Port internal extensions/Network* to networking.k8s.io API group

2017-08-08 16:41:25 +02:00 · 2017-08-08 16:41:25 +02:00 · b0b5de6eaf
parent 3537f8fa34
commit b0b5de6eaf
18 changed files with 9 additions and 1270 deletions
--- a/hack/.golint_failures
+++ b/hack/.golint_failures
@ -368,7 +368,6 @@ pkg/registry/extensions/deployment
 pkg/registry/extensions/deployment/storage
 pkg/registry/extensions/ingress
 pkg/registry/extensions/ingress/storage
-pkg/registry/extensions/networkpolicy/storage
 pkg/registry/extensions/replicaset
 pkg/registry/extensions/replicaset/storage
 pkg/registry/extensions/rest
--- a/hack/test-update-storage-objects.sh
+++ b/hack/test-update-storage-objects.sh
@ -112,8 +112,8 @@ tests=(
 examples/persistent-volume-provisioning/rbd/rbd-storage-class.yaml,storageclasses,,slow,v1beta1,v1
 )

-KUBE_OLD_API_VERSION="storage.k8s.io/v1beta1,extensions/v1beta1"
-KUBE_NEW_API_VERSION="storage.k8s.io/v1,extensions/v1beta1"
+KUBE_OLD_API_VERSION="networking.k8s.io/v1,storage.k8s.io/v1beta1,extensions/v1beta1"
+KUBE_NEW_API_VERSION="networking.k8s.io/v1,storage.k8s.io/v1,extensions/v1beta1"
 KUBE_OLD_STORAGE_VERSIONS="storage.k8s.io/v1beta1"
 KUBE_NEW_STORAGE_VERSIONS="storage.k8s.io/v1"

--- a/pkg/apis/extensions/register.go
+++ b/pkg/apis/extensions/register.go
@ -19,6 +19,7 @@ package extensions
 import (
 	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/apimachinery/pkg/runtime/schema"
+	"k8s.io/kubernetes/pkg/apis/networking"
 )

 // GroupName is the group name use in this package
@ -63,8 +64,8 @@ func addKnownTypes(scheme *runtime.Scheme) error {
 		&ReplicaSetList{},
 		&PodSecurityPolicy{},
 		&PodSecurityPolicyList{},
-		&NetworkPolicy{},
-		&NetworkPolicyList{},
+		&networking.NetworkPolicy{},
+		&networking.NetworkPolicyList{},
 	)
 	return nil
 }
--- a/pkg/apis/extensions/types.go
+++ b/pkg/apis/extensions/types.go
@ -1091,98 +1091,3 @@ type PodSecurityPolicyList struct {

 	Items []PodSecurityPolicy
 }
-
-// +genclient
-// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
-
-// NetworkPolicy describes what network traffic is allowed for a set of Pods
-type NetworkPolicy struct {
-	metav1.TypeMeta
-	// +optional
-	metav1.ObjectMeta
-
-	// Specification of the desired behavior for this NetworkPolicy.
-	// +optional
-	Spec NetworkPolicySpec
-}
-
-type NetworkPolicySpec struct {
-	// Selects the pods to which this NetworkPolicy object applies.  The array of ingress rules
-	// is applied to any pods selected by this field. Multiple network policies can select the
-	// same set of pods.  In this case, the ingress rules for each are combined additively.
-	// This field is NOT optional and follows standard label selector semantics.
-	// An empty podSelector matches all pods in this namespace.
-	PodSelector metav1.LabelSelector
-
-	// List of ingress rules to be applied to the selected pods.
-	// Traffic is allowed to a pod if there are no NetworkPolicies selecting the pod
-	// OR if the traffic source is the pod's local node,
-	// OR if the traffic matches at least one ingress rule across all of the NetworkPolicy
-	// objects whose podSelector matches the pod.
-	// If this field is empty then this NetworkPolicy does not allow any traffic
-	// (and serves solely to ensure that the pods it selects are isolated by default).
-	// +optional
-	Ingress []NetworkPolicyIngressRule
-}
-
-// This NetworkPolicyIngressRule matches traffic if and only if the traffic matches both ports AND from.
-type NetworkPolicyIngressRule struct {
-	// List of ports which should be made accessible on the pods selected for this rule.
-	// Each item in this list is combined using a logical OR.
-	// If this field is empty or missing, this rule matches all ports (traffic not restricted by port).
-	// If this field is present and contains at least one item, then this rule allows traffic
-	// only if the traffic matches at least one port in the list.
-	// +optional
-	Ports []NetworkPolicyPort
-
-	// List of sources which should be able to access the pods selected for this rule.
-	// Items in this list are combined using a logical OR operation.
-	// If this field is empty or missing, this rule matches all sources (traffic not restricted by source).
-	// If this field is present and contains at least on item, this rule allows traffic only if the
-	// traffic matches at least one item in the from list.
-	// +optional
-	From []NetworkPolicyPeer
-}
-
-type NetworkPolicyPort struct {
-	// Optional.  The protocol (TCP or UDP) which traffic must match.
-	// If not specified, this field defaults to TCP.
-	// +optional
-	Protocol *api.Protocol
-
-	// If specified, the port on the given protocol.  This can
-	// either be a numerical or named port on a pod.  If this field is not provided,
-	// this matches all port names and numbers.
-	// If present, only traffic on the specified protocol AND port
-	// will be matched.
-	// +optional
-	Port *intstr.IntOrString
-}
-
-type NetworkPolicyPeer struct {
-	// Exactly one of the following must be specified.
-
-	// This is a label selector which selects Pods in this namespace.
-	// This field follows standard label selector semantics.
-	// If present but empty, this selector selects all pods in this namespace.
-	// +optional
-	PodSelector *metav1.LabelSelector
-
-	// Selects Namespaces using cluster scoped-labels.  This
-	// matches all pods in all namespaces selected by this label selector.
-	// This field follows standard label selector semantics.
-	// If present but empty, this selector selects all namespaces.
-	// +optional
-	NamespaceSelector *metav1.LabelSelector
-}
-
-// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
-
-// NetworkPolicyList is a list of NetworkPolicy objects.
-type NetworkPolicyList struct {
-	metav1.TypeMeta
-	// +optional
-	metav1.ListMeta
-
-	Items []NetworkPolicy
-}
--- a/pkg/apis/extensions/validation/validation.go
+++ b/pkg/apis/extensions/validation/validation.go
@ -19,7 +19,6 @@ package validation
 import (
 	"fmt"
 	"net"
-	"reflect"
 	"regexp"
 	"strconv"
 	"strings"
@ -887,73 +886,3 @@ func ValidatePodSecurityPolicyUpdate(old *extensions.PodSecurityPolicy, new *ext
 	allErrs = append(allErrs, ValidatePodSecurityPolicySpec(&new.Spec, field.NewPath("spec"))...)
 	return allErrs
 }
-
-// ValidateNetworkPolicyName can be used to check whether the given networkpolicy
-// name is valid.
-func ValidateNetworkPolicyName(name string, prefix bool) []string {
-	return apivalidation.NameIsDNSSubdomain(name, prefix)
-}
-
-// ValidateNetworkPolicySpec tests if required fields in the networkpolicy spec are set.
