1 /* 2 Copyright 2017 The Kubernetes Authors. 3 4 Licensed under the Apache License, Version 2.0 (the "License"); 5 you may not use this file except in compliance with the License. 6 You may obtain a copy of the License at 7 8 http://www.apache.org/licenses/LICENSE-2.0 9 10 Unless required by applicable law or agreed to in writing, software 11 distributed under the License is distributed on an "AS IS" BASIS, 12 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 See the License for the specific language governing permissions and 14 limitations under the License. 15 */ 16 17 package networking 18 19 import ( 20 metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" 21 "k8s.io/apimachinery/pkg/util/intstr" 22 api "k8s.io/kubernetes/pkg/apis/core" 23 ) 24 25 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object 26 27 // NetworkPolicy describes what network traffic is allowed for a set of pods 28 type NetworkPolicy struct { 29 metav1.TypeMeta 30 31 // +optional 32 metav1.ObjectMeta 33 34 // spec represents the specification of the desired behavior for this NetworkPolicy. 35 // +optional 36 Spec NetworkPolicySpec 37 } 38 39 // PolicyType describes the NetworkPolicy type 40 // This type is beta-level in 1.8 41 type PolicyType string 42 43 const ( 44 // PolicyTypeIngress is a NetworkPolicy that affects ingress traffic on selected pods 45 PolicyTypeIngress PolicyType = "Ingress" 46 // PolicyTypeEgress is a NetworkPolicy that affects egress traffic on selected pods 47 PolicyTypeEgress PolicyType = "Egress" 48 ) 49 50 // NetworkPolicySpec provides the specification of a NetworkPolicy 51 type NetworkPolicySpec struct { 52 // podSelector selects the pods to which this NetworkPolicy object applies. 53 // The array of ingress rules is applied to any pods selected by this field. 54 // Multiple network policies can select the same set of pods. In this case, 55 // the ingress rules for each are combined additively. 56 // This field is NOT optional and follows standard label selector semantics. 57 // An empty podSelector matches all pods in this namespace. 58 PodSelector metav1.LabelSelector 59 60 // ingress is a list of ingress rules to be applied to the selected pods. 61 // Traffic is allowed to a pod if there are no NetworkPolicies selecting the pod 62 // (and cluster policy otherwise allows the traffic), OR if the traffic source is 63 // the pod's local node, OR if the traffic matches at least one ingress rule 64 // across all of the NetworkPolicy objects whose podSelector matches the pod. If 65 // this field is empty then this NetworkPolicy does not allow any traffic (and serves 66 // solely to ensure that the pods it selects are isolated by default) 67 // +optional 68 Ingress []NetworkPolicyIngressRule 69 70 // egress is a list of egress rules to be applied to the selected pods. Outgoing traffic 71 // is allowed if there are no NetworkPolicies selecting the pod (and cluster policy 72 // otherwise allows the traffic), OR if the traffic matches at least one egress rule 73 // across all of the NetworkPolicy objects whose podSelector matches the pod. If 74 // this field is empty then this NetworkPolicy limits all outgoing traffic (and serves 75 // solely to ensure that the pods it selects are isolated by default). 76 // This field is beta-level in 1.8 77 // +optional 78 Egress []NetworkPolicyEgressRule 79 80 // policyTypes is a list of rule types that the NetworkPolicy relates to. 81 // Valid options are ["Ingress"], ["Egress"], or ["Ingress", "Egress"]. 82 // If this field is not specified, it will default based on the existence of ingress or egress rules; 83 // policies that contain an egress section are assumed to affect egress, and all policies 84 // (whether or not they contain an ingress section) are assumed to affect ingress. 85 // If you want to write an egress-only policy, you must explicitly specify policyTypes [ "Egress" ]. 86 // Likewise, if you want to write a policy that specifies that no egress is allowed, 87 // you must specify a policyTypes value that include "Egress" (since such a policy would not include 88 // an egress section and would otherwise default to just [ "Ingress" ]). 