...

Text file src/k8s.io/kubernetes/cluster/addons/calico-policy-controller/hostendpoints-crd.yaml

Documentation: k8s.io/kubernetes/cluster/addons/calico-policy-controller

     1apiVersion: apiextensions.k8s.io/v1
     2kind: CustomResourceDefinition
     3metadata:
     4  labels:
     5    addonmanager.kubernetes.io/mode: Reconcile
     6  name: hostendpoints.crd.projectcalico.org
     7spec:
     8  group: crd.projectcalico.org
     9  names:
    10    kind: HostEndpoint
    11    listKind: HostEndpointList
    12    plural: hostendpoints
    13    singular: hostendpoint
    14  scope: Cluster
    15  versions:
    16  - name: v1
    17    schema:
    18      openAPIV3Schema:
    19        properties:
    20          apiVersion:
    21            description: 'APIVersion defines the versioned schema of this representation
    22              of an object. Servers should convert recognized schemas to the latest
    23              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
    24            type: string
    25          kind:
    26            description: 'Kind is a string value representing the REST resource this
    27              object represents. Servers may infer this from the endpoint the client
    28              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
    29            type: string
    30          metadata:
    31            type: object
    32          spec:
    33            description: HostEndpointSpec contains the specification for a HostEndpoint
    34              resource.
    35            properties:
    36              expectedIPs:
    37                description: "The expected IP addresses (IPv4 and IPv6) of the endpoint.
    38                  If \"InterfaceName\" is not present, Calico will look for an interface
    39                  matching any of the IPs in the list and apply policy to that. Note:
    40                  \tWhen using the selector match criteria in an ingress or egress
    41                  security Policy \tor Profile, Calico converts the selector into
    42                  a set of IP addresses. For host \tendpoints, the ExpectedIPs field
    43                  is used for that purpose. (If only the interface \tname is specified,
    44                  Calico does not learn the IPs of the interface for use in match
    45                  \tcriteria.)"
    46                items:
    47                  type: string
    48                type: array
    49              interfaceName:
    50                description: "Either \"*\", or the name of a specific Linux interface
    51                  to apply policy to; or empty.  \"*\" indicates that this HostEndpoint
    52                  governs all traffic to, from or through the default network namespace
    53                  of the host named by the \"Node\" field; entering and leaving that
    54                  namespace via any interface, including those from/to non-host-networked
    55                  local workloads. \n If InterfaceName is not \"*\", this HostEndpoint
    56                  only governs traffic that enters or leaves the host through the
    57                  specific interface named by InterfaceName, or - when InterfaceName
    58                  is empty - through the specific interface that has one of the IPs
    59                  in ExpectedIPs. Therefore, when InterfaceName is empty, at least
    60                  one expected IP must be specified.  Only external interfaces (such
    61                  as “eth0”) are supported here; it isn't possible for a HostEndpoint
    62                  to protect traffic through a specific local workload interface.
    63                  \n Note: Only some kinds of policy are implemented for \"*\" HostEndpoints;
    64                  initially just pre-DNAT policy.  Please check Calico documentation
    65                  for the latest position."
    66                type: string
    67              node:
    68                description: The node name identifying the Calico node instance.
    69                type: string
    70              ports:
    71                description: Ports contains the endpoint's named ports, which may
    72                  be referenced in security policy rules.
    73                items:
    74                  properties:
    75                    name:
    76                      type: string
    77                    port:
    78                      type: integer
    79                    protocol:
    80                      anyOf:
    81                      - type: integer
    82                      - type: string
    83                      pattern: ^.*
    84                      x-kubernetes-int-or-string: true
    85                  required:
    86                  - name
    87                  - port
    88                  - protocol
    89                  type: object
    90                type: array
    91              profiles:
    92                description: A list of identifiers of security Profile objects that
    93                  apply to this endpoint. Each profile is applied in the order that
    94                  they appear in this list.  Profile rules are applied after the selector-based
    95                  security policy.
    96                items:
    97                  type: string
    98                type: array
    99            type: object
   100        type: object
   101    served: true
   102    storage: true
   103status:
   104  acceptedNames:
   105    kind: ""
   106    plural: ""
   107  conditions: []
   108  storedVersions: []

View as plain text