diff --git a/apis/v1alpha1/adminnetworkpolicy_types.go b/apis/v1alpha1/adminnetworkpolicy_types.go index 69994a1e..b5507206 100644 --- a/apis/v1alpha1/adminnetworkpolicy_types.go +++ b/apis/v1alpha1/adminnetworkpolicy_types.go @@ -128,7 +128,7 @@ type AdminNetworkPolicyIngressRule struct { Action AdminNetworkPolicyRuleAction `json:"action"` // From is the list of sources whose traffic this rule applies to. - // If any AdminNetworkPolicyPeer matches the source of incoming + // If any AdminNetworkPolicyIngressPeer matches the source of incoming // traffic then the specified action is applied. // This field must be defined and contain at least one item. // @@ -136,7 +136,7 @@ type AdminNetworkPolicyIngressRule struct { // // +kubebuilder:validation:MinItems=1 // +kubebuilder:validation:MaxItems=100 - From []AdminNetworkPolicyPeer `json:"from"` + From []AdminNetworkPolicyIngressPeer `json:"from"` // Ports allows for matching traffic based on port and protocols. // This field is a list of ports which should be matched on @@ -180,7 +180,7 @@ type AdminNetworkPolicyEgressRule struct { Action AdminNetworkPolicyRuleAction `json:"action"` // To is the List of destinations whose traffic this rule applies to. - // If any AdminNetworkPolicyPeer matches the destination of outgoing + // If any AdminNetworkPolicyEgressPeer matches the destination of outgoing // traffic then the specified action is applied. // This field must be defined and contain at least one item. // @@ -188,10 +188,10 @@ type AdminNetworkPolicyEgressRule struct { // // +kubebuilder:validation:MinItems=1 // +kubebuilder:validation:MaxItems=100 - To []AdminNetworkPolicyPeer `json:"to"` + To []AdminNetworkPolicyEgressPeer `json:"to"` // Ports allows for matching traffic based on port and protocols. - // This field is a list of destination ports for the outging egress traffic. + // This field is a list of destination ports for the outgoing egress traffic. // If Ports is not set then the rule does not filter traffic via port. // // Support: Core diff --git a/apis/v1alpha1/baselineadminnetworkpolicy_types.go b/apis/v1alpha1/baselineadminnetworkpolicy_types.go index bb27b4e4..91b032a2 100644 --- a/apis/v1alpha1/baselineadminnetworkpolicy_types.go +++ b/apis/v1alpha1/baselineadminnetworkpolicy_types.go @@ -112,7 +112,7 @@ type BaselineAdminNetworkPolicyIngressRule struct { Action BaselineAdminNetworkPolicyRuleAction `json:"action"` // From is the list of sources whose traffic this rule applies to. - // If any AdminNetworkPolicyPeer matches the source of incoming + // If any AdminNetworkPolicyIngressPeer matches the source of incoming // traffic then the specified action is applied. // This field must be defined and contain at least one item. // @@ -120,7 +120,7 @@ type BaselineAdminNetworkPolicyIngressRule struct { // // +kubebuilder:validation:MinItems=1 // +kubebuilder:validation:MaxItems=100 - From []AdminNetworkPolicyPeer `json:"from"` + From []AdminNetworkPolicyIngressPeer `json:"from"` // Ports allows for matching traffic based on port and protocols. // This field is a list of ports which should be matched on @@ -160,7 +160,7 @@ type BaselineAdminNetworkPolicyEgressRule struct { Action BaselineAdminNetworkPolicyRuleAction `json:"action"` // To is the list of destinations whose traffic this rule applies to. - // If any AdminNetworkPolicyPeer matches the destination of outgoing + // If any AdminNetworkPolicyEgressPeer matches the destination of outgoing // traffic then the specified action is applied. // This field must be defined and contain at least one item. // +kubebuilder:validation:MinItems=1 @@ -168,7 +168,7 @@ type BaselineAdminNetworkPolicyEgressRule struct { // // Support: Core // - To []AdminNetworkPolicyPeer `json:"to"` + To []AdminNetworkPolicyEgressPeer `json:"to"` // Ports allows for matching traffic based on port and protocols. // This field is a list of destination ports for the outging egress traffic. diff --git a/apis/v1alpha1/shared_types.go b/apis/v1alpha1/shared_types.go index 1947ded3..ba37b92c 100644 --- a/apis/v1alpha1/shared_types.go +++ b/apis/v1alpha1/shared_types.go @@ -120,13 +120,13 @@ type PortRange struct { End int32 `json:"end"` } -// AdminNetworkPolicyPeer defines an