89 // This field is beta-level in 1.8 90 // +optional 91 PolicyTypes []PolicyType 92 } 93 94 // NetworkPolicyIngressRule describes a particular set of traffic that is allowed to the pods 95 // matched by a NetworkPolicySpec's podSelector. The traffic must match both ports and from. 96 type NetworkPolicyIngressRule struct { 97 // ports is a list of ports which should be made accessible on the pods selected for 98 // this rule. Each item in this list is combined using a logical OR. If this field is 99 // empty or missing, this rule matches all ports (traffic not restricted by port). 100 // If this field is present and contains at least one item, then this rule allows 101 // traffic only if the traffic matches at least one port in the list. 102 // +optional 103 Ports []NetworkPolicyPort 104 105 // from is a list of sources which should be able to access the pods selected for this rule. 106 // Items in this list are combined using a logical OR operation. If this field is 107 // empty or missing, this rule matches all sources (traffic not restricted by 108 // source). If this field is present and contains at least one item, this rule 109 // allows traffic only if the traffic matches at least one item in the from list. 110 // +optional 111 From []NetworkPolicyPeer 112 } 113 114 // NetworkPolicyEgressRule describes a particular set of traffic that is allowed out of pods 115 // matched by a NetworkPolicySpec's podSelector. The traffic must match both ports and to. 116 // This type is beta-level in 1.8 117 type NetworkPolicyEgressRule struct { 118 // ports is a list of destination ports for outgoing traffic. 119 // Each item in this list is combined using a logical OR. If this field is 120 // empty or missing, this rule matches all ports (traffic not restricted by port). 121 // If this field is present and contains at least one item, then this rule allows 122 // traffic only if the traffic matches at least one port in the list. 123 // +optional 124 Ports []NetworkPolicyPort 125 126 // to is a list of destinations for outgoing traffic of pods selected for this rule. 127 // Items in this list are combined using a logical OR operation. If this field is 128 // empty or missing, this rule matches all destinations (traffic not restricted by 129 // destination). If this field is present and contains at least one item, this rule 130 // allows traffic only if the traffic matches at least one item in the to list. 131 // +optional 132 To []NetworkPolicyPeer 133 } 134 135 // NetworkPolicyPort describes a port to allow traffic on 136 type NetworkPolicyPort struct { 137 // protocol represents the protocol (TCP, UDP, or SCTP) which traffic must match. 138 // If not specified, this field defaults to TCP. 139 // +optional 140 Protocol *api.Protocol 141 142 // port represents the port on the given protocol. This can either be a numerical or named 143 // port on a pod. If this field is not provided, this matches all port names and 144 // numbers. 145 // If present, only traffic on the specified protocol AND port will be matched. 146 // +optional 147 Port *intstr.IntOrString 148 149 // endPort indicates that the range of ports from port to endPort if set, inclusive, 150 // should be allowed by the policy. This field cannot be defined if the port field 151 // is not defined or if the port field is defined as a named (string) port. 152 // The endPort must be equal or greater than port. 153 // +optional 154 EndPort *int32 155 } 156 157 // IPBlock describes a particular CIDR (Ex. "192.168.1.0/24","2001:db8::/64") that is allowed 158 // to the pods matched by a NetworkPolicySpec's podSelector. The except entry describes CIDRs 159 // that should not be included within this rule. 160 type IPBlock struct { 161 // cidr is a string representing the IPBlock 162 // Valid examples are "192.168.1.0/24" or "2001:db8::/64" 163 CIDR string 164 165 // except is a list of CIDRs that should not be included within the IPBlock 166 // Valid examples are "192.168.1.0/24" or "2001:db8::/64" 167 // Except values will be rejected if they are outside the cidr range 168 // +optional 169 Except []string 170 } 171 172 // NetworkPolicyPeer describes a peer to allow traffic to/from. 173 type NetworkPolicyPeer struct { 174 // podSelector is a label selector which selects pods. This field follows standard label 175 // selector semantics; if present but empty, it selects all pods. 176 // 177 // If namespaceSelector is also set, then the NetworkPolicyPeer as a whole selects 178 // the pods matching podSelector in the Namespaces selected by namespaceSelector. 