Skip to content

Commit 2a9aa3d

Browse files
tssuryatssurya
committed
Fix description for same/notSameLabels; remove NamespaceRelation
See #45 (comment) for details. Signed-off-by: Surya Seetharaman <[email protected]>
1 parent f51e7d8 commit 2a9aa3d

File tree

4 files changed

+58
-115
lines changed

4 files changed

+58
-115
lines changed

apis/v1alpha1/shared_types.go

Lines changed: 6 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -111,27 +111,13 @@ type AdminNetworkPolicyPeer struct {
111111
Pods *NamespacedPodPeer `json:"pods,omitempty"`
112112
}
113113

114-
type NamespaceRelation string
115-
116-
const (
117-
NamespaceSelf NamespaceRelation = "Self"
118-
NamespaceNotSelf NamespaceRelation = "NotSelf"
119-
)
120-
121114
// NamespacedPeer defines a flexible way to select Namespaces in a cluster.
122115
// Exactly one of the selectors must be set. If a consumer observes none of
123116
// its fields are set, they must assume an unknown option has been specified
124117
// and fail closed.
125118
// +kubebuilder:validation:MaxProperties=1
126119
// +kubebuilder:validation:MinProperties=1
127120
type NamespacedPeer struct {
128-
// Related provides a mechanism for selecting namespaces relative to the
129-
// subject pod. A value of "Self" matches the subject pod's namespace,
130-
// while a value of "NotSelf" matches namespaces other than the subject
131-
// pod's namespace.
132-
// +optional
133-
Related *NamespaceRelation `json:"related,omitempty"`
134-
135121
// NamespaceSelector is a labelSelector used to select Namespaces, This field
136122
// follows standard label selector semantics; if present but empty, it selects
137123
// all Namespaces.
@@ -141,15 +127,17 @@ type NamespacedPeer struct {
141127
// SameLabels is used to select a set of Namespaces that share the same values
142128
// for a set of labels.
143129
// To be selected a Namespace must have all of the labels defined in SameLabels,
144-
// and they must all have the same value as the subject of this policy.
130+
// AND they must all have the same value as the subject of this policy.
145131
// If Samelabels is Empty then nothing is selected.
146132
// +optional
147133
// +kubebuilder:validation:MaxItems=100
148134
SameLabels []string `json:"sameLabels,omitempty"`
149135

150-
// NotSameLabels is used to select a set of Namespaces that do not have a set
151-
// of label(s). To be selected a Namespace must have none of the labels defined
152-
// in NotSameLabels. If NotSameLabels is empty then nothing is selected.
136+
// NotSameLabels is used to select a set of Namespaces that do not have certain
137+
// values for a set of label(s).
138+
// To be selected a Namespace must have all of the labels defined in NotSameLabels,
139+
// AND at least one of them must have different values than the subject of this policy.
140+
// If NotSameLabels is empty then nothing is selected.
153141
// +optional
154142
// +kubebuilder:validation:MaxItems=100
155143
NotSameLabels []string `json:"notSameLabels,omitempty"`

apis/v1alpha1/zz_generated.deepcopy.go

Lines changed: 0 additions & 5 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