in-cluster peer to allow traffic to/from. +// AdminNetworkPolicyIngressPeer defines an in-cluster peer to allow traffic from. // Exactly one of the selector pointers must be set for a given peer. If a // consumer observes none of its fields are set, they must assume an unknown // option has been specified and fail closed. // +kubebuilder:validation:MaxProperties=1 // +kubebuilder:validation:MinProperties=1 -type AdminNetworkPolicyPeer struct { +type AdminNetworkPolicyIngressPeer struct { // Namespaces defines a way to select all pods within a set of Namespaces. // Note that host-networked pods are not included in this type of peer. // @@ -135,7 +135,7 @@ type AdminNetworkPolicyPeer struct { // +optional Namespaces *NamespacedPeer `json:"namespaces,omitempty"` // Pods defines a way to select a set of pods in - // in a set of namespaces. Note that host-networked pods + // a set of namespaces. Note that host-networked pods // are not included in this type of peer. // // Support: Core @@ -144,6 +144,39 @@ type AdminNetworkPolicyPeer struct { Pods *NamespacedPodPeer `json:"pods,omitempty"` } +// AdminNetworkPolicyEgressPeer defines a peer to allow traffic to. +// Exactly one of the selector pointers must be set for a given peer. If a +// consumer observes none of its fields are set, they must assume an unknown +// option has been specified and fail closed. +// +kubebuilder:validation:MaxProperties=1 +// +kubebuilder:validation:MinProperties=1 +type AdminNetworkPolicyEgressPeer struct { + // Namespaces defines a way to select all pods within a set of Namespaces. + // Note that host-networked pods are not included in this type of peer. + // + // Support: Core + // + // +optional + Namespaces *NamespacedPeer `json:"namespaces,omitempty"` + // Pods defines a way to select a set of pods in + // a set of namespaces. Note that host-networked pods + // are not included in this type of peer. + // + // Support: Core + // + // +optional + Pods *NamespacedPodPeer `json:"pods,omitempty"` + // Nodes defines a way to select a set of nodes in + // the cluster. This field follows standard label selector + // semantics; if present but empty, it selects all Nodes. + // + // Support: Extended + // + // + // +optional + Nodes *metav1.LabelSelector `json:"nodes,omitempty"` +} + // NamespacedPeer defines a flexible way to select Namespaces in a cluster. // Exactly one of the selectors must be set. If a consumer observes none of // its fields are set, they must assume an unknown option has been specified diff --git a/apis/v1alpha1/zz_generated.deepcopy.go b/apis/v1alpha1/zz_generated.deepcopy.go index 54f9008c..046a0d0c 100644 --- a/apis/v1alpha1/zz_generated.deepcopy.go +++ b/apis/v1alpha1/zz_generated.deepcopy.go @@ -53,12 +53,42 @@ func (in *AdminNetworkPolicy) DeepCopyObject() runtime.Object { return nil } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AdminNetworkPolicyEgressPeer) DeepCopyInto(out *AdminNetworkPolicyEgressPeer) { + *out = *in + if in.Namespaces != nil { + in, out := &in.Namespaces, &out.Namespaces + *out = new(NamespacedPeer) + (*in).DeepCopyInto(*out) + } + if in.Pods != nil { + in, out := &in.Pods, &out.Pods + *out = new(NamespacedPodPeer) + (*in).DeepCopyInto(*out) + } + if in.Nodes != nil { + in, out := &in.Nodes, &out.Nodes + *out = new(v1.LabelSelector) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AdminNetworkPolicyEgressPeer. +func (in *AdminNetworkPolicyEgressPeer) DeepCopy() *AdminNetworkPolicyEgressPeer { + if in == nil { + return nil + } + out := new(AdminNetworkPolicyEgressPeer) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *AdminNetworkPolicyEgressRule) DeepCopyInto(out *AdminNetworkPolicyEgressRule) { *out = *in if in.To != nil { in, out := &in.To, &out.To - *out = make([]AdminNetworkPolicyPeer, len(*in)) + *out = make([]AdminNetworkPolicyEgressPeer, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } @@ -86,12 +116,37 @@ func (in *AdminNetworkPolicyEgressRule) DeepCopy() *AdminNetworkPolicyEgressRule return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AdminNetworkPolicyIngressPeer) DeepCopyInto(out *AdminNetworkPolicyIngressPeer) { + *out = *in + if in.Namespaces != nil { + in, out := &in.Namespaces, &out.Namespaces + *out = new(NamespacedPeer) + (*in).DeepCopyInto(*out) + } + if in.Pods != nil { + in, out := &in.Pods, &out.Pods + *out = new(NamespacedPodPeer) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AdminNetworkPolicyIngressPeer. +func (in *AdminNetworkPolicyIngressPeer) DeepCopy() *AdminNetworkPolicyIngressPeer { + if in == nil { + return nil + } + out := new(AdminNetworkPolicyIngressPeer) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *AdminNetworkPolicyIngressRule) DeepCopyInto(out *AdminNetworkPolicyIngressRule) { *out = *in if in.From != nil { in, out := &in.From, &out.From - *out = make([]AdminNetworkPolicyPeer, len(*in)) + *out = make([]AdminNetworkPolicyIngressPeer, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } @@ -151,31 +206,6 @@ func (in *AdminNetworkPolicyList) DeepCopyObject() runtime.Object { return nil } -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *AdminNetworkPolicyPeer) DeepCopyInto(out *AdminNetworkPolicyPeer) { - *out = *in - if in.Namespaces != nil { - in, out := &in.Namespaces, &out.Namespaces - *out = new(NamespacedPeer) - (*in).DeepCopyInto(*out) - } - if in.Pods != nil { - in, out := &in.Pods, &out.Pods - *out = new(NamespacedPodPeer) - (*in).DeepCopyInto(*out) - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AdminNetworkPolicyPeer. -func (in *AdminNetworkPolicyPeer) DeepCopy() *AdminNetworkPolicyPeer { - if in == nil { - return nil - } - out := new(AdminNetworkPolicyPeer) - in.DeepCopyInto(out) - return out -} - // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *AdminNetworkPolicyPort) DeepCopyInto(out *AdminNetworkPolicyPort) { *out = *in @@ -315,7 +345,7 @@ func (in *BaselineAdminNetworkPolicyEgressRule) DeepCopyInto(out *BaselineAdminN *out = *in if in.To != nil { in, out := &in.To, &out.To - *out = make([]AdminNetworkPolicyPeer, len(*in)) + *out = make([]AdminNetworkPolicyEgressPeer, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } @@ -348,7 +378,7 @@ func (in *BaselineAdminNetworkPolicyIngressRule) DeepCopyInto(out *BaselineAdmin *out = *in if in.From != nil { in, out := &in.From, &out.From - *out = make([]AdminNetworkPolicyPeer, len(*in)) + *out = make([]AdminNetworkPolicyIngressPeer, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } diff --git a/config/crd/experimental/policy.networking.k8s.io_adminnetworkpolicies.yaml b/config/crd/experimental/policy.networking.k8s.io_adminnetworkpolicies.yaml index af43fc4d..02783398 100644 --- a/config/crd/experimental/policy.networking.k8s.io_adminnetworkpolicies.yaml +++ b/config/crd/experimental/policy.networking.k8s.io_adminnetworkpolicies.yaml @@ -82,8 +82,8 @@ spec: ports: description: "Ports allows for matching traffic based on port and protocols. This field is a list of destination ports for - the outging egress traffic. If Ports is not set then the rule - does not filter traffic via port. \n Support: Core" + the outgoing egress traffic. If Ports is not set then the + rule does not filter traffic via port. \n Support: Core" items: description: AdminNetworkPolicyPort describes how to select network ports on pod(s). Exactly one field must be set. @@ -151,16 +151,16 @@ spec: type: array to: description: "To is the List of destinations whose traffic this - rule applies to. If any AdminNetworkPolicyPeer matches the - destination of outgoing traffic then the specified action + rule applies to. If any AdminNetworkPolicyEgressPeer matches + the destination of outgoing traffic then the specified action is applied. This field must be defined and contain at least one item. \n Support: Core" items: - description: AdminNetworkPolicyPeer defines an in-cluster - peer to allow traffic to/from. Exactly one of the selector - pointers must be set for a given peer. If a consumer observes - none of its fields are set, they must assume an unknown - option has been specified and fail closed. + description: AdminNetworkPolicyEgressPeer defines a peer to + allow traffic to. Exactly one of the selector pointers must + be set for a given peer. If a consumer observes none of + its fields are set, they must assume an unknown option has + been specified and fail closed. maxProperties: 1 minProperties: 1 properties: @@ -249,11 +249,59 @@ spec: maxItems: 100 type: array type: object + nodes: + description: "Nodes defines a way to select a set of nodes + in the cluster. This field follows standard label selector + semantics; if present but empty, it selects all Nodes. + \n Support: Extended \n " + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator is + Exists or DoesNotExist, the values array must + be empty. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic pods: description: "Pods defines a way to select a set of pods - in in a set of namespaces. Note that host-networked - pods are not included in this type of peer. \n Support: - Core" + in a set of namespaces. Note that host-networked pods + are not included in this type of peer. \n Support: Core" properties: namespaces: description: "Namespaces is used to select a set of @@ -435,13 +483,13 @@ spec: type: string from: description: "From is the list of sources whose traffic this - rule applies to. If any AdminNetworkPolicyPeer matches the - source of incoming traffic then the specified action is applied. - This field must be defined and contain at least one item. - \n Support: Core" + rule applies to. If any AdminNetworkPolicyIngressPeer matches + the source of incoming traffic then the specified action is + applied. This field must be defined and contain at least one + item. \n Support: Core" items: - description: AdminNetworkPolicyPeer defines an in-cluster - peer to allow traffic to/from. Exactly one of the selector + description: AdminNetworkPolicyIngressPeer defines an in-cluster + peer to allow traffic from. Exactly one of the selector pointers must be set for a given peer. If a consumer observes none of its fields are set, they must assume an unknown option has been specified and fail closed. @@ -535,9 +583,8 @@ spec: type: object pods: description: "Pods defines a way to select a set of pods - in in a set of namespaces. Note that host-networked - pods are not included in this type of peer. \n Support: - Core" + in a set of namespaces. Note that host-networked pods + are not included in this type of peer. \n Support: Core" properties: namespaces: description: "Namespaces is used to select a set of diff --git a/config/crd/experimental/policy.networking.k8s.io_baselineadminnetworkpolicies.yaml b/config/crd/experimental/policy.networking.k8s.io_baselineadminnetworkpolicies.yaml index dc7e62c6..59f22026 100644 --- a/config/crd/experimental/policy.networking.k8s.io_baselineadminnetworkpolicies.yaml +++ b/config/crd/experimental/policy.networking.k8s.io_baselineadminnetworkpolicies.yaml @@ -143,16 +143,16 @@ spec: type: array to: description: "To is the list of destinations whose traffic this - rule applies to. If any AdminNetworkPolicyPeer matches the - destination of outgoing traffic then the specified action + rule applies to. If any AdminNetworkPolicyEgressPeer matches + the destination of outgoing traffic then the specified action is applied. This field must be defined and contain at least one item. \n Support: Core" items: - description: AdminNetworkPolicyPeer defines an in-cluster - peer to allow traffic to/from. Exactly one of the selector - pointers must be set for a given peer. If a consumer observes - none of its fields are set, they must assume an unknown - option has been specified and fail closed. + description: AdminNetworkPolicyEgressPeer defines a peer to + allow traffic to. Exactly one of the selector pointers must + be set for a given peer. If a consumer observes none of + its fields are set, they must assume an unknown option has + been specified and fail closed. maxProperties: 1 minProperties: 1 properties: @@ -241,11 +241,59 @@ spec: maxItems: 100 type: array type: object + nodes: + description: "Nodes defines a way to select a set of nodes + in the cluster. This field follows standard label selector + semantics; if present but empty, it selects all Nodes. + \n Support: Extended \n " + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator is + Exists or DoesNotExist, the values array must + be empty. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic pods: description: "Pods defines a way to select a set of pods - in in a set of namespaces. Note that host-networked - pods are not included in this type of peer. \n Support: - Core" + in a set of namespaces. Note that host-networked pods + are not included in this type of peer. \n Support: Core" properties: namespaces: description: "Namespaces is used to select a set of @@ -422,13 +470,13 @@ spec: type: string from: description: "From is the list of sources whose traffic this - rule applies to. If any AdminNetworkPolicyPeer matches the - source of incoming traffic then the specified action is applied. - This field must be defined and contain at least one item. - \n Support: Core" + rule applies to. If any AdminNetworkPolicyIngressPeer matches + the source of incoming traffic then the specified action is + applied. This field must be defined and contain at least one + item. \n Support: Core" items: - description: AdminNetworkPolicyPeer defines an in-cluster - peer to allow traffic to/from. Exactly one of the selector + description: AdminNetworkPolicyIngressPeer defines an in-cluster + peer to allow traffic from. Exactly one of the selector pointers must be set for a given peer. If a consumer observes none of its fields are set, they must assume an unknown option has been specified and fail closed. @@ -522,9 +570,8 @@ spec: type: object pods: description: "Pods defines a way to select a set of pods - in in a set of namespaces. Note that host-networked - pods are not included in this type of peer. \n Support: - Core" + in a set of namespaces. Note that host-networked pods + are not included in this type of peer. \n Support: Core" properties: namespaces: description: "Namespaces is used to select a set of diff --git a/config/crd/standard/policy.networking.k8s.io_adminnetworkpolicies.yaml b/config/crd/standard/policy.networking.k8s.io_adminnetworkpolicies.yaml index 7b4d71b6..9ea038a5 100644 --- a/config/crd/standard/policy.networking.k8s.io_adminnetworkpolicies.yaml +++ b/config/crd/standard/policy.networking.k8s.io_adminnetworkpolicies.yaml @@ -82,8 +82,8 @@ spec: ports: description: "Ports allows for matching traffic based on port and protocols. This field is a list of destination ports for - the outging egress traffic. If Ports is not set then the rule - does not filter traffic via port. \n Support: Core" + the outgoing egress traffic. If Ports is not set then the + rule does not filter traffic via port. \n Support: Core" items: description: AdminNetworkPolicyPort describes how to select network ports on pod(s). Exactly one field must be set. @@ -147,16 +147,16 @@ spec: type: array to: description: "To is the List of destinations whose traffic this - rule applies to. If any AdminNetworkPolicyPeer matches the - destination of outgoing traffic then the specified action + rule applies to. If any AdminNetworkPolicyEgressPeer matches + the destination of outgoing traffic then the specified action is applied. This field must be defined and contain at least one item. \n Support: Core" items: - description: AdminNetworkPolicyPeer defines an in-cluster - peer to allow traffic to/from. Exactly one of the selector - pointers must be set for a given peer. If a consumer observes - none of its fields are set, they must assume an unknown - option has been specified and fail closed. + description: AdminNetworkPolicyEgressPeer defines a peer to + allow traffic to. Exactly one of the selector pointers must + be set for a given peer. If a consumer observes none of + its fields are set, they must assume an unknown option has + been specified and fail closed. maxProperties: 1 minProperties: 1 properties: @@ -222,9 +222,8 @@ spec: type: object pods: description: "Pods defines a way to select a set of pods - in in a set of namespaces. Note that host-networked - pods are not included in this type of peer. \n Support: - Core" + in a set of namespaces. Note that host-networked pods + are not included in this type of peer. \n Support: Core" properties: namespaces: description: "Namespaces is used to select a set of @@ -380,13 +379,13 @@ spec: type: string from: description: "From is the list of sources whose traffic this - rule applies to. If any AdminNetworkPolicyPeer matches the - source of incoming traffic then the specified action is applied. - This field must be defined and contain at least one item. - \n Support: Core" + rule applies to. If