179 // Otherwise it selects the pods matching podSelector in the policy's own namespace. 180 // +optional 181 PodSelector *metav1.LabelSelector 182 183 // namespaceSelector selects namespaces using cluster-scoped labels. This field follows 184 // standard label selector semantics; if present but empty, it selects all namespaces. 185 // 186 // If podSelector is also set, then the NetworkPolicyPeer as a whole selects 187 // the pods matching podSelector in the namespaces selected by namespaceSelector. 188 // Otherwise it selects all pods in the namespaces selected by namespaceSelector. 189 // +optional 190 NamespaceSelector *metav1.LabelSelector 191 192 // ipBlock defines policy on a particular IPBlock. If this field is set then 193 // neither of the other fields can be. 194 // +optional 195 IPBlock *IPBlock 196 } 197 198 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object 199 200 // NetworkPolicyList is a list of NetworkPolicy objects. 201 type NetworkPolicyList struct { 202 metav1.TypeMeta 203 204 // +optional 205 metav1.ListMeta 206 207 Items []NetworkPolicy 208 } 209 210 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object 211 212 // Ingress is a collection of rules that allow inbound connections to reach the 213 // endpoints defined by a backend. An Ingress can be configured to give services 214 // externally-reachable urls, load balance traffic, terminate SSL, offer name 215 // based virtual hosting etc. 216 type Ingress struct { 217 metav1.TypeMeta 218 219 // Standard object's metadata. 220 // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata 221 // +optional 222 metav1.ObjectMeta 223 224 // spec is the desired state of the Ingress. 225 // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status 226 // +optional 227 Spec IngressSpec 228 229 // status is the current state of the Ingress. 230 // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status 231 // +optional 232 Status IngressStatus 233 } 234 235 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object 236 237 // IngressList is a collection of Ingress. 238 type IngressList struct { 239 metav1.TypeMeta 240 241 // Standard object's metadata. 242 // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata 243 // +optional 244 metav1.ListMeta 245 246 // items is the list of Ingress. 247 Items []Ingress 248 } 249 250 // IngressSpec describes the Ingress the user wishes to exist. 251 type IngressSpec struct { 252 // ingressClassName is the name of the IngressClass cluster resource. The 253 // associated IngressClass defines which controller will implement the 254 // resource. This replaces the deprecated `kubernetes.io/ingress.class` 255 // annotation. For backwards compatibility, when that annotation is set, it 256 // must be given precedence over this field. The controller may emit a 257 // warning if the field and annotation have different values. 258 // Implementations of this API should ignore Ingresses without a class 259 // specified. An IngressClass resource may be marked as default, which can 260 // be used to set a default value for this field. For more information, 261 // refer to the IngressClass documentation. 262 // +optional 263 IngressClassName *string 264 265 // defaultBackend is the backend that should handle requests that don't 266 // match any rule. If Rules are not specified, DefaultBackend must be specified. 267 // If DefaultBackend is not set, the handling of requests that do not match any 268 // of the rules will be up to the Ingress controller. 269 // +optional 270 DefaultBackend *IngressBackend 271 272 // tls represents the TLS configuration. Currently the ingress only supports a 273 // single TLS port, 443. If multiple members of this list specify different hosts, 274 // they will be multiplexed on the same port according to the hostname specified 275 // through the SNI TLS extension, if the ingress controller fulfilling the 276 // ingress supports SNI. 277 // +listType=atomic 278 // +optional 279 TLS []IngressTLS 280 281 // rules is a list of host rules used to configure the Ingress. If unspecified, or 282 // no rule matches, all traffic is sent to the default backend. 