github
/
k3s
mirror of https://github.com/k3s-io/k3s
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge pull request #56425 from cmluciano/cml/deprecatev1beta1 

Automatic merge from submit-queue (batch tested with PRs 56497, 56500, 55018, 56544, 56425). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

Mark v1beta1 NetworkPolicy types as deprecated

**What this PR does / why we need it**:
Deprecates v1beta1 NetworkPolicy in favor of v1. The default storage is now set to v1 in 1.9.

**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Related #56423

**Special notes for your reviewer**:

**Release note**:

```
deprecate NetworkPolicy v1beta1 API in extensions
```
pull/6/head
Kubernetes Submit Queue 2017-11-29 15:26:11 -08:00 committed by GitHub
parent 617821eb39 0b72a20e0f
commit bb9f27f9ee
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 55 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
api/openapi-spec/swagger.json generated
View File

@ -79780,7 +79780,7 @@
}
},
"io.k8s.api.extensions.v1beta1.IPBlock": {
"description": "IPBlock describes a particular CIDR (Ex. \"192.168.1.1/24\") that is allowed to the pods matched by a NetworkPolicySpec's podSelector. The except entry describes CIDRs that should not be included within this rule.",
"description": "DEPRECATED 1.9 - This group version of IPBlock is deprecated by networking/v1/IPBlock. IPBlock describes a particular CIDR (Ex. \"192.168.1.1/24\") that is allowed to the pods matched by a NetworkPolicySpec's podSelector. The except entry describes CIDRs that should not be included within this rule.",
"required": [
"cidr"
],
@ -79942,7 +79942,7 @@
}
},
"io.k8s.api.extensions.v1beta1.NetworkPolicy": {
"description": "NetworkPolicy describes what network traffic is allowed for a set of Pods",
"description": "DEPRECATED 1.9 - This group version of NetworkPolicy is deprecated by networking/v1/NetworkPolicy. NetworkPolicy describes what network traffic is allowed for a set of Pods",
"properties": {
"apiVersion": {
"description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources",
@ -79970,7 +79970,7 @@
]
},
"io.k8s.api.extensions.v1beta1.NetworkPolicyEgressRule": {
"description": "NetworkPolicyEgressRule describes a particular set of traffic that is allowed out of pods matched by a NetworkPolicySpec's podSelector. The traffic must match both ports and to. This type is beta-level in 1.8",
"description": "DEPRECATED 1.9 - This group version of NetworkPolicyEgressRule is deprecated by networking/v1/NetworkPolicyEgressRule. NetworkPolicyEgressRule describes a particular set of traffic that is allowed out of pods matched by a NetworkPolicySpec's podSelector. The traffic must match both ports and to. This type is beta-level in 1.8",
"properties": {
"ports": {
"description": "List of destination ports for outgoing traffic. Each item in this list is combined using a logical OR. If this field is empty or missing, this rule matches all ports (traffic not restricted by port). If this field is present and contains at least one item, then this rule allows traffic only if the traffic matches at least one port in the list.",
@ -79989,7 +79989,7 @@
}
},
"io.k8s.api.extensions.v1beta1.NetworkPolicyIngressRule": {
"description": "This NetworkPolicyIngressRule matches traffic if and only if the traffic matches both ports AND from.",
"description": "DEPRECATED 1.9 - This group version of NetworkPolicyIngressRule is deprecated by networking/v1/NetworkPolicyIngressRule. This NetworkPolicyIngressRule matches traffic if and only if the traffic matches both ports AND from.",
"properties": {
"from": {
"description": "List of sources which should be able to access the pods selected for this rule. Items in this list are combined using a logical OR operation. If this field is empty or missing, this rule matches all sources (traffic not restricted by source). If this field is present and contains at least on item, this rule allows traffic only if the traffic matches at least one item in the from list.",
@ -80008,7 +80008,7 @@
}
},
"io.k8s.api.extensions.v1beta1.NetworkPolicyList": {
"description": "Network Policy List is a list of NetworkPolicy objects.",
"description": "DEPRECATED 1.9 - This group version of NetworkPolicyList is deprecated by networking/v1/NetworkPolicyList. Network Policy List is a list of NetworkPolicy objects.",
"required": [
"items"
],
@ -80042,6 +80042,7 @@
]
},
"io.k8s.api.extensions.v1beta1.NetworkPolicyPeer": {
"description": "DEPRECATED 1.9 - This group version of NetworkPolicyPeer is deprecated by networking/v1/NetworkPolicyPeer.",
"properties": {
"ipBlock": {
"description": "IPBlock defines policy on a particular IPBlock",
@ -80058,6 +80059,7 @@
}
},
"io.k8s.api.extensions.v1beta1.NetworkPolicyPort": {
"description": "DEPRECATED 1.9 - This group version of NetworkPolicyPort is deprecated by networking/v1/NetworkPolicyPort.",
"properties": {
"port": {
"description": "If specified, the port on the given protocol. This can either be a numerical or named port on a pod. If this field is not provided, this matches all port names and numbers. If present, only traffic on the specified protocol AND port will be matched.",
@ -80070,6 +80072,7 @@
}
},
"io.k8s.api.extensions.v1beta1.NetworkPolicySpec": {
"description": "DEPRECATED 1.9 - This group version of NetworkPolicySpec is deprecated by networking/v1/NetworkPolicySpec.",
"required": [
"podSelector"
],