-func ValidateNetworkPolicySpec(spec *extensions.NetworkPolicySpec, fldPath *field.Path) field.ErrorList {
-	allErrs := field.ErrorList{}
-	allErrs = append(allErrs, unversionedvalidation.ValidateLabelSelector(&spec.PodSelector, fldPath.Child("podSelector"))...)
-
-	// Validate ingress rules.
-	for i, ingress := range spec.Ingress {
-		ingressPath := fldPath.Child("ingress").Index(i)
-		for i, port := range ingress.Ports {
-			portPath := ingressPath.Child("ports").Index(i)
-			if port.Protocol != nil && *port.Protocol != api.ProtocolTCP && *port.Protocol != api.ProtocolUDP {
-				allErrs = append(allErrs, field.NotSupported(portPath.Child("protocol"), *port.Protocol, []string{string(api.ProtocolTCP), string(api.ProtocolUDP)}))
-			}
-			if port.Port != nil {
-				if port.Port.Type == intstr.Int {
-					for _, msg := range validation.IsValidPortNum(int(port.Port.IntVal)) {
-						allErrs = append(allErrs, field.Invalid(portPath.Child("port"), port.Port.IntVal, msg))
-					}
-				} else {
-					for _, msg := range validation.IsValidPortName(port.Port.StrVal) {
-						allErrs = append(allErrs, field.Invalid(portPath.Child("port"), port.Port.StrVal, msg))
-					}
-				}
-			}
-		}
-		for i, from := range ingress.From {
-			fromPath := ingressPath.Child("from").Index(i)
-			numFroms := 0
-			if from.PodSelector != nil {
-				numFroms++
-				allErrs = append(allErrs, unversionedvalidation.ValidateLabelSelector(from.PodSelector, fromPath.Child("podSelector"))...)
-			}
-			if from.NamespaceSelector != nil {
-				numFroms++
-				allErrs = append(allErrs, unversionedvalidation.ValidateLabelSelector(from.NamespaceSelector, fromPath.Child("namespaceSelector"))...)
-			}
-
-			if numFroms == 0 {
-				allErrs = append(allErrs, field.Required(fromPath, "must specify a from type"))
-			} else if numFroms > 1 {
-				allErrs = append(allErrs, field.Forbidden(fromPath, "may not specify more than 1 from type"))
-			}
-		}
-	}
-	return allErrs
-}
-
-// ValidateNetworkPolicy validates a networkpolicy.
-func ValidateNetworkPolicy(np *extensions.NetworkPolicy) field.ErrorList {
-	allErrs := apivalidation.ValidateObjectMeta(&np.ObjectMeta, true, ValidateNetworkPolicyName, field.NewPath("metadata"))
-	allErrs = append(allErrs, ValidateNetworkPolicySpec(&np.Spec, field.NewPath("spec"))...)
-	return allErrs
-}
-
-// ValidateNetworkPolicyUpdate tests if an update to a NetworkPolicy is valid.
-func ValidateNetworkPolicyUpdate(update, old *extensions.NetworkPolicy) field.ErrorList {
-	allErrs := field.ErrorList{}
-	allErrs = append(allErrs, apivalidation.ValidateObjectMetaUpdate(&update.ObjectMeta, &old.ObjectMeta, field.NewPath("metadata"))...)
-	if !reflect.DeepEqual(update.Spec, old.Spec) {
-		allErrs = append(allErrs, field.Forbidden(field.NewPath("spec"), "updates to networkpolicy spec are forbidden."))
-	}
-	return allErrs
-}
--- a/pkg/apis/extensions/validation/validation_test.go
+++ b/pkg/apis/extensions/validation/validation_test.go
@ -2768,326 +2768,6 @@ func TestValidatePSPVolumes(t *testing.T) {
 	}
 }

-func TestValidateNetworkPolicy(t *testing.T) {
-	protocolTCP := api.ProtocolTCP
-	protocolUDP := api.ProtocolUDP
-	protocolICMP := api.Protocol("ICMP")
-
-	successCases := []extensions.NetworkPolicy{
-		{
-			ObjectMeta: metav1.ObjectMeta{Name: "foo", Namespace: "bar"},
-			Spec: extensions.NetworkPolicySpec{
-				PodSelector: metav1.LabelSelector{
-					MatchLabels: map[string]string{"a": "b"},
-				},
-				Ingress: []extensions.NetworkPolicyIngressRule{},
-			},
-		},
-		{
-			ObjectMeta: metav1.ObjectMeta{Name: "foo", Namespace: "bar"},
-			Spec: extensions.NetworkPolicySpec{
-				PodSelector: metav1.LabelSelector{
-					MatchLabels: map[string]string{"a": "b"},
-				},
-				Ingress: []extensions.NetworkPolicyIngressRule{
-					{
-						From:  []extensions.NetworkPolicyPeer{},
-						Ports: []extensions.NetworkPolicyPort{},
-					},
-				},
-			},
-		},
-		{
-			ObjectMeta: metav1.ObjectMeta{Name: "foo", Namespace: "bar"},
-			Spec: extensions.NetworkPolicySpec{
-				PodSelector: metav1.LabelSelector{
-					MatchLabels: map[string]string{"a": "b"},
-				},
-				Ingress: []extensions.NetworkPolicyIngressRule{
-					{
-						Ports: []extensions.NetworkPolicyPort{
-							{
-								Protocol: nil,
-								Port:     &intstr.IntOrString{Type: intstr.Int, IntVal: 80},
-							},
-							{
-								Protocol: &protocolTCP,
-								Port:     nil,
-							},
-							{
-								Protocol: &protocolTCP,
-								Port:     &intstr.IntOrString{Type: intstr.Int, IntVal: 443},
-							},
-							{
-								Protocol: &protocolUDP,
-								Port:     &intstr.IntOrString{Type: intstr.String, StrVal: "dns"},
-							},
-						},
-					},
-				},
-			},
-		},
-		{
-			ObjectMeta: metav1.ObjectMeta{Name: "foo", Namespace: "bar"},
-			Spec: extensions.NetworkPolicySpec{
-				PodSelector: metav1.LabelSelector{
-					MatchLabels: map[string]string{"a": "b"},
-				},
-				Ingress: []extensions.NetworkPolicyIngressRule{
-					{
-						From: []extensions.NetworkPolicyPeer{
-							{
-								PodSelector: &metav1.LabelSelector{
-									MatchLabels: map[string]string{"c": "d"},
-								},
-							},
-						},
-					},
-				},
-			},
-		},
-		{
-			ObjectMeta: metav1.ObjectMeta{Name: "foo", Namespace: "bar"},
-			Spec: extensions.NetworkPolicySpec{
-				PodSelector: metav1.LabelSelector{
-					MatchLabels: map[string]string{"a": "b"},
-				},
-				Ingress: []extensions.NetworkPolicyIngressRule{
-					{
-						From: []extensions.NetworkPolicyPeer{
-							{
-								NamespaceSelector: &metav1.LabelSelector{
-									MatchLabels: map[string]string{"c": "d"},
-								},
-							},
-						},
-					},
-				},
-			},
-		},
-	}
-
-	// Success cases are expected to pass validation.