config/crd/bases/policy.networking.k8s.io_adminnetworkpolicies.yaml

Lines changed: 26 additions & 46 deletions
Original file line numberDiff line numberDiff line change
@@ -214,26 +214,21 @@ spec:
214214
x-kubernetes-map-type: atomic
215215
notSameLabels:
216216
description: NotSameLabels is used to select a set
217-
of Namespaces that do not have a set of label(s).
218-
To be selected a Namespace must have none of the
219-
labels defined in NotSameLabels. If NotSameLabels
217+
of Namespaces that do not have certain values for
218+
a set of label(s). To be selected a Namespace must
219+
have all of the labels defined in NotSameLabels,
220+
AND at least one of them must have different values
221+
than the subject of this policy. If NotSameLabels
220222
is empty then nothing is selected.
221223
items:
222224
type: string
223225
maxItems: 100
224226
type: array
225-
related:
226-
description: Related provides a mechanism for selecting
227-
namespaces relative to the subject pod. A value
228-
of "Self" matches the subject pod's namespace, while
229-
a value of "NotSelf" matches namespaces other than
230-
the subject pod's namespace.
231-
type: string
232227
sameLabels:
233228
description: SameLabels is used to select a set of
234229
Namespaces that share the same values for a set
235230
of labels. To be selected a Namespace must have
236-
all of the labels defined in SameLabels, and they
231+
all of the labels defined in SameLabels, AND they
237232
must all have the same value as the subject of this
238233
policy. If Samelabels is Empty then nothing is selected.
239234
items:
@@ -307,27 +302,22 @@ spec:
307302
x-kubernetes-map-type: atomic
308303
notSameLabels:
309304
description: NotSameLabels is used to select a
310-
set of Namespaces that do not have a set of
311-
label(s). To be selected a Namespace must have
312-
none of the labels defined in NotSameLabels.
313-
If NotSameLabels is empty then nothing is selected.
305+
set of Namespaces that do not have certain values
306+
for a set of label(s). To be selected a Namespace
307+
must have all of the labels defined in NotSameLabels,
308+
AND at least one of them must have different
309+
values than the subject of this policy. If NotSameLabels
310+
is empty then nothing is selected.
314311
items:
315312
type: string
316313
maxItems: 100
317314
type: array
318-
related:
319-
description: Related provides a mechanism for
320-
selecting namespaces relative to the subject
321-
pod. A value of "Self" matches the subject pod's
322-
namespace, while a value of "NotSelf" matches
323-
namespaces other than the subject pod's namespace.
324-
type: string
325315
sameLabels:
326316
description: SameLabels is used to select a set
327317
of Namespaces that share the same values for
328318
a set of labels. To be selected a Namespace
329319
must have all of the labels defined in SameLabels,
330-
and they must all have the same value as the
320+
AND they must all have the same value as the
331321
subject of this policy. If Samelabels is Empty
332322
then nothing is selected.
333323
items:
@@ -493,26 +483,21 @@ spec:
493483
x-kubernetes-map-type: atomic
494484
notSameLabels:
495485
description: NotSameLabels is used to select a set
496-
of Namespaces that do not have a set of label(s).
497-
To be selected a Namespace must have none of the
498-
labels defined in NotSameLabels. If NotSameLabels
486+
of Namespaces that do not have certain values for
487+
a set of label(s). To be selected a Namespace must
488+
have all of the labels defined in NotSameLabels,
489+
AND at least one of them must have different values
490+
than the subject of this policy. If NotSameLabels
499491
is empty then nothing is selected.
500492
items:
501493
type: string
502494
maxItems: 100
503495
type: array
504-
related:
505-
description: Related provides a mechanism for selecting
506-
namespaces relative to the subject pod. A value
507-
of "Self" matches the subject pod's namespace, while
508-
a value of "NotSelf" matches namespaces other than
509-
the subject pod's namespace.
510-
type: string
511496
sameLabels:
512497
description: SameLabels is used to select a set of
513498
Namespaces that share the same values for a set
514499
of labels. To be selected a Namespace must have
515-
all of the labels defined in SameLabels, and they
500+
all of the labels defined in SameLabels, AND they
516501
must all have the same value as the subject of this
517502
policy. If Samelabels is Empty then nothing is selected.
518503
items:
@@ -586,27 +571,22 @@ spec:
586571
x-kubernetes-map-type: atomic
587572
notSameLabels:
588573
description: NotSameLabels is used to select a
589-
set of Namespaces that do not have a set of
590-
label(s). To be selected a Namespace must have
591-
none of the labels defined in NotSameLabels.
592-
If NotSameLabels is empty then nothing is selected.
574+
set of Namespaces that do not have certain values
575+
for a set of label(s). To be selected a Namespace
576+
must have all of the labels defined in NotSameLabels,
577+
AND at least one of them must have different
578+
values than the subject of this policy. If NotSameLabels
579+
is empty then nothing is selected.
593580
items:
594581
type: string
595582
maxItems: 100
596583
type: array
597-
related:
598-
description: Related provides a mechanism for
599-
selecting namespaces relative to the subject
600-
pod. A value of "Self" matches the subject pod's
601-
namespace, while a value of "NotSelf" matches
602-
namespaces other than the subject pod's namespace.
603-
type: string
604584
sameLabels:
605585
description: SameLabels is used to select a set
606586
of Namespaces that share the same values for
607587
a set of labels. To be selected a Namespace
608588
must have all of the labels defined in SameLabels,
609-
and they must all have the same value as the
589+
AND they must all have the same value as the
610590
subject of this policy. If Samelabels is Empty
611591
then nothing is selected.
612592
items:

0 commit comments

Comments
 (0)