Merge pull request #96 from tssurya/clarify-port-definition

k8s-ci-robot · web-flow · commit 2cc1bfb10603 · 2023-05-19T09:30:30.000-07:00
Clarify what the Ports field means
diff --git a/apis/v1alpha1/adminnetworkpolicy_types.go b/apis/v1alpha1/adminnetworkpolicy_types.go
@@ -119,6 +119,9 @@ type AdminNetworkPolicyIngressRule struct {
 	From []AdminNetworkPolicyPeer `json:"from"`
 
 	// Ports allows for matching traffic based on port and protocols.
+	// This field is a list of ports which should be matched on
+	// the pods selected for this policy i.e the subject of the policy.
+	// So it matches on the destination port for the ingress traffic.
 	// If Ports is not set then the rule does not filter traffic via port.
 	// +optional
 	// +kubebuilder:validation:MaxItems=100
@@ -156,6 +159,7 @@ type AdminNetworkPolicyEgressRule struct {
 	To []AdminNetworkPolicyPeer `json:"to"`
 
 	// Ports allows for matching traffic based on port and protocols.
+	// This field is a list of destination ports for the outging egress traffic.
 	// If Ports is not set then the rule does not filter traffic via port.
 	// +optional
 	// +kubebuilder:validation:MaxItems=100
diff --git a/apis/v1alpha1/baselineadminnetworkpolicy_types.go b/apis/v1alpha1/baselineadminnetworkpolicy_types.go
@@ -105,6 +105,9 @@ type BaselineAdminNetworkPolicyIngressRule struct {
 	From []AdminNetworkPolicyPeer `json:"from"`
 
 	// Ports allows for matching traffic based on port and protocols.
+	// This field is a list of ports which should be matched on
+	// the pods selected for this policy i.e the subject of the policy.
+	// So it matches on the destination port for the ingress traffic.
 	// If Ports is not set then the rule does not filter traffic via port.
 	// +optional
 	// +kubebuilder:validation:MaxItems=100
@@ -137,6 +140,7 @@ type BaselineAdminNetworkPolicyEgressRule struct {
 	To []AdminNetworkPolicyPeer `json:"to"`
 
 	// Ports allows for matching traffic based on port and protocols.
+	// This field is a list of destination ports for the outging egress traffic.
 	// If Ports is not set then the rule does not filter traffic via port.
 	// +optional
 	// +kubebuilder:validation:MaxItems=100
diff --git a/config/crd/bases/policy.networking.k8s.io_adminnetworkpolicies.yaml b/config/crd/bases/policy.networking.k8s.io_adminnetworkpolicies.yaml
@@ -79,8 +79,9 @@ spec:
                       type: string
                     ports:
                       description: Ports allows for matching traffic based on port
-                        and protocols. If Ports is not set then the rule does not
-                        filter traffic via port.
+                        and protocols. This field is a list of destination ports for
+                        the outging egress traffic. If Ports is not set then the rule
+                        does not filter traffic via port.
                       items:
                         description: AdminNetworkPolicyPort describes how to select
                           network ports on pod(s). Exactly one field must be set.
@@ -670,7 +671,10 @@ spec:
                       type: string
                     ports:
                       description: Ports allows for matching traffic based on port
-                        and protocols. If Ports is not set then the rule does not
+                        and protocols. This field is a list of ports which should
+                        be matched on the pods selected for this policy i.e the subject
+                        of the policy. So it matches on the destination port for the
+                        ingress traffic. If Ports is not set then the rule does not
                         filter traffic via port.
                       items:
                         description: AdminNetworkPolicyPort describes how to select
diff --git a/config/crd/bases/policy.networking.k8s.io_baselineadminnetworkpolicies.yaml b/config/crd/bases/policy.networking.k8s.io_baselineadminnetworkpolicies.yaml
@@ -72,8 +72,9 @@ spec:
                       type: string
                     ports:
                       description: Ports allows for matching traffic based on port
-                        and protocols. If Ports is not set then the rule does not
-                        filter traffic via port.
+                        and protocols. This field is a list of destination ports for
+                        the outging egress traffic. If Ports is not set then the rule
+                        does not filter traffic via port.
                       items:
                         description: AdminNetworkPolicyPort describes how to select
                           network ports on pod(s). Exactly one field must be set.
@@ -657,7 +658,10 @@ spec:
                       type: string
                     ports:
                       description: Ports allows for matching traffic based on port
-                        and protocols. If Ports is not set then the rule does not
+                        and protocols. This field is a list of ports which should
+                        be matched on the pods selected for this policy i.e the subject
+                        of the policy. So it matches on the destination port for the
+                        ingress traffic. If Ports is not set then the rule does not
                         filter traffic via port.
                       items:
                         description: AdminNetworkPolicyPort describes how to select