any AdminNetworkPolicyIngressPeer matches + the source of incoming traffic then the specified action is + applied. This field must be defined and contain at least one + item. \n Support: Core" items: - description: AdminNetworkPolicyPeer defines an in-cluster - peer to allow traffic to/from. Exactly one of the selector + description: AdminNetworkPolicyIngressPeer defines an in-cluster + peer to allow traffic from. Exactly one of the selector pointers must be set for a given peer. If a consumer observes none of its fields are set, they must assume an unknown option has been specified and fail closed. @@ -455,9 +454,8 @@ spec: type: object pods: description: "Pods defines a way to select a set of pods - in in a set of namespaces. Note that host-networked - pods are not included in this type of peer. \n Support: - Core" + in a set of namespaces. Note that host-networked pods + are not included in this type of peer. \n Support: Core" properties: namespaces: description: "Namespaces is used to select a set of diff --git a/config/crd/standard/policy.networking.k8s.io_baselineadminnetworkpolicies.yaml b/config/crd/standard/policy.networking.k8s.io_baselineadminnetworkpolicies.yaml index 0d4cf5f5..ecc2d2bb 100644 --- a/config/crd/standard/policy.networking.k8s.io_baselineadminnetworkpolicies.yaml +++ b/config/crd/standard/policy.networking.k8s.io_baselineadminnetworkpolicies.yaml @@ -139,16 +139,16 @@ spec: type: array to: description: "To is the list of destinations whose traffic this - rule applies to. If any AdminNetworkPolicyPeer matches the - destination of outgoing traffic then the specified action + rule applies to. If any AdminNetworkPolicyEgressPeer matches + the destination of outgoing traffic then the specified action is applied. This field must be defined and contain at least one item. \n Support: Core" items: - description: AdminNetworkPolicyPeer defines an in-cluster - peer to allow traffic to/from. Exactly one of the selector - pointers must be set for a given peer. If a consumer observes - none of its fields are set, they must assume an unknown - option has been specified and fail closed. + description: AdminNetworkPolicyEgressPeer defines a peer to + allow traffic to. Exactly one of the selector pointers must + be set for a given peer. If a consumer observes none of + its fields are set, they must assume an unknown option has + been specified and fail closed. maxProperties: 1 minProperties: 1 properties: @@ -214,9 +214,8 @@ spec: type: object pods: description: "Pods defines a way to select a set of pods - in in a set of namespaces. Note that host-networked - pods are not included in this type of peer. \n Support: - Core" + in a set of namespaces. Note that host-networked pods + are not included in this type of peer. \n Support: Core" properties: namespaces: description: "Namespaces is used to select a set of @@ -367,13 +366,13 @@ spec: type: string from: description: "From is the list of sources whose traffic this - rule applies to. If any AdminNetworkPolicyPeer matches the - source of incoming traffic then the specified action is applied. - This field must be defined and contain at least one item. - \n Support: Core" + rule applies to. If any AdminNetworkPolicyIngressPeer matches + the source of incoming traffic then the specified action is + applied. This field must be defined and contain at least one + item. \n Support: Core" items: - description: AdminNetworkPolicyPeer defines an in-cluster - peer to allow traffic to/from. Exactly one of the selector + description: AdminNetworkPolicyIngressPeer defines an in-cluster + peer to allow traffic from. Exactly one of the selector pointers must be set for a given peer. If a consumer observes none of its fields are set, they must assume an unknown option has been specified and fail closed. @@ -442,9 +441,8 @@ spec: type: object pods: description: "Pods defines a way to select a set of pods - in in a set of namespaces. Note that host-networked - pods are not included in this type of peer. \n Support: - Core" + in a set of namespaces. Note that host-networked pods + are not included in this type of peer. \n Support: Core" properties: namespaces: description: "Namespaces is used to select a set of