283 // +listType=atomic 284 // +optional 285 Rules []IngressRule 286 } 287 288 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object 289 290 // IngressClass represents the class of the Ingress, referenced by the Ingress 291 // Spec. The `ingressclass.kubernetes.io/is-default-class` annotation can be 292 // used to indicate that an IngressClass should be considered default. When a 293 // single IngressClass resource has this annotation set to true, new Ingress 294 // resources without a class specified will be assigned this default class. 295 type IngressClass struct { 296 metav1.TypeMeta 297 298 metav1.ObjectMeta 299 300 // spec is the desired state of the IngressClass. 301 // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status 302 // +optional 303 Spec IngressClassSpec 304 } 305 306 // IngressClassSpec provides information about the class of an Ingress. 307 type IngressClassSpec struct { 308 // controller refers to the name of the controller that should handle this 309 // class. This allows for different "flavors" that are controlled by the 310 // same controller. For example, you may have different parameters for the 311 // same implementing controller. This should be specified as a 312 // domain-prefixed path no more than 250 characters in length, e.g. 313 // "acme.io/ingress-controller". This field is immutable. 314 Controller string 315 316 // parameters is a link to a custom resource containing additional 317 // configuration for the controller. This is optional if the controller does 318 // not require extra parameters. 319 // +optional 320 Parameters *IngressClassParametersReference 321 } 322 323 const ( 324 // IngressClassParametersReferenceScopeNamespace indicates that the 325 // referenced Parameters resource is namespace-scoped. 326 IngressClassParametersReferenceScopeNamespace = "Namespace" 327 // IngressClassParametersReferenceScopeCluster indicates that the 328 // referenced Parameters resource is cluster-scoped. 329 IngressClassParametersReferenceScopeCluster = "Cluster" 330 ) 331 332 // IngressClassParametersReference identifies an API object. This can be used 333 // to specify a cluster or namespace-scoped resource. 334 type IngressClassParametersReference struct { 335 // apiGroup is the group for the resource being referenced. If apiGroup is 336 // not specified, the specified kind must be in the core API group. For any 337 // other third-party types, apiGroup is required. 338 // +optional 339 APIGroup *string 340 341 // kind is the type of resource being referenced. 342 Kind string 343 344 // name is the name of resource being referenced. 345 Name string 346 347 // scope represents if this refers to a cluster or namespace scoped resource. 348 // This may be set to "Cluster" (default) or "Namespace". 349 // +optional 350 Scope *string 351 352 // namespace is the namespace of the resource being referenced. This field is 353 // required when scope is set to "Namespace" and must be unset when scope is set to 354 // "Cluster". 355 // +optional 356 Namespace *string 357 } 358 359 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object 360 361 // IngressClassList is a collection of IngressClasses. 362 type IngressClassList struct { 363 metav1.TypeMeta 364 365 // Standard object's metadata. 366 // +optional 367 metav1.ListMeta 368 369 // items is the list of IngressClasses. 370 Items []IngressClass 371 } 372 373 // IngressTLS describes the transport layer security associated with an ingress. 374 type IngressTLS struct { 375 // hosts is a list of hosts included in the TLS certificate. The values in 376 // this list must match the name/s used in the tlsSecret. Defaults to the 377 // wildcard host setting for the loadbalancer controller fulfilling this 378 // Ingress, if left unspecified. 379 // +listType=atomic 380 // +optional 381 Hosts []string 382 383 // secretName is the name of the secret used to terminate TLS traffic on 384 // port 443. Field is left optional to allow TLS routing based on SNI 385 // hostname alone. If the SNI host in a listener conflicts with the "Host" 386 // header field used by an IngressRule, the SNI host is used for termination 387 // and value of the "Host" header is used for routing. 