13
api/swagger-spec/extensions_v1beta1.json generated
View File

@ -9990,7 +9990,7 @@
},
"v1beta1.NetworkPolicyList": {
"id": "v1beta1.NetworkPolicyList",
"description": "Network Policy List is a list of NetworkPolicy objects.",
"description": "DEPRECATED 1.9 - This group version of NetworkPolicyList is deprecated by networking/v1/NetworkPolicyList. Network Policy List is a list of NetworkPolicy objects.",
"required": [
"items"
],
@ -10018,7 +10018,7 @@
},
"v1beta1.NetworkPolicy": {
"id": "v1beta1.NetworkPolicy",
"description": "NetworkPolicy describes what network traffic is allowed for a set of Pods",
"description": "DEPRECATED 1.9 - This group version of NetworkPolicy is deprecated by networking/v1/NetworkPolicy. NetworkPolicy describes what network traffic is allowed for a set of Pods",
"properties": {
"kind": {
"type": "string",
@ -10040,6 +10040,7 @@
},
"v1beta1.NetworkPolicySpec": {
"id": "v1beta1.NetworkPolicySpec",
"description": "DEPRECATED 1.9 - This group version of NetworkPolicySpec is deprecated by networking/v1/NetworkPolicySpec.",
"required": [
"podSelector"
],
@ -10073,7 +10074,7 @@
},
"v1beta1.NetworkPolicyIngressRule": {
"id": "v1beta1.NetworkPolicyIngressRule",
"description": "This NetworkPolicyIngressRule matches traffic if and only if the traffic matches both ports AND from.",
"description": "DEPRECATED 1.9 - This group version of NetworkPolicyIngressRule is deprecated by networking/v1/NetworkPolicyIngressRule. This NetworkPolicyIngressRule matches traffic if and only if the traffic matches both ports AND from.",
"properties": {
"ports": {
"type": "array",
@ -10093,6 +10094,7 @@
},
"v1beta1.NetworkPolicyPort": {
"id": "v1beta1.NetworkPolicyPort",
"description": "DEPRECATED 1.9 - This group version of NetworkPolicyPort is deprecated by networking/v1/NetworkPolicyPort.",
"properties": {
"protocol": {
"$ref": "v1.Protocol",
@ -10110,6 +10112,7 @@
},
"v1beta1.NetworkPolicyPeer": {
"id": "v1beta1.NetworkPolicyPeer",
"description": "DEPRECATED 1.9 - This group version of NetworkPolicyPeer is deprecated by networking/v1/NetworkPolicyPeer.",
"properties": {
"podSelector": {
"$ref": "v1.LabelSelector",
@ -10127,7 +10130,7 @@
},
"v1beta1.IPBlock": {
"id": "v1beta1.IPBlock",
"description": "IPBlock describes a particular CIDR (Ex. \"192.168.1.1/24\") that is allowed to the pods matched by a NetworkPolicySpec's podSelector. The except entry describes CIDRs that should not be included within this rule.",
"description": "DEPRECATED 1.9 - This group version of IPBlock is deprecated by networking/v1/IPBlock. IPBlock describes a particular CIDR (Ex. \"192.168.1.1/24\") that is allowed to the pods matched by a NetworkPolicySpec's podSelector. The except entry describes CIDRs that should not be included within this rule.",
"required": [
"cidr"
],
@ -10147,7 +10150,7 @@
},
"v1beta1.NetworkPolicyEgressRule": {
"id": "v1beta1.NetworkPolicyEgressRule",
"description": "NetworkPolicyEgressRule describes a particular set of traffic that is allowed out of pods matched by a NetworkPolicySpec's podSelector. The traffic must match both ports and to. This type is beta-level in 1.8",
"description": "DEPRECATED 1.9 - This group version of NetworkPolicyEgressRule is deprecated by networking/v1/NetworkPolicyEgressRule. NetworkPolicyEgressRule describes a particular set of traffic that is allowed out of pods matched by a NetworkPolicySpec's podSelector. The traffic must match both ports and to. This type is beta-level in 1.8",
"properties": {
"ports": {
"type": "array",