-	for k, v := range successCases {
-		if errs := ValidateNetworkPolicy(&v); len(errs) != 0 {
-			t.Errorf("Expected success for %d, got %v", k, errs)
-		}
-	}
-
-	invalidSelector := map[string]string{"NoUppercaseOrSpecialCharsLike=Equals": "b"}
-	errorCases := map[string]extensions.NetworkPolicy{
-		"namespaceSelector and podSelector": {
-			ObjectMeta: metav1.ObjectMeta{Name: "foo", Namespace: "bar"},
-			Spec: extensions.NetworkPolicySpec{
-				PodSelector: metav1.LabelSelector{
-					MatchLabels: map[string]string{"a": "b"},
-				},
-				Ingress: []extensions.NetworkPolicyIngressRule{
-					{
-						From: []extensions.NetworkPolicyPeer{
-							{
-								PodSelector: &metav1.LabelSelector{
-									MatchLabels: map[string]string{"c": "d"},
-								},
-								NamespaceSelector: &metav1.LabelSelector{
-									MatchLabels: map[string]string{"c": "d"},
-								},
-							},
-						},
-					},
-				},
-			},
-		},
-		"invalid spec.podSelector": {
-			ObjectMeta: metav1.ObjectMeta{Name: "foo", Namespace: "bar"},
-			Spec: extensions.NetworkPolicySpec{
-				PodSelector: metav1.LabelSelector{
-					MatchLabels: invalidSelector,
-				},
-				Ingress: []extensions.NetworkPolicyIngressRule{
-					{
-						From: []extensions.NetworkPolicyPeer{
-							{
-								NamespaceSelector: &metav1.LabelSelector{
-									MatchLabels: map[string]string{"c": "d"},
-								},
-							},
-						},
-					},
-				},
-			},
-		},
-		"invalid ingress.ports.protocol": {
-			ObjectMeta: metav1.ObjectMeta{Name: "foo", Namespace: "bar"},
-			Spec: extensions.NetworkPolicySpec{
-				PodSelector: metav1.LabelSelector{},
-				Ingress: []extensions.NetworkPolicyIngressRule{
-					{
-						Ports: []extensions.NetworkPolicyPort{
-							{
-								Protocol: &protocolICMP,
-								Port:     &intstr.IntOrString{Type: intstr.Int, IntVal: 80},
-							},
-						},
-					},
-				},
-			},
-		},
-		"invalid ingress.ports.port (int)": {
-			ObjectMeta: metav1.ObjectMeta{Name: "foo", Namespace: "bar"},
-			Spec: extensions.NetworkPolicySpec{
-				PodSelector: metav1.LabelSelector{},
-				Ingress: []extensions.NetworkPolicyIngressRule{
-					{
-						Ports: []extensions.NetworkPolicyPort{
-							{
-								Protocol: &protocolTCP,
-								Port:     &intstr.IntOrString{Type: intstr.Int, IntVal: 123456789},
-							},
-						},
-					},
-				},
-			},
-		},
-		"invalid ingress.ports.port (str)": {
-			ObjectMeta: metav1.ObjectMeta{Name: "foo", Namespace: "bar"},
-			Spec: extensions.NetworkPolicySpec{
-				PodSelector: metav1.LabelSelector{},
-				Ingress: []extensions.NetworkPolicyIngressRule{
-					{
-						Ports: []extensions.NetworkPolicyPort{
-							{
-								Protocol: &protocolTCP,
-								Port:     &intstr.IntOrString{Type: intstr.String, StrVal: "!@#$"},
-							},
-						},
-					},
-				},
-			},
-		},
-		"invalid ingress.from.podSelector": {
-			ObjectMeta: metav1.ObjectMeta{Name: "foo", Namespace: "bar"},
-			Spec: extensions.NetworkPolicySpec{
-				PodSelector: metav1.LabelSelector{},
-				Ingress: []extensions.NetworkPolicyIngressRule{
-					{
-						From: []extensions.NetworkPolicyPeer{
-							{
-								PodSelector: &metav1.LabelSelector{
-									MatchLabels: invalidSelector,
-								},
-							},
-						},
-					},
-				},
-			},
-		},
-		"invalid ingress.from.namespaceSelector": {
-			ObjectMeta: metav1.ObjectMeta{Name: "foo", Namespace: "bar"},
-			Spec: extensions.NetworkPolicySpec{
-				PodSelector: metav1.LabelSelector{},
-				Ingress: []extensions.NetworkPolicyIngressRule{
-					{
-						From: []extensions.NetworkPolicyPeer{
-							{
-								NamespaceSelector: &metav1.LabelSelector{
-									MatchLabels: invalidSelector,
-								},
-							},
-						},
-					},
-				},
-			},
-		},
-	}
-
-	// Error cases are not expected to pass validation.
-	for testName, networkPolicy := range errorCases {
-		if errs := ValidateNetworkPolicy(&networkPolicy); len(errs) == 0 {
-			t.Errorf("Expected failure for test: %s", testName)
-		}
-	}
-}
-
-func TestValidateNetworkPolicyUpdate(t *testing.T) {
-	type npUpdateTest struct {
-		old    extensions.NetworkPolicy
-		update extensions.NetworkPolicy
-	}
-	successCases := []npUpdateTest{
-		{
-			old: extensions.NetworkPolicy{
-				ObjectMeta: metav1.ObjectMeta{Name: "foo", Namespace: "bar"},
-				Spec: extensions.NetworkPolicySpec{
-					PodSelector: metav1.LabelSelector{
-						MatchLabels: map[string]string{"a": "b"},
-					},
-					Ingress: []extensions.NetworkPolicyIngressRule{},
-				},
-			},
-			update: extensions.NetworkPolicy{
-				ObjectMeta: metav1.ObjectMeta{Name: "foo", Namespace: "bar"},
-				Spec: extensions.NetworkPolicySpec{
-					PodSelector: metav1.LabelSelector{
-						MatchLabels: map[string]string{"a": "b"},
-					},
-					Ingress: []extensions.NetworkPolicyIngressRule{},
-				},
-			},
-		},
-	}
-
-	for _, successCase := range successCases {
-		successCase.old.ObjectMeta.ResourceVersion = "1"
-		successCase.update.ObjectMeta.ResourceVersion = "1"
-		if errs := ValidateNetworkPolicyUpdate(&successCase.update, &successCase.old); len(errs) != 0 {
-			t.Errorf("expected success: %v", errs)
-		}
-	}
-	errorCases := map[string]npUpdateTest{
-		"change name": {
-			old: extensions.NetworkPolicy{
-				ObjectMeta: metav1.ObjectMeta{Name: "foo", Namespace: "bar"},
-				Spec: extensions.NetworkPolicySpec{
-					PodSelector: metav1.LabelSelector{},
-					Ingress:     []extensions.NetworkPolicyIngressRule{},
-				},
-			},
-			update: extensions.NetworkPolicy{
-				ObjectMeta: metav1.ObjectMeta{Name: "baz", Namespace: "bar"},
-				Spec: extensions.NetworkPolicySpec{
-					PodSelector: metav1.LabelSelector{},
-					Ingress:     []extensions.NetworkPolicyIngressRule{},
-				},
-			},
-		},
-		"change spec": {
-			old: extensions.NetworkPolicy{
-				ObjectMeta: metav1.ObjectMeta{Name: "foo", Namespace: "bar"},
