11/*
2- Copyright 2023 .
2+ Copyright Amazon.com Inc. or its affiliates. All Rights Reserved .
33
44Licensed under the Apache License, Version 2.0 (the "License");
55you may not use this file except in compliance with the License.
@@ -17,19 +17,82 @@ limitations under the License.
1717package v1alpha1
1818
1919import (
20+ corev1 "k8s.io/api/core/v1"
21+ networking "k8s.io/api/networking/v1"
2022 metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
2123)
2224
23- // EDIT THIS FILE! THIS IS SCAFFOLDING FOR YOU TO OWN!
24- // NOTE: json tags are required. Any new fields you add must have json tags for the fields to be serialized.
25+ // PolicyReference is the reference to the network policy resource
26+ type PolicyReference struct {
27+ // Name is the name of the Policy
28+ Name string `json:"name"`
29+
30+ // Namespace is the namespace of the Policy
31+ Namespace string `json:"namespace"`
32+ }
33+
34+ type NetworkAddress string
35+
36+ // Port contains information about the transport port/protocol
37+ type Port struct {
38+ // Protocol specifies the transport protocol, default TCP
39+ Protocol * corev1.Protocol `json:"protocol,omitempty"`
40+
41+ // Port specifies the numerical port for the protocol. If empty applies to all ports
42+ Port * int32 `json:"port,omitempty"`
43+
44+ // Endport specifies the port range port to endPort
45+ // port must be defined and an integer, endPort > port
46+ EndPort * int32 `json:"endPort,omitempty"`
47+ }
48+
49+ // EndpointInfo defines the network endpoint information for the policy ingress/egress
50+ type EndpointInfo struct {
51+ // CIDR is the network address(s) of the endpoint
52+ CIDR NetworkAddress `json:"cidr"`
53+
54+ // Except is the exceptions to the CIDR ranges mentioned above.
55+ Except []NetworkAddress `json:"except,omitempty"`
56+
57+ // Ports is the list of ports
58+ Ports []Port `json:"ports,omitempty"`
59+ }
60+
61+ // PodEndpoint defines the summary information for the pods
62+ type PodEndpoint struct {
63+ // HostIP is the IP address of the host the pod is currently running on
64+ HostIP NetworkAddress `json:"hostIP"`
65+ // PodIP is the IP address of the pod
66+ PodIP NetworkAddress `json:"podIP"`
67+ // Name is the pod name
68+ Name string `json:"name"`
69+ // Namespace is the pod namespace
70+ Namespace string `json:"namespace"`
71+ }
2572
2673// PolicyEndpointSpec defines the desired state of PolicyEndpoint
2774type PolicyEndpointSpec struct {
28- // INSERT ADDITIONAL SPEC FIELDS - desired state of cluster
29- // Important: Run "make" to regenerate code after modifying this file
75+ // PodSelector is the podSelector from the policy resource
76+ PodSelector * metav1.LabelSelector `json:"podSelector,omitempty"`
77+
78+ // PolicyRef is a reference to the Kubernetes NetworkPolicy resource.
79+ PolicyRef PolicyReference `json:"policyRef"`
80+
81+ // PodIsolation specifies whether the pod needs to be isolated for a
82+ // particular traffic direction Ingress or Egress, or both. If default isolation is not
83+ // specified, and there are no ingress/egress rules, then the pod is not isolated
84+ // from the point of view of this policy. This follows the NetworkPolicy spec.PolicyTypes.
85+ PodIsolation []networking.PolicyType `json:"podIsolation,omitempty"`
86+
87+ // PodSelectorEndpoints contains information about the pods
88+ // matching the podSelector
89+ PodSelectorEndpoints []PodEndpoint `json:"podSelectorEndpoints,omitempty"`
90+
91+ // Ingress is the list of ingress rules containing resolved network addresses
92+ Ingress []EndpointInfo `json:"ingress,omitempty"`
3093
31- // Foo is an example field of PolicyEndpoint. Edit policyendpoint_types.go to remove/update
32- Foo string `json:"foo ,omitempty"`
94+ // Egress is the list of egress rules containing resolved network addresses
95+ Egress [] EndpointInfo `json:"egress ,omitempty"`
3396}
3497
3598// PolicyEndpointStatus defines the observed state of PolicyEndpoint
0 commit comments