19
docs/api-reference/extensions/v1beta1/definitions.html generated
View File

@ -1395,7 +1395,7 @@ Examples: <code>/foo</code> would allow <code>/foo</code>, <code>/foo/</code> an
<div class="sect2">
<h3 id="_v1beta1_networkpolicylist">v1beta1.NetworkPolicyList</h3>
<div class="paragraph">
<p>Network Policy List is a list of NetworkPolicy objects.</p>
<p>DEPRECATED 1.9 - This group version of NetworkPolicyList is deprecated by networking/v1/NetworkPolicyList. Network Policy List is a list of NetworkPolicy objects.</p>
</div>
<table class="tableblock frame-all grid-all" style="width:100%; ">
<colgroup>
@ -3280,7 +3280,7 @@ When an object is created, the system will populate this list with the current s
<div class="sect2">
<h3 id="_v1beta1_ipblock">v1beta1.IPBlock</h3>
<div class="paragraph">
<p>IPBlock describes a particular CIDR (Ex. "192.168.1.1/24") that is allowed to the pods matched by a NetworkPolicySpec&#8217;s podSelector. The except entry describes CIDRs that should not be included within this rule.</p>
<p>DEPRECATED 1.9 - This group version of IPBlock is deprecated by networking/v1/IPBlock. IPBlock describes a particular CIDR (Ex. "192.168.1.1/24") that is allowed to the pods matched by a NetworkPolicySpec&#8217;s podSelector. The except entry describes CIDRs that should not be included within this rule.</p>
</div>
<table class="tableblock frame-all grid-all" style="width:100%; ">
<colgroup>
@ -5329,7 +5329,7 @@ Examples:<br>
<div class="sect2">
<h3 id="_v1beta1_networkpolicy">v1beta1.NetworkPolicy</h3>
<div class="paragraph">
<p>NetworkPolicy describes what network traffic is allowed for a set of Pods</p>
<p>DEPRECATED 1.9 - This group version of NetworkPolicy is deprecated by networking/v1/NetworkPolicy. NetworkPolicy describes what network traffic is allowed for a set of Pods</p>
</div>
<table class="tableblock frame-all grid-all" style="width:100%; ">
<colgroup>
@ -5611,6 +5611,9 @@ Examples:<br>
</div>
<div class="sect2">
<h3 id="_v1beta1_networkpolicyspec">v1beta1.NetworkPolicySpec</h3>
<div class="paragraph">
<p>DEPRECATED 1.9 - This group version of NetworkPolicySpec is deprecated by networking/v1/NetworkPolicySpec.</p>
</div>
<table class="tableblock frame-all grid-all" style="width:100%; ">
<colgroup>
<col style="width:20%;">
@ -6104,6 +6107,9 @@ Both these may change in the future. Incoming requests are matched against the h
</div>
<div class="sect2">
<h3 id="_v1beta1_networkpolicypeer">v1beta1.NetworkPolicyPeer</h3>
<div class="paragraph">
<p>DEPRECATED 1.9 - This group version of NetworkPolicyPeer is deprecated by networking/v1/NetworkPolicyPeer.</p>
</div>
<table class="tableblock frame-all grid-all" style="width:100%; ">
<colgroup>
<col style="width:20%;">
@ -6553,7 +6559,7 @@ Both these may change in the future. Incoming requests are matched against the h
<div class="sect2">
<h3 id="_v1beta1_networkpolicyingressrule">v1beta1.NetworkPolicyIngressRule</h3>
<div class="paragraph">
<p>This NetworkPolicyIngressRule matches traffic if and only if the traffic matches both ports AND from.</p>
<p>DEPRECATED 1.9 - This group version of NetworkPolicyIngressRule is deprecated by networking/v1/NetworkPolicyIngressRule. This NetworkPolicyIngressRule matches traffic if and only if the traffic matches both ports AND from.</p>
</div>
<table class="tableblock frame-all grid-all" style="width:100%; ">
<colgroup>
@ -7007,7 +7013,7 @@ Both these may change in the future. Incoming requests are matched against the h
<div class="sect2">
<h3 id="_v1beta1_networkpolicyegressrule">v1beta1.NetworkPolicyEgressRule</h3>
<div class="paragraph">
<p>NetworkPolicyEgressRule describes a particular set of traffic that is allowed out of pods matched by a NetworkPolicySpec&#8217;s podSelector. The traffic must match both ports and to. This type is beta-level in 1.8</p>
<p>DEPRECATED 1.9 - This group version of NetworkPolicyEgressRule is deprecated by networking/v1/NetworkPolicyEgressRule. NetworkPolicyEgressRule describes a particular set of traffic that is allowed out of pods matched by a NetworkPolicySpec&#8217;s podSelector. The traffic must match both ports and to. This type is beta-level in 1.8</p>
</div>
<table class="tableblock frame-all grid-all" style="width:100%; ">
<colgroup>
@ -7822,6 +7828,9 @@ Both these may change in the future. Incoming requests are matched against the h
</div>
<div class="sect2">
<h3 id="_v1beta1_networkpolicyport">v1beta1.NetworkPolicyPort</h3>
<div class="paragraph">
<p>DEPRECATED 1.9 - This group version of NetworkPolicyPort is deprecated by networking/v1/NetworkPolicyPort.</p>
</div>
<table class="tableblock frame-all grid-all" style="width:100%; ">
<colgroup>
<col style="width:20%;">