-				Spec: extensions.NetworkPolicySpec{
-					PodSelector: metav1.LabelSelector{},
-					Ingress:     []extensions.NetworkPolicyIngressRule{},
-				},
-			},
-			update: extensions.NetworkPolicy{
-				ObjectMeta: metav1.ObjectMeta{Name: "foo", Namespace: "bar"},
-				Spec: extensions.NetworkPolicySpec{
-					PodSelector: metav1.LabelSelector{
-						MatchLabels: map[string]string{"a": "b"},
-					},
-					Ingress: []extensions.NetworkPolicyIngressRule{},
-				},
-			},
-		},
-	}
-
-	for testName, errorCase := range errorCases {
-		if errs := ValidateNetworkPolicyUpdate(&errorCase.update, &errorCase.old); len(errs) == 0 {
-			t.Errorf("expected failure: %s", testName)
-		}
-	}
-}
-
 func TestIsValidSysctlPattern(t *testing.T) {
 	valid := []string{
 		"a.b.c.d",
--- a/pkg/apis/networking/v1/conversion.go
+++ b/pkg/apis/networking/v1/conversion.go
@ -1,196 +0,0 @@
-/*
-Copyright 2017 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package v1
-
-import (
-	"k8s.io/api/core/v1"
-	networkingv1 "k8s.io/api/networking/v1"
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	"k8s.io/apimachinery/pkg/conversion"
-	"k8s.io/apimachinery/pkg/runtime"
-	"k8s.io/kubernetes/pkg/api"
-	"k8s.io/kubernetes/pkg/apis/extensions"
-)
-
-func addConversionFuncs(scheme *runtime.Scheme) error {
-	return scheme.AddConversionFuncs(
-		Convert_v1_NetworkPolicy_To_extensions_NetworkPolicy,
-		Convert_extensions_NetworkPolicy_To_v1_NetworkPolicy,
-		Convert_v1_NetworkPolicyIngressRule_To_extensions_NetworkPolicyIngressRule,
-		Convert_extensions_NetworkPolicyIngressRule_To_v1_NetworkPolicyIngressRule,
-		Convert_v1_NetworkPolicyList_To_extensions_NetworkPolicyList,
-		Convert_extensions_NetworkPolicyList_To_v1_NetworkPolicyList,
-		Convert_v1_NetworkPolicyPeer_To_extensions_NetworkPolicyPeer,
-		Convert_extensions_NetworkPolicyPeer_To_v1_NetworkPolicyPeer,
-		Convert_v1_NetworkPolicyPort_To_extensions_NetworkPolicyPort,
-		Convert_extensions_NetworkPolicyPort_To_v1_NetworkPolicyPort,
-		Convert_v1_NetworkPolicySpec_To_extensions_NetworkPolicySpec,
-		Convert_extensions_NetworkPolicySpec_To_v1_NetworkPolicySpec,
-	)
-}
-
-func Convert_v1_NetworkPolicy_To_extensions_NetworkPolicy(in *networkingv1.NetworkPolicy, out *extensions.NetworkPolicy, s conversion.Scope) error {
-	out.ObjectMeta = in.ObjectMeta
-	return Convert_v1_NetworkPolicySpec_To_extensions_NetworkPolicySpec(&in.Spec, &out.Spec, s)
-}
-
-func Convert_extensions_NetworkPolicy_To_v1_NetworkPolicy(in *extensions.NetworkPolicy, out *networkingv1.NetworkPolicy, s conversion.Scope) error {
-	out.ObjectMeta = in.ObjectMeta
-	return Convert_extensions_NetworkPolicySpec_To_v1_NetworkPolicySpec(&in.Spec, &out.Spec, s)
-}
-
-func Convert_v1_NetworkPolicySpec_To_extensions_NetworkPolicySpec(in *networkingv1.NetworkPolicySpec, out *extensions.NetworkPolicySpec, s conversion.Scope) error {
-	if err := s.Convert(&in.PodSelector, &out.PodSelector, 0); err != nil {
-		return err
-	}
-	out.Ingress = make([]extensions.NetworkPolicyIngressRule, len(in.Ingress))
-	for i := range in.Ingress {
-		if err := Convert_v1_NetworkPolicyIngressRule_To_extensions_NetworkPolicyIngressRule(&in.Ingress[i], &out.Ingress[i], s); err != nil {
-			return err
-		}
-	}
-	return nil
-}
-
-func Convert_extensions_NetworkPolicySpec_To_v1_NetworkPolicySpec(in *extensions.NetworkPolicySpec, out *networkingv1.NetworkPolicySpec, s conversion.Scope) error {
-	if err := s.Convert(&in.PodSelector, &out.PodSelector, 0); err != nil {
-		return err
-	}
-	out.Ingress = make([]networkingv1.NetworkPolicyIngressRule, len(in.Ingress))
-	for i := range in.Ingress {
-		if err := Convert_extensions_NetworkPolicyIngressRule_To_v1_NetworkPolicyIngressRule(&in.Ingress[i], &out.Ingress[i], s); err != nil {
-			return err
-		}
-	}
-	return nil
-}
-
-func Convert_v1_NetworkPolicyIngressRule_To_extensions_NetworkPolicyIngressRule(in *networkingv1.NetworkPolicyIngressRule, out *extensions.NetworkPolicyIngressRule, s conversion.Scope) error {
-	out.Ports = make([]extensions.NetworkPolicyPort, len(in.Ports))
-	for i := range in.Ports {
-		if err := Convert_v1_NetworkPolicyPort_To_extensions_NetworkPolicyPort(&in.Ports[i], &out.Ports[i], s); err != nil {
-			return err
-		}
-	}
-	out.From = make([]extensions.NetworkPolicyPeer, len(in.From))
-	for i := range in.From {
-		if err := Convert_v1_NetworkPolicyPeer_To_extensions_NetworkPolicyPeer(&in.From[i], &out.From[i], s); err != nil {
-			return err
-		}
-	}
-	return nil
-}
-
-func Convert_extensions_NetworkPolicyIngressRule_To_v1_NetworkPolicyIngressRule(in *extensions.NetworkPolicyIngressRule, out *networkingv1.NetworkPolicyIngressRule, s conversion.Scope) error {
-	out.Ports = make([]networkingv1.NetworkPolicyPort, len(in.Ports))
-	for i := range in.Ports {
-		if err := Convert_extensions_NetworkPolicyPort_To_v1_NetworkPolicyPort(&in.Ports[i], &out.Ports[i], s); err != nil {
-			return err
-		}
-	}
-	out.From = make([]networkingv1.NetworkPolicyPeer, len(in.From))
-	for i := range in.From {
-		if err := Convert_extensions_NetworkPolicyPeer_To_v1_NetworkPolicyPeer(&in.From[i], &out.From[i], s); err != nil {
-			return err
-		}
-	}
-	return nil
-}
-
-func Convert_v1_NetworkPolicyPeer_To_extensions_NetworkPolicyPeer(in *networkingv1.NetworkPolicyPeer, out *extensions.NetworkPolicyPeer, s conversion.Scope) error {
-	if in.PodSelector != nil {
-		out.PodSelector = new(metav1.LabelSelector)
-		if err := s.Convert(in.PodSelector, out.PodSelector, 0); err != nil {
-			return err
-		}
-	} else {
-		out.PodSelector = nil
-	}
-	if in.NamespaceSelector != nil {
-		out.NamespaceSelector = new(metav1.LabelSelector)
-		if err := s.Convert(in.NamespaceSelector, out.NamespaceSelector, 0); err != nil {
-			return err
-		}
-	} else {
-		out.NamespaceSelector = nil
-	}
-	return nil
-}
-
-func Convert_extensions_NetworkPolicyPeer_To_v1_NetworkPolicyPeer(in *extensions.NetworkPolicyPeer, out *networkingv1.NetworkPolicyPeer, s conversion.Scope) error {
