[NPM Lite] Added DefaultDeny in PNI + MTPNC CRD's (#3265)

rejain456 · web-flow · commit 376fad874b13 · 2025-01-06T18:22:55.000Z
* updated mtpnc crd and pni crd by adding default deny acl bool field

* updated pni crd

* updated mtpnc crd

* updated bool to boolean in crd

* updated schema/lowercased default dent

* fixing crd pipeline error

* tset

* revert

* resolved nits from pr

* resolved crg gen failing issue
diff --git a/crd/multitenancy/api/v1alpha1/multitenantpodnetworkconfig.go b/crd/multitenancy/api/v1alpha1/multitenantpodnetworkconfig.go
@@ -85,6 +85,9 @@ type MultitenantPodNetworkConfigStatus struct {
 	// InterfaceInfos describes all of the network container goal state for this Pod
 	// +kubebuilder:validation:Optional
 	InterfaceInfos []InterfaceInfo `json:"interfaceInfos,omitempty"`
+	// DefaultDenyACL bool indicates whether default deny policy will be present on the pods upon pod creation
+	// +kubebuilder:validation:Optional
+	DefaultDenyACL bool `json:"defaultDenyACL"`
 }
 
 func init() {
diff --git a/crd/multitenancy/api/v1alpha1/podnetworkinstance.go b/crd/multitenancy/api/v1alpha1/podnetworkinstance.go
@@ -56,6 +56,10 @@ type PodNetworkInstanceSpec struct {
 	// optional for now in case orchestrator uses the deprecated fields
 	// +kubebuilder:validation:Optional
 	PodNetworkConfigs []PodNetworkConfig `json:"podNetworkConfigs"`
+	// DefaultDenyACL bool indicates whether default deny policy will be present on the pods upon pod creation
+	// +kubebuilder:default=false
+	// +kubebuilder:validation:Optional
+	DefaultDenyACL bool `json:"defaultDenyACL"`
 }
 
 // PodNetworkInstanceStatus defines the observed state of PodNetworkInstance
diff --git a/crd/multitenancy/manifests/multitenancy.acn.azure.com_multitenantpodnetworkconfigs.yaml b/crd/multitenancy/manifests/multitenancy.acn.azure.com_multitenantpodnetworkconfigs.yaml
@@ -72,6 +72,10 @@ spec:
             description: MultitenantPodNetworkConfigStatus defines the observed state
               of PodNetworkConfig
             properties:
+              defaultDenyACL:
+                description: DefaultDenyACL bool indicates whether default deny policy
+                  will be present on the pods upon pod creation
+                type: boolean
               gatewayIP:
                 description: Deprecated - use InterfaceInfos
                 type: string
diff --git a/crd/multitenancy/manifests/multitenancy.acn.azure.com_podnetworkinstances.yaml b/crd/multitenancy/manifests/multitenancy.acn.azure.com_podnetworkinstances.yaml
@@ -53,6 +53,11 @@ spec:
           spec:
             description: PodNetworkInstanceSpec defines the desired state of PodNetworkInstance
             properties:
+              defaultDenyACL:
+                default: false
+                description: DefaultDenyACL bool indicates whether default deny policy
+                  will be present on the pods upon pod creation
+                type: boolean
               podIPReservationSize:
                 default: 0
                 description: Deprecated - use PodNetworks

Original file line number	Diff line number	Diff line change
`@@ -85,6 +85,9 @@ type MultitenantPodNetworkConfigStatus struct {`
`85`	`85`	`// InterfaceInfos describes all of the network container goal state for this Pod`
`86`	`86`	`// +kubebuilder:validation:Optional`
`87`	`87`	InterfaceInfos []InterfaceInfo `json:"interfaceInfos,omitempty"`
	`88`	`+ // DefaultDenyACL bool indicates whether default deny policy will be present on the pods upon pod creation`
	`89`	`+ // +kubebuilder:validation:Optional`
	`90`	+ DefaultDenyACL bool `json:"defaultDenyACL"`
`88`	`91`	`}`
`89`	`92`
`90`	`93`	`func init() {`