8
staging/src/k8s.io/api/extensions/v1beta1/generated.proto
View File

@ -467,6 +467,7 @@ message IDRange {
optional int64 max = 2;
}
// DEPRECATED 1.9 - This group version of IPBlock is deprecated by networking/v1/IPBlock.
// IPBlock describes a particular CIDR (Ex. "192.168.1.1/24") that is allowed to the pods
// matched by a NetworkPolicySpec's podSelector. The except entry describes CIDRs that should
// not be included within this rule.
@ -608,6 +609,7 @@ message IngressTLS {
optional string secretName = 2;
}
// DEPRECATED 1.9 - This group version of NetworkPolicy is deprecated by networking/v1/NetworkPolicy.
// NetworkPolicy describes what network traffic is allowed for a set of Pods
message NetworkPolicy {
// Standard object's metadata.
@ -620,6 +622,7 @@ message NetworkPolicy {
optional NetworkPolicySpec spec = 2;
}
// DEPRECATED 1.9 - This group version of NetworkPolicyEgressRule is deprecated by networking/v1/NetworkPolicyEgressRule.
// NetworkPolicyEgressRule describes a particular set of traffic that is allowed out of pods
// matched by a NetworkPolicySpec's podSelector. The traffic must match both ports and to.
// This type is beta-level in 1.8
@ -641,6 +644,7 @@ message NetworkPolicyEgressRule {
repeated NetworkPolicyPeer to = 2;
}
// DEPRECATED 1.9 - This group version of NetworkPolicyIngressRule is deprecated by networking/v1/NetworkPolicyIngressRule.
// This NetworkPolicyIngressRule matches traffic if and only if the traffic matches both ports AND from.
message NetworkPolicyIngressRule {
// List of ports which should be made accessible on the pods selected for this rule.
@ -660,6 +664,7 @@ message NetworkPolicyIngressRule {
repeated NetworkPolicyPeer from = 2;
}
// DEPRECATED 1.9 - This group version of NetworkPolicyList is deprecated by networking/v1/NetworkPolicyList.
// Network Policy List is a list of NetworkPolicy objects.
message NetworkPolicyList {
// Standard list metadata.
@ -671,6 +676,7 @@ message NetworkPolicyList {
repeated NetworkPolicy items = 2;
}
// DEPRECATED 1.9 - This group version of NetworkPolicyPeer is deprecated by networking/v1/NetworkPolicyPeer.
message NetworkPolicyPeer {
// This is a label selector which selects Pods in this namespace.
// This field follows standard label selector semantics.
@ -690,6 +696,7 @@ message NetworkPolicyPeer {
optional IPBlock ipBlock = 3;
}
// DEPRECATED 1.9 - This group version of NetworkPolicyPort is deprecated by networking/v1/NetworkPolicyPort.
message NetworkPolicyPort {
// Optional. The protocol (TCP or UDP) which traffic must match.
// If not specified, this field defaults to TCP.
@ -705,6 +712,7 @@ message NetworkPolicyPort {
optional k8s.io.apimachinery.pkg.util.intstr.IntOrString port = 2;
}
// DEPRECATED 1.9 - This group version of NetworkPolicySpec is deprecated by networking/v1/NetworkPolicySpec.
message NetworkPolicySpec {
// Selects the pods to which this NetworkPolicy object applies. The array of ingress rules
// is applied to any pods selected by this field. Multiple network policies can select the