-	if in.PodSelector != nil {
-		out.PodSelector = new(metav1.LabelSelector)
-		if err := s.Convert(in.PodSelector, out.PodSelector, 0); err != nil {
-			return err
-		}
-	} else {
-		out.PodSelector = nil
-	}
-	if in.NamespaceSelector != nil {
-		out.NamespaceSelector = new(metav1.LabelSelector)
-		if err := s.Convert(in.NamespaceSelector, out.NamespaceSelector, 0); err != nil {
-			return err
-		}
-	} else {
-		out.NamespaceSelector = nil
-	}
-	return nil
-}
-
-func Convert_v1_NetworkPolicyPort_To_extensions_NetworkPolicyPort(in *networkingv1.NetworkPolicyPort, out *extensions.NetworkPolicyPort, s conversion.Scope) error {
-	if in.Protocol != nil {
-		out.Protocol = new(api.Protocol)
-		*out.Protocol = api.Protocol(*in.Protocol)
-	} else {
-		out.Protocol = nil
-	}
-	out.Port = in.Port
-	return nil
-}
-
-func Convert_extensions_NetworkPolicyPort_To_v1_NetworkPolicyPort(in *extensions.NetworkPolicyPort, out *networkingv1.NetworkPolicyPort, s conversion.Scope) error {
-	if in.Protocol != nil {
-		out.Protocol = new(v1.Protocol)
-		*out.Protocol = v1.Protocol(*in.Protocol)
-	} else {
-		out.Protocol = nil
-	}
-	out.Port = in.Port
-	return nil
-}
-
-func Convert_v1_NetworkPolicyList_To_extensions_NetworkPolicyList(in *networkingv1.NetworkPolicyList, out *extensions.NetworkPolicyList, s conversion.Scope) error {
-	out.ListMeta = in.ListMeta
-	out.Items = make([]extensions.NetworkPolicy, len(in.Items))
-	for i := range in.Items {
-		if err := Convert_v1_NetworkPolicy_To_extensions_NetworkPolicy(&in.Items[i], &out.Items[i], s); err != nil {
-			return err
-		}
-	}
-	return nil
-}
-
-func Convert_extensions_NetworkPolicyList_To_v1_NetworkPolicyList(in *extensions.NetworkPolicyList, out *networkingv1.NetworkPolicyList, s conversion.Scope) error {
-	out.ListMeta = in.ListMeta
-	out.Items = make([]networkingv1.NetworkPolicy, len(in.Items))
-	for i := range in.Items {
-		if err := Convert_extensions_NetworkPolicy_To_v1_NetworkPolicy(&in.Items[i], &out.Items[i], s); err != nil {
-			return err
-		}
-	}
-	return nil
-}
--- a/pkg/apis/networking/v1/doc.go
+++ b/pkg/apis/networking/v1/doc.go
@ -16,6 +16,7 @@ limitations under the License.

 // +k8s:conversion-gen=k8s.io/kubernetes/pkg/apis/networking
 // +k8s:conversion-gen-external-types=../../../../vendor/k8s.io/api/networking/v1
+// +k8s:conversion-gen=k8s.io/kubernetes/pkg/apis/extensions
 // +k8s:defaulter-gen=TypeMeta
 // +k8s:defaulter-gen-input=../../../../vendor/k8s.io/api/networking/v1
 // +groupName=networking.k8s.io
--- a/pkg/apis/networking/v1/register.go
+++ b/pkg/apis/networking/v1/register.go
@ -41,5 +41,5 @@ func init() {
 	// We only register manually written functions here. The registration of the
 	// generated functions takes place in the generated files. The separation
 	// makes the code compile even when the generated files are missing.
-	localSchemeBuilder.Register(addDefaultingFuncs, addConversionFuncs)
+	localSchemeBuilder.Register(addDefaultingFuncs)
 }
--- a/pkg/client/clientset_generated/internalclientset/typed/extensions/internalversion/fake/fake_networkpolicy.go
+++ b/pkg/client/clientset_generated/internalclientset/typed/extensions/internalversion/fake/fake_networkpolicy.go
@ -1,126 +0,0 @@
-/*
-Copyright 2017 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package fake
-
-import (
-	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	labels "k8s.io/apimachinery/pkg/labels"
-	schema "k8s.io/apimachinery/pkg/runtime/schema"
-	types "k8s.io/apimachinery/pkg/types"
-	watch "k8s.io/apimachinery/pkg/watch"
-	testing "k8s.io/client-go/testing"
-	extensions "k8s.io/kubernetes/pkg/apis/extensions"
-)
-
-// FakeNetworkPolicies implements NetworkPolicyInterface
-type FakeNetworkPolicies struct {
-	Fake *FakeExtensions
-	ns   string
-}
-
-var networkpoliciesResource = schema.GroupVersionResource{Group: "extensions", Version: "", Resource: "networkpolicies"}
-
-var networkpoliciesKind = schema.GroupVersionKind{Group: "extensions", Version: "", Kind: "NetworkPolicy"}
-
-// Get takes name of the networkPolicy, and returns the corresponding networkPolicy object, and an error if there is any.
-func (c *FakeNetworkPolicies) Get(name string, options v1.GetOptions) (result *extensions.NetworkPolicy, err error) {
-	obj, err := c.Fake.
-		Invokes(testing.NewGetAction(networkpoliciesResource, c.ns, name), &extensions.NetworkPolicy{})
-
-	if obj == nil {
-		return nil, err
-	}
-	return obj.(*extensions.NetworkPolicy), err
-}
-
-// List takes label and field selectors, and returns the list of NetworkPolicies that match those selectors.
-func (c *FakeNetworkPolicies) List(opts v1.ListOptions) (result *extensions.NetworkPolicyList, err error) {
-	obj, err := c.Fake.
-		Invokes(testing.NewListAction(networkpoliciesResource, networkpoliciesKind, c.ns, opts), &extensions.NetworkPolicyList{})
-
-	if obj == nil {
-		return nil, err
-	}
-
-	label, _, _ := testing.ExtractFromListOptions(opts)
-	if label == nil {
-		label = labels.Everything()
-	}
-	list := &extensions.NetworkPolicyList{}
-	for _, item := range obj.(*extensions.NetworkPolicyList).Items {
-		if label.Matches(labels.Set(item.Labels)) {
-			list.Items = append(list.Items, item)
-		}
-	}
-	return list, err
-}
-
-// Watch returns a watch.Interface that watches the requested networkPolicies.
-func (c *FakeNetworkPolicies) Watch(opts v1.ListOptions) (watch.Interface, error) {
-	return c.Fake.
-		InvokesWatch(testing.NewWatchAction(networkpoliciesResource, c.ns, opts))
-
-}
-
-// Create takes the representation of a networkPolicy and creates it.  Returns the server's representation of the networkPolicy, and an error, if there is any.
-func (c *FakeNetworkPolicies) Create(networkPolicy *extensions.NetworkPolicy) (result *extensions.NetworkPolicy, err error) {
-	obj, err := c.Fake.