388 // +optional 389 SecretName string 390 // TODO: Consider specifying different modes of termination, protocols etc. 391 } 392 393 // IngressStatus describes the current state of the Ingress. 394 type IngressStatus struct { 395 // loadBalancer contains the current status of the load-balancer. 396 // +optional 397 LoadBalancer IngressLoadBalancerStatus 398 } 399 400 // IngressLoadBalancerStatus represents the status of a load-balancer 401 type IngressLoadBalancerStatus struct { 402 // ingress is a list containing ingress points for the load-balancer. 403 // +optional 404 Ingress []IngressLoadBalancerIngress 405 } 406 407 // IngressLoadBalancerIngress represents the status of a load-balancer ingress point. 408 type IngressLoadBalancerIngress struct { 409 // ip is set for load-balancer ingress points that are IP based. 410 // +optional 411 IP string 412 413 // hostname is set for load-balancer ingress points that are DNS based. 414 // +optional 415 Hostname string 416 417 // ports provides information about the ports exposed by this LoadBalancer. 418 // +optional 419 Ports []IngressPortStatus 420 } 421 422 // IngressPortStatus represents the error condition of an ingress port 423 type IngressPortStatus struct { 424 // port is the port number of the ingress port. 425 Port int32 426 427 // protocol is the protocol of the ingress port. 428 Protocol api.Protocol 429 430 // error indicates a problem on this port. 431 // The format of the error must comply with the following rules: 432 // - Kubernetes-defined error values use CamelCase names 433 // - Provider-specific error values must follow label-name style (e.g. 434 // example.com/name). 435 Error *string 436 } 437 438 // IngressRule represents the rules mapping the paths under a specified host to 439 // the related backend services. Incoming requests are first evaluated for a 440 // host match, then routed to the backend associated with the matching 441 // IngressRuleValue. 442 type IngressRule struct { 443 // host is the fully qualified domain name of a network host, as defined by RFC 3986. 444 // Note the following deviations from the "host" part of the 445 // URI as defined in RFC 3986: 446 // 1. IPs are not allowed. Currently an IngressRuleValue can only apply to 447 // the IP in the Spec of the parent Ingress. 448 // 2. The `:` delimiter is not respected because ports are not allowed. 449 // Currently the port of an Ingress is implicitly :80 for http and 450 // :443 for https. 451 // Both these may change in the future. 452 // Incoming requests are matched against the host before the 453 // IngressRuleValue. If the host is unspecified, the Ingress routes all 454 // traffic based on the specified IngressRuleValue. 455 // 456 // host can be "precise" which is a domain name without the terminating dot of 457 // a network host (e.g. "foo.bar.com") or "wildcard", which is a domain name 458 // prefixed with a single wildcard label (e.g. "*.foo.com"). 459 // The wildcard character '*' must appear by itself as the first DNS label and 460 // matches only a single label. You cannot have a wildcard label by itself (e.g. Host == "*"). 461 // Requests will be matched against the host field in the following way: 462 // 1. If host is precise, the request matches this rule if the http host header is equal to Host. 463 // 2. If host is a wildcard, then the request matches this rule if the http host header 464 // is to equal to the suffix (removing the first label) of the wildcard rule. 465 // +optional 466 Host string 467 468 // IngressRuleValue represents a rule to route requests for this 469 // IngressRule. If unspecified, the rule defaults to a http catch-all. 470 // Whether that sends just traffic matching the host to the default backend 471 // or all traffic to the default backend, is left to the controller 472 // fulfilling the Ingress. Http is currently the only supported 473 // IngressRuleValue. 474 // +optional 475 IngressRuleValue 476 } 477 478 // IngressRuleValue represents a rule to apply against incoming requests. If the 479 // rule is satisfied, the request is routed to the specified backend. Currently 480 // mixing different types of rules in a single Ingress is disallowed, so exactly 481 // one of the following must be set. 482 type IngressRuleValue struct { 483 //TODO: 484 // 1. Consider renaming this resource and the associated rules so they 485 // aren't tied to Ingress. They can be used to route intra-cluster traffic. 