9
staging/src/k8s.io/api/extensions/v1beta1/types.go
View File

@ -1112,6 +1112,7 @@ type PodSecurityPolicyList struct {
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// DEPRECATED 1.9 - This group version of NetworkPolicy is deprecated by networking/v1/NetworkPolicy.
// NetworkPolicy describes what network traffic is allowed for a set of Pods
type NetworkPolicy struct {
metav1.TypeMeta `json:",inline"`
@ -1125,6 +1126,7 @@ type NetworkPolicy struct {
Spec NetworkPolicySpec `json:"spec,omitempty" protobuf:"bytes,2,opt,name=spec"`
}
// DEPRECATED 1.9 - This group version of PolicyType is deprecated by networking/v1/PolicyType.
// Policy Type string describes the NetworkPolicy type
// This type is beta-level in 1.8
type PolicyType string
@ -1136,6 +1138,7 @@ const (
PolicyTypeEgress PolicyType = "Egress"
)
// DEPRECATED 1.9 - This group version of NetworkPolicySpec is deprecated by networking/v1/NetworkPolicySpec.
type NetworkPolicySpec struct {
// Selects the pods to which this NetworkPolicy object applies. The array of ingress rules
// is applied to any pods selected by this field. Multiple network policies can select the
@ -1178,6 +1181,7 @@ type NetworkPolicySpec struct {
PolicyTypes []PolicyType `json:"policyTypes,omitempty" protobuf:"bytes,4,rep,name=policyTypes,casttype=PolicyType"`
}
// DEPRECATED 1.9 - This group version of NetworkPolicyIngressRule is deprecated by networking/v1/NetworkPolicyIngressRule.
// This NetworkPolicyIngressRule matches traffic if and only if the traffic matches both ports AND from.
type NetworkPolicyIngressRule struct {
// List of ports which should be made accessible on the pods selected for this rule.
@ -1197,6 +1201,7 @@ type NetworkPolicyIngressRule struct {
From []NetworkPolicyPeer `json:"from,omitempty" protobuf:"bytes,2,rep,name=from"`
}
// DEPRECATED 1.9 - This group version of NetworkPolicyEgressRule is deprecated by networking/v1/NetworkPolicyEgressRule.
// NetworkPolicyEgressRule describes a particular set of traffic that is allowed out of pods
// matched by a NetworkPolicySpec's podSelector. The traffic must match both ports and to.
// This type is beta-level in 1.8
@ -1218,6 +1223,7 @@ type NetworkPolicyEgressRule struct {
To []NetworkPolicyPeer `json:"to,omitempty" protobuf:"bytes,2,rep,name=to"`
}
// DEPRECATED 1.9 - This group version of NetworkPolicyPort is deprecated by networking/v1/NetworkPolicyPort.
type NetworkPolicyPort struct {
// Optional. The protocol (TCP or UDP) which traffic must match.
// If not specified, this field defaults to TCP.
@ -1233,6 +1239,7 @@ type NetworkPolicyPort struct {
Port *intstr.IntOrString `json:"port,omitempty" protobuf:"bytes,2,opt,name=port"`
}
// DEPRECATED 1.9 - This group version of IPBlock is deprecated by networking/v1/IPBlock.
// IPBlock describes a particular CIDR (Ex. "192.168.1.1/24") that is allowed to the pods
// matched by a NetworkPolicySpec's podSelector. The except entry describes CIDRs that should
// not be included within this rule.
@ -1247,6 +1254,7 @@ type IPBlock struct {
Except []string `json:"except,omitempty" protobuf:"bytes,2,rep,name=except"`
}
// DEPRECATED 1.9 - This group version of NetworkPolicyPeer is deprecated by networking/v1/NetworkPolicyPeer.
type NetworkPolicyPeer struct {
// Exactly one of the following must be specified.
@ -1270,6 +1278,7 @@ type NetworkPolicyPeer struct {
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// DEPRECATED 1.9 - This group version of NetworkPolicyList is deprecated by networking/v1/NetworkPolicyList.
// Network Policy List is a list of NetworkPolicy objects.
type NetworkPolicyList struct {
metav1.TypeMeta `json:",inline"`

