is a string value representing the REST resource this
27 object represents. Servers may infer this from the endpoint the client
28 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
29 type: string
30 metadata:
31 type: object
32 spec:
33 description: HostEndpointSpec contains the specification for a HostEndpoint
34 resource.
35 properties:
36 expectedIPs:
37 description: "The expected IP addresses (IPv4 and IPv6) of the endpoint.
38 If \"InterfaceName\" is not present, Calico will look for an interface
39 matching any of the IPs in the list and apply policy to that. Note:
40 \tWhen using the selector match criteria in an ingress or egress
41 security Policy \tor Profile, Calico converts the selector into
42 a set of IP addresses. For host \tendpoints, the ExpectedIPs field
43 is used for that purpose. (If only the interface \tname is specified,
44 Calico does not learn the IPs of the interface for use in match
45 \tcriteria.)"
46 items:
47 type: string
48 type: array
49 interfaceName:
50 description: "Either \"*\", or the name of a specific Linux interface
51 to apply policy to; or empty. \"*\" indicates that this HostEndpoint
52 governs all traffic to, from or through the default network namespace
53 of the host named by the \"Node\" field; entering and leaving that
54 namespace via any interface, including those from/to non-host-networked
55 local workloads. \n If InterfaceName is not \"*\", this HostEndpoint
56 only governs traffic that enters or leaves the host through the
57 specific interface named by InterfaceName, or - when InterfaceName
58 is empty - through the specific interface that has one of the IPs
59 in ExpectedIPs. Therefore, when InterfaceName is empty, at least
60 one expected IP must be specified. Only external interfaces (such
61 as “eth0”) are supported here; it isn't possible for a HostEndpoint
62 to protect traffic through a specific local workload interface.
63 \n Note: Only some kinds of policy are implemented for \"*\" HostEndpoints;
64 initially just pre-DNAT policy. Please check Calico documentation
65 for the latest position."
66 type: string
67 node:
68 description: The node name identifying the Calico node instance.
69 type: string
70 ports:
71 description: Ports contains the endpoint's named ports, which may
72 be referenced in security policy rules.
73 items:
74 properties:
75 name:
76 type: string
77 port:
78 type: integer
79 protocol:
80 anyOf:
81 - type: integer
82 - type: string
83 pattern: ^.*
84 x-kubernetes-int-or-string: true
85 required:
86 - name
87 - port
88 - protocol
89 type: object
90 type: array
91 profiles:
92 description: A list of identifiers of security Profile objects that
93 apply to this endpoint. Each profile is applied in the order that
94 they appear in this list. Profile rules are applied after the selector-based
95 security policy.
96 items:
97 type: string
98 type: array
99 type: object
100 type: object
101 served: true
102 storage: true
103status:
104 acceptedNames:
105 kind: ""
106 plural: ""
107 conditions: []
108 storedVersions: []
View as plain text