-		Invokes(testing.NewCreateAction(networkpoliciesResource, c.ns, networkPolicy), &extensions.NetworkPolicy{})
-
-	if obj == nil {
-		return nil, err
-	}
-	return obj.(*extensions.NetworkPolicy), err
-}
-
-// Update takes the representation of a networkPolicy and updates it. Returns the server's representation of the networkPolicy, and an error, if there is any.
-func (c *FakeNetworkPolicies) Update(networkPolicy *extensions.NetworkPolicy) (result *extensions.NetworkPolicy, err error) {
-	obj, err := c.Fake.
-		Invokes(testing.NewUpdateAction(networkpoliciesResource, c.ns, networkPolicy), &extensions.NetworkPolicy{})
-
-	if obj == nil {
-		return nil, err
-	}
-	return obj.(*extensions.NetworkPolicy), err
-}
-
-// Delete takes name of the networkPolicy and deletes it. Returns an error if one occurs.
-func (c *FakeNetworkPolicies) Delete(name string, options *v1.DeleteOptions) error {
-	_, err := c.Fake.
-		Invokes(testing.NewDeleteAction(networkpoliciesResource, c.ns, name), &extensions.NetworkPolicy{})
-
-	return err
-}
-
-// DeleteCollection deletes a collection of objects.
-func (c *FakeNetworkPolicies) DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error {
-	action := testing.NewDeleteCollectionAction(networkpoliciesResource, c.ns, listOptions)
-
-	_, err := c.Fake.Invokes(action, &extensions.NetworkPolicyList{})
-	return err
-}
-
-// Patch applies the patch and returns the patched networkPolicy.
-func (c *FakeNetworkPolicies) Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *extensions.NetworkPolicy, err error) {
-	obj, err := c.Fake.
-		Invokes(testing.NewPatchSubresourceAction(networkpoliciesResource, c.ns, name, data, subresources...), &extensions.NetworkPolicy{})
-
-	if obj == nil {
-		return nil, err
-	}
-	return obj.(*extensions.NetworkPolicy), err
-}
--- a/pkg/printers/internalversion/describe.go
+++ b/pkg/printers/internalversion/describe.go
@ -134,7 +134,7 @@ func describerMap(c clientset.Interface) map[schema.GroupKind]printers.Describer
 		api.Kind("PriorityClass"):         &PriorityClassDescriber{c},

 		extensions.Kind("ReplicaSet"):                  &ReplicaSetDescriber{c},
-		extensions.Kind("NetworkPolicy"):               &ExtensionsNetworkPolicyDescriber{c},
+		extensions.Kind("NetworkPolicy"):               &NetworkPolicyDescriber{c},
 		extensions.Kind("PodSecurityPolicy"):           &PodSecurityPolicyDescriber{c},
 		autoscaling.Kind("HorizontalPodAutoscaler"):    &HorizontalPodAutoscalerDescriber{c},
 		extensions.Kind("DaemonSet"):                   &DaemonSetDescriber{c},
@ -3019,34 +3019,6 @@ func describeCluster(cluster *federation.Cluster) (string, error) {
 	})
 }

-// ExtensionsNetworkPolicyDescriber generates information about an extensions.NetworkPolicy
-type ExtensionsNetworkPolicyDescriber struct {
-	clientset.Interface
-}
-
-func (d *ExtensionsNetworkPolicyDescriber) Describe(namespace, name string, describerSettings printers.DescriberSettings) (string, error) {
-	c := d.Extensions().NetworkPolicies(namespace)
-
-	networkPolicy, err := c.Get(name, metav1.GetOptions{})
-	if err != nil {
-		return "", err
-	}
-
-	return describeExtensionsNetworkPolicy(networkPolicy)
-}
-
-func describeExtensionsNetworkPolicy(networkPolicy *extensions.NetworkPolicy) (string, error) {
-	return tabbedString(func(out io.Writer) error {
-		w := NewPrefixWriter(out)
-		w.Write(LEVEL_0, "Name:\t%s\n", networkPolicy.Name)
-		w.Write(LEVEL_0, "Namespace:\t%s\n", networkPolicy.Namespace)
-		printLabelsMultiline(w, "Labels", networkPolicy.Labels)
-		printAnnotationsMultiline(w, "Annotations", networkPolicy.Annotations)
-
-		return nil
-	})
-}
-
 // NetworkPolicyDescriber generates information about a networking.NetworkPolicy
 type NetworkPolicyDescriber struct {
 	clientset.Interface
--- a/pkg/printers/internalversion/printers.go
+++ b/pkg/printers/internalversion/printers.go
@ -364,8 +364,6 @@ func AddHandlers(h printers.PrintHandler) {
 		{Name: "Pod-Selector", Type: "string", Description: extensionsv1beta1.NetworkPolicySpec{}.SwaggerDoc()["podSelector"]},
 		{Name: "Age", Type: "string", Description: metav1.ObjectMeta{}.SwaggerDoc()["creationTimestamp"]},
 	}
-	h.TableHandler(networkPolicyColumnDefinitioins, printExtensionsNetworkPolicy)
-	h.TableHandler(networkPolicyColumnDefinitioins, printExtensionsNetworkPolicyList)
 	h.TableHandler(networkPolicyColumnDefinitioins, printNetworkPolicy)
 	h.TableHandler(networkPolicyColumnDefinitioins, printNetworkPolicyList)

@ -1661,26 +1659,6 @@ func printPodSecurityPolicyList(list *extensions.PodSecurityPolicyList, options
 	return rows, nil
 }

-func printExtensionsNetworkPolicy(obj *extensions.NetworkPolicy, options printers.PrintOptions) ([]metav1alpha1.TableRow, error) {
-	row := metav1alpha1.TableRow{
-		Object: runtime.RawExtension{Object: obj},
-	}
-	row.Cells = append(row.Cells, obj.Name, metav1.FormatLabelSelector(&obj.Spec.PodSelector), translateTimestamp(obj.CreationTimestamp))
-	return []metav1alpha1.TableRow{row}, nil
-}
-
-func printExtensionsNetworkPolicyList(list *extensions.NetworkPolicyList, options printers.PrintOptions) ([]metav1alpha1.TableRow, error) {
-	rows := make([]metav1alpha1.TableRow, 0, len(list.Items))
-	for i := range list.Items {
-		r, err := printExtensionsNetworkPolicy(&list.Items[i], options)
-		if err != nil {
-			return nil, err
-		}
-		rows = append(rows, r...)
-	}
-	return rows, nil
-}
-
 func printNetworkPolicy(obj *networking.NetworkPolicy, options printers.PrintOptions) ([]metav1alpha1.TableRow, error) {
 	row := metav1alpha1.TableRow{
 		Object: runtime.RawExtension{Object: obj},
--- a/pkg/registry/extensions/networkpolicy/doc.go
+++ b/pkg/registry/extensions/networkpolicy/doc.go
@ -1,17 +0,0 @@
-/*
-Copyright 2015 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package networkpolicy // import "k8s.io/kubernetes/pkg/registry/extensions/networkpolicy"
--- a/pkg/registry/extensions/networkpolicy/storage/storage.go
+++ b/pkg/registry/extensions/networkpolicy/storage/storage.go
@ -1,52 +0,0 @@
-/*
-Copyright 2015 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package storage
-
-import (
-	"k8s.io/apimachinery/pkg/runtime"
-	"k8s.io/apiserver/pkg/registry/generic"
-	genericregistry "k8s.io/apiserver/pkg/registry/generic/registry"
-	"k8s.io/kubernetes/pkg/api"
-	extensionsapi "k8s.io/kubernetes/pkg/apis/extensions"
-	"k8s.io/kubernetes/pkg/registry/cachesize"
-	"k8s.io/kubernetes/pkg/registry/extensions/networkpolicy"
-)
-
-// rest implements a RESTStorage for network policies
-type REST struct {
-	*genericregistry.Store
-}
-
-// NewREST returns a RESTStorage object that will work against network policies.