13
staging/src/k8s.io/api/extensions/v1beta1/types_swagger_doc_generated.go generated
View File

@ -278,7 +278,7 @@ func (IDRange) SwaggerDoc() map[string]string {
}
var map_IPBlock = map[string]string{
"": "IPBlock describes a particular CIDR (Ex. \"192.168.1.1/24\") that is allowed to the pods matched by a NetworkPolicySpec's podSelector. The except entry describes CIDRs that should not be included within this rule.",
"": "DEPRECATED 1.9 - This group version of IPBlock is deprecated by networking/v1/IPBlock. IPBlock describes a particular CIDR (Ex. \"192.168.1.1/24\") that is allowed to the pods matched by a NetworkPolicySpec's podSelector. The except entry describes CIDRs that should not be included within this rule.",
"cidr": "CIDR is a string representing the IP Block Valid examples are \"192.168.1.1/24\"",
"except": "Except is a slice of CIDRs that should not be included within an IP Block Valid examples are \"192.168.1.1/24\" Except values will be rejected if they are outside the CIDR range",
}
@ -366,7 +366,7 @@ func (IngressTLS) SwaggerDoc() map[string]string {
}
var map_NetworkPolicy = map[string]string{
"": "NetworkPolicy describes what network traffic is allowed for a set of Pods",
"": "DEPRECATED 1.9 - This group version of NetworkPolicy is deprecated by networking/v1/NetworkPolicy. NetworkPolicy describes what network traffic is allowed for a set of Pods",
"metadata": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata",
"spec": "Specification of the desired behavior for this NetworkPolicy.",
}
@ -376,7 +376,7 @@ func (NetworkPolicy) SwaggerDoc() map[string]string {
}
var map_NetworkPolicyEgressRule = map[string]string{
"": "NetworkPolicyEgressRule describes a particular set of traffic that is allowed out of pods matched by a NetworkPolicySpec's podSelector. The traffic must match both ports and to. This type is beta-level in 1.8",
"": "DEPRECATED 1.9 - This group version of NetworkPolicyEgressRule is deprecated by networking/v1/NetworkPolicyEgressRule. NetworkPolicyEgressRule describes a particular set of traffic that is allowed out of pods matched by a NetworkPolicySpec's podSelector. The traffic must match both ports and to. This type is beta-level in 1.8",
"ports": "List of destination ports for outgoing traffic. Each item in this list is combined using a logical OR. If this field is empty or missing, this rule matches all ports (traffic not restricted by port). If this field is present and contains at least one item, then this rule allows traffic only if the traffic matches at least one port in the list.",
"to": "List of destinations for outgoing traffic of pods selected for this rule. Items in this list are combined using a logical OR operation. If this field is empty or missing, this rule matches all destinations (traffic not restricted by destination). If this field is present and contains at least one item, this rule allows traffic only if the traffic matches at least one item in the to list.",
}
@ -386,7 +386,7 @@ func (NetworkPolicyEgressRule) SwaggerDoc() map[string]string {
}
var map_NetworkPolicyIngressRule = map[string]string{
"": "This NetworkPolicyIngressRule matches traffic if and only if the traffic matches both ports AND from.",
"": "DEPRECATED 1.9 - This group version of NetworkPolicyIngressRule is deprecated by networking/v1/NetworkPolicyIngressRule. This NetworkPolicyIngressRule matches traffic if and only if the traffic matches both ports AND from.",
"ports": "List of ports which should be made accessible on the pods selected for this rule. Each item in this list is combined using a logical OR. If this field is empty or missing, this rule matches all ports (traffic not restricted by port). If this field is present and contains at least one item, then this rule allows traffic only if the traffic matches at least one port in the list.",
