Skip to content

[NPM Lite] Added DefaultDeny in PNI + MTPNC CRD's #3265

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 10 commits into from
Jan 6, 2025
Merged

[NPM Lite] Added DefaultDeny in PNI + MTPNC CRD's #3265

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
c395ed9
updated mtpnc crd and pni crd by adding default deny acl bool field
rejain789 Dec 12, 2024
aefbe89
updated pni crd
rejain789 Dec 13, 2024
14e3cdd
updated mtpnc crd
rejain789 Dec 13, 2024
9dedbac
updated bool to boolean in crd
rejain789 Dec 13, 2024
ec74f22
updated schema/lowercased default dent
rejain789 Dec 13, 2024
39cdc30
fixing crd pipeline error
rejain789 Dec 17, 2024
4302325
tset
rejain789 Dec 17, 2024
bae503d
revert
rejain789 Dec 17, 2024
02a8c4e
resolved nits from pr
rejain789 Dec 20, 2024
df4be6c
resolved crg gen failing issue
rejain789 Dec 20, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions crd/multitenancy/api/v1alpha1/multitenantpodnetworkconfig.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -85,6 +85,9 @@ type MultitenantPodNetworkConfigStatus struct {
// InterfaceInfos describes all of the network container goal state for this Pod
// +kubebuilder:validation:Optional
InterfaceInfos []InterfaceInfo `json:"interfaceInfos,omitempty"`
// DefaultDenyACL bool indicates whether default deny policy will be present on the pods upon pod creation
// +kubebuilder:validation:Optional
DefaultDenyACL bool `json:"defaultDenyACL"`
}

func init() {
Expand Down
4 changes: 4 additions & 0 deletions crd/multitenancy/api/v1alpha1/podnetworkinstance.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -56,6 +56,10 @@ type PodNetworkInstanceSpec struct {
// optional for now in case orchestrator uses the deprecated fields
// +kubebuilder:validation:Optional
PodNetworkConfigs []PodNetworkConfig `json:"podNetworkConfigs"`
// DefaultDenyACL bool indicates whether default deny policy will be present on the pods upon pod creation
// +kubebuilder:default=false
// +kubebuilder:validation:Optional
DefaultDenyACL bool `json:"defaultDenyACL"`
}

// PodNetworkInstanceStatus defines the observed state of PodNetworkInstance
Expand Down
4 changes: 4 additions & 0 deletions crd/multitenancy/manifests/multitenancy.acn.azure.com_multitenantpodnetworkconfigs.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -72,6 +72,10 @@ spec:
description: MultitenantPodNetworkConfigStatus defines the observed state
of PodNetworkConfig
properties:
defaultDenyACL:
description: DefaultDenyACL bool indicates whether default deny policy
will be present on the pods upon pod creation
type: boolean
gatewayIP:
description: Deprecated - use InterfaceInfos
type: string
Expand Down
5 changes: 5 additions & 0 deletions crd/multitenancy/manifests/multitenancy.acn.azure.com_podnetworkinstances.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -53,6 +53,11 @@ spec:
spec:
description: PodNetworkInstanceSpec defines the desired state of PodNetworkInstance
properties:
defaultDenyACL:
default: false
description: DefaultDenyACL bool indicates whether default deny policy
will be present on the pods upon pod creation
type: boolean
podIPReservationSize:
default: 0
description: Deprecated - use PodNetworks
Expand Down
Loading