-func NewREST(optsGetter generic.RESTOptionsGetter) *REST {
-	store := &genericregistry.Store{
-		Copier:                   api.Scheme,
-		NewFunc:                  func() runtime.Object { return &extensionsapi.NetworkPolicy{} },
-		NewListFunc:              func() runtime.Object { return &extensionsapi.NetworkPolicyList{} },
-		DefaultQualifiedResource: extensionsapi.Resource("networkpolicies"),
-		WatchCacheSize:           cachesize.GetWatchCacheSizeByResource("networkpolicies"),
-
-		CreateStrategy: networkpolicy.Strategy,
-		UpdateStrategy: networkpolicy.Strategy,
-		DeleteStrategy: networkpolicy.Strategy,
-	}
-	options := &generic.StoreOptions{RESTOptions: optsGetter}
-	if err := store.CompleteWithOptions(options); err != nil {
-		panic(err) // TODO: Propagate error up
-	}
-	return &REST{store}
-}
--- a/pkg/registry/extensions/networkpolicy/storage/storage_test.go
+++ b/pkg/registry/extensions/networkpolicy/storage/storage_test.go
@ -1,185 +0,0 @@
-/*
-Copyright 2016 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package storage
-
-import (
-	"testing"
-
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	"k8s.io/apimachinery/pkg/fields"
-	"k8s.io/apimachinery/pkg/labels"
-	"k8s.io/apimachinery/pkg/runtime"
-	"k8s.io/apimachinery/pkg/util/intstr"
-	genericapirequest "k8s.io/apiserver/pkg/endpoints/request"
-	"k8s.io/apiserver/pkg/registry/generic"
-	etcdtesting "k8s.io/apiserver/pkg/storage/etcd/testing"
-	"k8s.io/kubernetes/pkg/apis/extensions"
-	"k8s.io/kubernetes/pkg/registry/registrytest"
-)
-
-func newStorage(t *testing.T) (*REST, *etcdtesting.EtcdTestServer) {
-	etcdStorage, server := registrytest.NewEtcdStorage(t, "extensions")
-	restOptions := generic.RESTOptions{
-		StorageConfig:           etcdStorage,
-		Decorator:               generic.UndecoratedStorage,
-		DeleteCollectionWorkers: 1,
-		ResourcePrefix:          "networkpolicies",
-	}
-	return NewREST(restOptions), server
-}
-
-// createNetworkPolicy is a helper function that returns a NetworkPolicy with the updated resource version.
-func createNetworkPolicy(storage *REST, np extensions.NetworkPolicy, t *testing.T) (extensions.NetworkPolicy, error) {
-	ctx := genericapirequest.WithNamespace(genericapirequest.NewContext(), np.Namespace)
-	obj, err := storage.Create(ctx, &np, false)
-	if err != nil {
-		t.Errorf("Failed to create NetworkPolicy, %v", err)
-	}
-	newNP := obj.(*extensions.NetworkPolicy)
-	return *newNP, nil
-}
-
-func validNewNetworkPolicy() *extensions.NetworkPolicy {
-	port := intstr.FromInt(80)
-	return &extensions.NetworkPolicy{
-		ObjectMeta: metav1.ObjectMeta{
-			Name:      "foo",
-			Namespace: metav1.NamespaceDefault,
-			Labels:    map[string]string{"a": "b"},
-		},
-		Spec: extensions.NetworkPolicySpec{
-			PodSelector: metav1.LabelSelector{MatchLabels: map[string]string{"a": "b"}},
-			Ingress: []extensions.NetworkPolicyIngressRule{
-				{
-					From: []extensions.NetworkPolicyPeer{
-						{
-							PodSelector: &metav1.LabelSelector{MatchLabels: map[string]string{"c": "d"}},
-						},
-					},
-					Ports: []extensions.NetworkPolicyPort{
-						{
-							Port: &port,
-						},
-					},
-				},
-			},
-		},
-	}
-}
-
-var validNetworkPolicy = *validNewNetworkPolicy()
-
-func TestCreate(t *testing.T) {
-	storage, server := newStorage(t)
-	defer server.Terminate(t)
-	defer storage.Store.DestroyFunc()
-	test := registrytest.New(t, storage.Store)
-	np := validNewNetworkPolicy()
-	np.ObjectMeta = metav1.ObjectMeta{}
-
-	invalidSelector := map[string]string{"NoUppercaseOrSpecialCharsLike=Equals": "b"}
-	test.TestCreate(
-		// valid
-		np,
-		// invalid (invalid selector)
-		&extensions.NetworkPolicy{
-			Spec: extensions.NetworkPolicySpec{
-				PodSelector: metav1.LabelSelector{MatchLabels: invalidSelector},
-				Ingress:     []extensions.NetworkPolicyIngressRule{},
-			},
-		},
-	)
-}
-
-func TestUpdate(t *testing.T) {
-	storage, server := newStorage(t)
-	defer server.Terminate(t)
-	defer storage.Store.DestroyFunc()
-	test := registrytest.New(t, storage.Store)
-	test.TestUpdate(
-		// valid
-		validNewNetworkPolicy(),
-		// valid updateFunc
-		func(obj runtime.Object) runtime.Object {
-			object := obj.(*extensions.NetworkPolicy)
-			return object
-		},
-		// invalid updateFunc
-		func(obj runtime.Object) runtime.Object {
-			object := obj.(*extensions.NetworkPolicy)
-			object.Name = ""
-			return object
-		},
-		func(obj runtime.Object) runtime.Object {
-			object := obj.(*extensions.NetworkPolicy)
-			object.Spec.PodSelector = metav1.LabelSelector{MatchLabels: map[string]string{}}
-			return object
-		},
-	)
-}
-
-func TestDelete(t *testing.T) {
-	storage, server := newStorage(t)
-	defer server.Terminate(t)
-	defer storage.Store.DestroyFunc()
-	test := registrytest.New(t, storage.Store)
-	test.TestDelete(validNewNetworkPolicy())
-}
-
-func TestGet(t *testing.T) {
-	storage, server := newStorage(t)
-	defer server.Terminate(t)
-	defer storage.Store.DestroyFunc()
-	test := registrytest.New(t, storage.Store)
-	test.TestGet(validNewNetworkPolicy())
-}
-
-func TestList(t *testing.T) {
-	storage, server := newStorage(t)
-	defer server.Terminate(t)
-	defer storage.Store.DestroyFunc()
-	test := registrytest.New(t, storage.Store)
-	test.TestList(validNewNetworkPolicy())
-}
-
-func TestWatch(t *testing.T) {
-	storage, server := newStorage(t)
-	defer server.Terminate(t)
-	defer storage.Store.DestroyFunc()
-	test := registrytest.New(t, storage.Store)
-	test.TestWatch(
-		validNewNetworkPolicy(),
-		// matching labels
-		[]labels.Set{
-			{"a": "b"},
-		},
-		// not matching labels
-		[]labels.Set{
-			{"a": "c"},
-			{"foo": "bar"},
-		},
-		// matching fields
-		[]fields.Set{
-			{"metadata.name": "foo"},
-		},
-		// not matchin fields
-		[]fields.Set{
-			{"metadata.name": "bar"},
-			{"name": "foo"},
-		},
-	)
-}
--- a/pkg/registry/extensions/networkpolicy/strategy.go
+++ b/pkg/registry/extensions/networkpolicy/strategy.go
@ -1,88 +0,0 @@
-/*
-Copyright 2014 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package networkpolicy
-
-import (
-	apiequality "k8s.io/apimachinery/pkg/api/equality"
-	"k8s.io/apimachinery/pkg/runtime"
-	"k8s.io/apimachinery/pkg/util/validation/field"
-	genericapirequest "k8s.io/apiserver/pkg/endpoints/request"
-	"k8s.io/apiserver/pkg/storage/names"
-	"k8s.io/kubernetes/pkg/api"
-	"k8s.io/kubernetes/pkg/apis/extensions"
-	"k8s.io/kubernetes/pkg/apis/extensions/validation"
-)
-
-// networkPolicyStrategy implements verification logic for NetworkPolicys.