"from": "List of sources which should be able to access the pods selected for this rule. Items in this list are combined using a logical OR operation. If this field is empty or missing, this rule matches all sources (traffic not restricted by source). If this field is present and contains at least on item, this rule allows traffic only if the traffic matches at least one item in the from list.",
}
@ -396,7 +396,7 @@ func (NetworkPolicyIngressRule) SwaggerDoc() map[string]string {
}
var map_NetworkPolicyList = map[string]string{
"": "Network Policy List is a list of NetworkPolicy objects.",
"": "DEPRECATED 1.9 - This group version of NetworkPolicyList is deprecated by networking/v1/NetworkPolicyList. Network Policy List is a list of NetworkPolicy objects.",
"metadata": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata",
"items": "Items is a list of schema objects.",
}
@ -406,6 +406,7 @@ func (NetworkPolicyList) SwaggerDoc() map[string]string {
}
var map_NetworkPolicyPeer = map[string]string{
"": "DEPRECATED 1.9 - This group version of NetworkPolicyPeer is deprecated by networking/v1/NetworkPolicyPeer.",
"podSelector": "This is a label selector which selects Pods in this namespace. This field follows standard label selector semantics. If present but empty, this selector selects all pods in this namespace.",
"namespaceSelector": "Selects Namespaces using cluster scoped-labels. This matches all pods in all namespaces selected by this label selector. This field follows standard label selector semantics. If present but empty, this selector selects all namespaces.",
"ipBlock": "IPBlock defines policy on a particular IPBlock",
@ -416,6 +417,7 @@ func (NetworkPolicyPeer) SwaggerDoc() map[string]string {
}
var map_NetworkPolicyPort = map[string]string{
"": "DEPRECATED 1.9 - This group version of NetworkPolicyPort is deprecated by networking/v1/NetworkPolicyPort.",
"protocol": "Optional. The protocol (TCP or UDP) which traffic must match. If not specified, this field defaults to TCP.",
"port": "If specified, the port on the given protocol. This can either be a numerical or named port on a pod. If this field is not provided, this matches all port names and numbers. If present, only traffic on the specified protocol AND port will be matched.",
}
@ -425,6 +427,7 @@ func (NetworkPolicyPort) SwaggerDoc() map[string]string {
}
var map_NetworkPolicySpec = map[string]string{
"": "DEPRECATED 1.9 - This group version of NetworkPolicySpec is deprecated by networking/v1/NetworkPolicySpec.",
"podSelector": "Selects the pods to which this NetworkPolicy object applies. The array of ingress rules is applied to any pods selected by this field. Multiple network policies can select the same set of pods. In this case, the ingress rules for each are combined additively. This field is NOT optional and follows standard label selector semantics. An empty podSelector matches all pods in this namespace.",
"ingress": "List of ingress rules to be applied to the selected pods. Traffic is allowed to a pod if there are no NetworkPolicies selecting the pod OR if the traffic source is the pod's local node, OR if the traffic matches at least one ingress rule across all of the NetworkPolicy objects whose podSelector matches the pod. If this field is empty then this NetworkPolicy does not allow any traffic (and serves solely to ensure that the pods it selects are isolated by default).",
"egress": "List of egress rules to be applied to the selected pods. Outgoing traffic is allowed if there are no NetworkPolicies selecting the pod (and cluster policy otherwise allows the traffic), OR if the traffic matches at least one egress rule across all of the NetworkPolicy objects whose podSelector matches the pod. If this field is empty then this NetworkPolicy limits all outgoing traffic (and serves solely to ensure that the pods it selects are isolated by default). This field is beta-level in 1.8",