486 // 2. Consider adding fields for ingress-type specific global options 487 // usable by a loadbalancer, like http keep-alive. 488 489 // +optional 490 HTTP *HTTPIngressRuleValue 491 } 492 493 // HTTPIngressRuleValue is a list of http selectors pointing to backends. 494 // In the example: http://<host>/<path>?<searchpart> -> backend where 495 // where parts of the url correspond to RFC 3986, this resource will be used 496 // to match against everything after the last '/' and before the first '?' 497 // or '#'. 498 type HTTPIngressRuleValue struct { 499 // paths is a collection of paths that map requests to backends. 500 // +listType=atomic 501 Paths []HTTPIngressPath 502 // TODO: Consider adding fields for ingress-type specific global 503 // options usable by a loadbalancer, like http keep-alive. 504 } 505 506 // PathType represents the type of path referred to by a HTTPIngressPath. 507 type PathType string 508 509 const ( 510 // PathTypeExact matches the URL path exactly and with case sensitivity. 511 PathTypeExact = PathType("Exact") 512 513 // PathTypePrefix matches based on a URL path prefix split by '/'. Matching 514 // is case sensitive and done on a path element by element basis. A path 515 // element refers to the list of labels in the path split by the '/' 516 // separator. A request is a match for path p if every p is an element-wise 517 // prefix of p of the request path. Note that if the last element of the 518 // path is a substring of the last element in request path, it is not a 519 // match (e.g. /foo/bar matches /foo/bar/baz, but does not match 520 // /foo/barbaz). If multiple matching paths exist in an Ingress spec, the 521 // longest matching path is given priority. 522 // Examples: 523 // - /foo/bar does not match requests to /foo/barbaz 524 // - /foo/bar matches request to /foo/bar and /foo/bar/baz 525 // - /foo and /foo/ both match requests to /foo and /foo/. If both paths are 526 // present in an Ingress spec, the longest matching path (/foo/) is given 527 // priority. 528 PathTypePrefix = PathType("Prefix") 529 530 // PathTypeImplementationSpecific matching is up to the IngressClass. 531 // Implementations can treat this as a separate PathType or treat it 532 // identically to Prefix or Exact path types. 533 PathTypeImplementationSpecific = PathType("ImplementationSpecific") 534 ) 535 536 // HTTPIngressPath associates a path with a backend. Incoming urls matching the 537 // path are forwarded to the backend. 538 type HTTPIngressPath struct { 539 // path is matched against the path of an incoming request. Currently it can 540 // contain characters disallowed from the conventional "path" part of a URL 541 // as defined by RFC 3986. Paths must begin with a '/' and must be present 542 // when using PathType with value "Exact" or "Prefix". 543 // +optional 544 Path string 545 546 // pathType determines the interpretation of the path matching. PathType can 547 // be one of Exact, Prefix, or ImplementationSpecific. Implementations are 548 // required to support all path types. 549 // +optional 550 PathType *PathType 551 552 // backend defines the referenced service endpoint to which the traffic 553 // will be forwarded to. 554 Backend IngressBackend 555 } 556 557 // IngressBackend describes all endpoints for a given service and port. 558 type IngressBackend struct { 559 // service references a service as a backend. 560 // This is a mutually exclusive setting with "Resource". 561 // +optional 562 Service *IngressServiceBackend 563 564 // resource is an ObjectRef to another Kubernetes resource in the namespace 565 // of the Ingress object. If resource is specified, a service.Name and 566 // service.Port must not be specified. 567 // This is a mutually exclusive setting with "Service". 568 // +optional 569 Resource *api.TypedLocalObjectReference 570 } 571 572 // IngressServiceBackend references a Kubernetes Service as a Backend. 573 type IngressServiceBackend struct { 574 // name is the referenced service. The service must exist in 575 // the same namespace as the Ingress object. 