-type networkPolicyStrategy struct {
-	runtime.ObjectTyper
-	names.NameGenerator
-}
-
-// Strategy is the default logic that applies when creating and updating NetworkPolicy objects.
-var Strategy = networkPolicyStrategy{api.Scheme, names.SimpleNameGenerator}
-
-// NamespaceScoped returns true because all NetworkPolicys need to be within a namespace.
-func (networkPolicyStrategy) NamespaceScoped() bool {
-	return true
-}
-
-// PrepareForCreate clears the status of an NetworkPolicy before creation.
-func (networkPolicyStrategy) PrepareForCreate(ctx genericapirequest.Context, obj runtime.Object) {
-	networkPolicy := obj.(*extensions.NetworkPolicy)
-	networkPolicy.Generation = 1
-}
-
-// PrepareForUpdate clears fields that are not allowed to be set by end users on update.
-func (networkPolicyStrategy) PrepareForUpdate(ctx genericapirequest.Context, obj, old runtime.Object) {
-	newNetworkPolicy := obj.(*extensions.NetworkPolicy)
-	oldNetworkPolicy := old.(*extensions.NetworkPolicy)
-
-	// Any changes to the spec increment the generation number, any changes to the
-	// status should reflect the generation number of the corresponding object.
-	// See metav1.ObjectMeta description for more information on Generation.
-	if !apiequality.Semantic.DeepEqual(oldNetworkPolicy.Spec, newNetworkPolicy.Spec) {
-		newNetworkPolicy.Generation = oldNetworkPolicy.Generation + 1
-	}
-}
-
-// Validate validates a new NetworkPolicy.
-func (networkPolicyStrategy) Validate(ctx genericapirequest.Context, obj runtime.Object) field.ErrorList {
-	networkPolicy := obj.(*extensions.NetworkPolicy)
-	return validation.ValidateNetworkPolicy(networkPolicy)
-}
-
-// Canonicalize normalizes the object after validation.
-func (networkPolicyStrategy) Canonicalize(obj runtime.Object) {
-}
-
-// AllowCreateOnUpdate is false for NetworkPolicy; this means you may not create one with a PUT request.
-func (networkPolicyStrategy) AllowCreateOnUpdate() bool {
-	return false
-}
-
-// ValidateUpdate is the default update validation for an end user.
-func (networkPolicyStrategy) ValidateUpdate(ctx genericapirequest.Context, obj, old runtime.Object) field.ErrorList {
-	validationErrorList := validation.ValidateNetworkPolicy(obj.(*extensions.NetworkPolicy))
-	updateErrorList := validation.ValidateNetworkPolicyUpdate(obj.(*extensions.NetworkPolicy), old.(*extensions.NetworkPolicy))
-	return append(validationErrorList, updateErrorList...)
-}
-
-// AllowUnconditionalUpdate is the default update policy for NetworkPolicy objects.
-func (networkPolicyStrategy) AllowUnconditionalUpdate() bool {
-	return true
-}
--- a/pkg/registry/extensions/networkpolicy/strategy_test.go
+++ b/pkg/registry/extensions/networkpolicy/strategy_test.go
@ -1,62 +0,0 @@
-/*
-Copyright 2016 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package networkpolicy
-
-import (
-	"testing"
-
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	genericapirequest "k8s.io/apiserver/pkg/endpoints/request"
-	"k8s.io/kubernetes/pkg/apis/extensions"
-)
-
-func TestNetworkPolicyStrategy(t *testing.T) {
-	ctx := genericapirequest.NewDefaultContext()
-	if !Strategy.NamespaceScoped() {
-		t.Errorf("NetworkPolicy must be namespace scoped")
-	}
-	if Strategy.AllowCreateOnUpdate() {
-		t.Errorf("NetworkPolicy should not allow create on update")
-	}
-
-	validMatchLabels := map[string]string{"a": "b"}
-	np := &extensions.NetworkPolicy{
-		ObjectMeta: metav1.ObjectMeta{Name: "abc", Namespace: metav1.NamespaceDefault},
-		Spec: extensions.NetworkPolicySpec{
-			PodSelector: metav1.LabelSelector{MatchLabels: validMatchLabels},
-			Ingress:     []extensions.NetworkPolicyIngressRule{},
-		},
-	}
-
-	Strategy.PrepareForCreate(ctx, np)
-	errs := Strategy.Validate(ctx, np)
-	if len(errs) != 0 {
-		t.Errorf("Unexpected error validating %v", errs)
-	}
-
-	invalidNp := &extensions.NetworkPolicy{
-		ObjectMeta: metav1.ObjectMeta{Name: "bar", ResourceVersion: "4"},
-	}
-	Strategy.PrepareForUpdate(ctx, invalidNp, np)
-	errs = Strategy.ValidateUpdate(ctx, invalidNp, np)
-	if len(errs) == 0 {
-		t.Errorf("Expected a validation error")
-	}
-	if invalidNp.ResourceVersion != "4" {
-		t.Errorf("Incoming resource version on update should not be mutated")
-	}
-}
--- a/pkg/registry/extensions/rest/storage_extensions.go
+++ b/pkg/registry/extensions/rest/storage_extensions.go
@ -28,9 +28,9 @@ import (
 	daemonstore "k8s.io/kubernetes/pkg/registry/extensions/daemonset/storage"
 	deploymentstore "k8s.io/kubernetes/pkg/registry/extensions/deployment/storage"
 	ingressstore "k8s.io/kubernetes/pkg/registry/extensions/ingress/storage"
-	networkpolicystore "k8s.io/kubernetes/pkg/registry/extensions/networkpolicy/storage"
 	pspstore "k8s.io/kubernetes/pkg/registry/extensions/podsecuritypolicy/storage"
 	replicasetstore "k8s.io/kubernetes/pkg/registry/extensions/replicaset/storage"
+	networkpolicystore "k8s.io/kubernetes/pkg/registry/networking/networkpolicy/storage"
 )

 type RESTStorageProvider struct {