576 Name string 577 578 // port of the referenced service. A port name or port number 579 // is required for a IngressServiceBackend. 580 Port ServiceBackendPort 581 } 582 583 // ServiceBackendPort is the service port being referenced. 584 type ServiceBackendPort struct { 585 // name is the name of the port on the Service. 586 // This must be an IANA_SVC_NAME (following RFC6335). 587 // This is a mutually exclusive setting with "Number". 588 // +optional 589 Name string 590 591 // number is the numerical port number (e.g. 80) on the Service. 592 // This is a mutually exclusive setting with "Name". 593 // +optional 594 Number int32 595 } 596 597 // +genclient 598 // +genclient:nonNamespaced 599 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object 600 601 // IPAddress represents a single IP of a single IP Family. The object is designed to be used by APIs 602 // that operate on IP addresses. The object is used by the Service core API for allocation of IP addresses. 603 // An IP address can be represented in different formats, to guarantee the uniqueness of the IP, 604 // the name of the object is the IP address in canonical format, four decimal digits separated 605 // by dots suppressing leading zeros for IPv4 and the representation defined by RFC 5952 for IPv6. 606 // Valid: 192.168.1.5 or 2001:db8::1 or 2001:db8:aaaa:bbbb:cccc:dddd:eeee:1 607 // Invalid: 10.01.2.3 or 2001:db8:0:0:0::1 608 type IPAddress struct { 609 metav1.TypeMeta 610 // +optional 611 metav1.ObjectMeta 612 // +optional 613 Spec IPAddressSpec 614 } 615 616 // IPAddressSpec describe the attributes in an IP Address, 617 type IPAddressSpec struct { 618 // ParentRef references the resource that an IPAddress is attached to. 619 // An IPAddress must reference a parent object. 620 // +required 621 ParentRef *ParentReference 622 } 623 type ParentReference struct { 624 // Group is the group of the object being referenced. 625 Group string 626 // Resource is the resource of the object being referenced. 627 Resource string 628 // Namespace is the namespace of the object being referenced. 629 Namespace string 630 // Name is the name of the object being referenced. 631 Name string 632 } 633 634 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object 635 636 // IPAddressList contains a list of IPAddress. 637 type IPAddressList struct { 638 metav1.TypeMeta 639 // +optional 640 metav1.ListMeta 641 642 // Items is the list of IPAddress 643 Items []IPAddress 644 } 645 646 // +genclient 647 // +genclient:nonNamespaced 648 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object 649 650 // ServiceCIDR defines a range of IP addresses using CIDR format (e.g. 192.168.0.0/24 or 2001:db2::/64). 651 // This range is used to allocate ClusterIPs to Service objects. 652 type ServiceCIDR struct { 653 metav1.TypeMeta 654 // Standard object's metadata. 655 // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata 656 // +optional 657 metav1.ObjectMeta 658 // spec is the desired state of the ServiceCIDR. 659 // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status 660 // +optional 661 Spec ServiceCIDRSpec 662 // status represents the current state of the ServiceCIDR. 663 // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status 664 // +optional 665 Status ServiceCIDRStatus 666 } 667 668 type ServiceCIDRSpec struct { 669 // CIDRs defines the IP blocks in CIDR notation (e.g. "192.168.0.0/24" or "2001:db8::/64") 670 // from which to assign service cluster IPs. Max of two CIDRs is allowed, one of each IP family. 671 // This field is immutable. 672 // +optional 673 CIDRs []string 674 } 675 676 // ServiceCIDRStatus describes the current state of the ServiceCIDR. 677 type ServiceCIDRStatus struct { 678 // conditions holds an array of metav1.Condition that describe the state of the ServiceCIDR. 679 Conditions []metav1.Condition 680 } 681 682 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object 683 // +k8s:prerelease-lifecycle-gen:introduced=1.27 684 685 // ServiceCIDRList contains a list of ServiceCIDR objects. 686 type ServiceCIDRList struct { 687 metav1.TypeMeta 688 // Standard object's metadata. 689 // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata 690 // +optional 691 metav1.ListMeta 692 // items is the list of ServiceCIDRs. 693 Items []ServiceCIDR 694 } 695