Skip to content

Update CRDs #4548

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
caseydavenport wants to merge 1 commit into from
Closed

Update CRDs #4548

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
15 changes: 15 additions & 0 deletions ...imports/crds/calico/v1.crd.projectcalico.org/crd.projectcalico.org_bgpconfigurations.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -139,6 +139,21 @@ spec:
type: array
x-kubernetes-list-type: set
type: object
x-kubernetes-validations:
- message:
nodeMeshPassword cannot be set when nodeToNodeMeshEnabled is
false
reason: FieldValueForbidden
rule:
"!has(self.nodeMeshPassword) || !has(self.nodeToNodeMeshEnabled)
|| self.nodeToNodeMeshEnabled == true"
- message:
nodeMeshMaxRestartTime cannot be set when nodeToNodeMeshEnabled
is false
reason: FieldValueForbidden
rule:
"!has(self.nodeMeshMaxRestartTime) || !has(self.nodeToNodeMeshEnabled)
|| self.nodeToNodeMeshEnabled == true"
type: object
served: true
storage: true
48 changes: 48 additions & 0 deletions pkg/imports/crds/calico/v1.crd.projectcalico.org/crd.projectcalico.org_bgpfilters.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,7 @@ spec:
type: string
cidr:
format: cidr
maxLength: 18
type: string
interface:
type: string
Expand Down Expand Up @@ -68,6 +69,17 @@ spec:
- action
type: object
x-kubernetes-map-type: atomic
x-kubernetes-validations:
- message: cidr and matchOperator must both be set or both be empty
reason: FieldValueInvalid
rule:
(has(self.cidr) && size(self.cidr) > 0) == (has(self.matchOperator)
&& size(self.matchOperator) > 0)
- message: cidr is required when prefixLength is set
reason: FieldValueInvalid
rule:
"!has(self.prefixLength) || (has(self.cidr) && size(self.cidr)
> 0)"
type: array
exportV6:
items:
Expand All @@ -79,6 +91,7 @@ spec:
type: string
cidr:
format: cidr
maxLength: 43
type: string
interface:
type: string
Expand Down Expand Up @@ -111,6 +124,17 @@ spec:
- action
type: object
x-kubernetes-map-type: atomic
x-kubernetes-validations:
- message: cidr and matchOperator must both be set or both be empty
reason: FieldValueInvalid
rule:
(has(self.cidr) && size(self.cidr) > 0) == (has(self.matchOperator)
&& size(self.matchOperator) > 0)
- message: cidr is required when prefixLength is set
reason: FieldValueInvalid
rule:
"!has(self.prefixLength) || (has(self.cidr) && size(self.cidr)
> 0)"
type: array
importV4:
items:
Expand All @@ -122,6 +146,7 @@ spec:
type: string
cidr:
format: cidr
maxLength: 18
type: string
interface:
type: string
Expand Down Expand Up @@ -154,6 +179,17 @@ spec:
- action
type: object
x-kubernetes-map-type: atomic
x-kubernetes-validations:
- message: cidr and matchOperator must both be set or both be empty
reason: FieldValueInvalid
rule:
(has(self.cidr) && size(self.cidr) > 0) == (has(self.matchOperator)
&& size(self.matchOperator) > 0)
- message: cidr is required when prefixLength is set
reason: FieldValueInvalid
rule:
"!has(self.prefixLength) || (has(self.cidr) && size(self.cidr)
> 0)"
type: array
importV6:
items:
Expand All @@ -165,6 +201,7 @@ spec:
type: string
cidr:
format: cidr
maxLength: 43
type: string
interface:
type: string
Expand Down Expand Up @@ -197,6 +234,17 @@ spec:
- action
type: object
x-kubernetes-map-type: atomic
x-kubernetes-validations:
- message: cidr and matchOperator must both be set or both be empty
reason: FieldValueInvalid
rule:
(has(self.cidr) && size(self.cidr) > 0) == (has(self.matchOperator)
&& size(self.matchOperator) > 0)
- message: cidr is required when prefixLength is set
reason: FieldValueInvalid
rule:
"!has(self.prefixLength) || (has(self.cidr) && size(self.cidr)
> 0)"
type: array
type: object
type: object
Expand Down
36 changes: 36 additions & 0 deletions pkg/imports/crds/calico/v1.crd.projectcalico.org/crd.projectcalico.org_bgppeers.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,7 @@ spec:
format: int32
type: integer
localWorkloadSelector:
maxLength: 4096
type: string
maxRestartTime:
type: string
Expand All @@ -51,8 +52,10 @@ spec:
- Keep
type: string
node:
maxLength: 253
type: string
nodeSelector:
maxLength: 4096
type: string
numAllowedLocalASNumbers:
format: int32
Expand All @@ -74,8 +77,10 @@ spec:
x-kubernetes-map-type: atomic
type: object
peerIP:
maxLength: 64
type: string
peerSelector:
maxLength: 4096
type: string
reachableBy:
type: string
Expand All @@ -96,6 +101,37 @@ spec:
ttlSecurity:
type: integer
type: object
x-kubernetes-validations:
- message: node and nodeSelector cannot both be set
reason: FieldValueForbidden
rule:
(!has(self.node) || size(self.node) == 0) || (!has(self.nodeSelector)
|| size(self.nodeSelector) == 0)
- message: peerIP and peerSelector cannot both be set
reason: FieldValueForbidden
rule:
(!has(self.peerIP) || size(self.peerIP) == 0) || (!has(self.peerSelector)
|| size(self.peerSelector) == 0)
- message: asNumber must be empty when peerSelector is set
reason: FieldValueForbidden
rule:
(!has(self.peerSelector) || size(self.peerSelector) == 0) || !has(self.asNumber)
|| self.asNumber == 0
- message: peerIP must be empty when localWorkloadSelector is set
reason: FieldValueForbidden
rule:
(!has(self.localWorkloadSelector) || size(self.localWorkloadSelector)
== 0) || (!has(self.peerIP) || size(self.peerIP) == 0)
- message: peerSelector must be empty when localWorkloadSelector is set
reason: FieldValueForbidden
rule:
(!has(self.localWorkloadSelector) || size(self.localWorkloadSelector)
== 0) || (!has(self.peerSelector) || size(self.peerSelector) == 0)
- message: asNumber is required when localWorkloadSelector is set
reason: FieldValueInvalid
rule:
(!has(self.localWorkloadSelector) || size(self.localWorkloadSelector)
== 0) || (has(self.asNumber) && self.asNumber != 0)
type: object
served: true
storage: true
4 changes: 4 additions & 0 deletions ...ports/crds/calico/v1.crd.projectcalico.org/crd.projectcalico.org_felixconfigurations.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1354,6 +1354,10 @@ spec:
pattern: ^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$
type: string
type: object
x-kubernetes-validations:
- message: routeTableRange and routeTableRanges cannot both be set
reason: FieldValueForbidden
rule: "!has(self.routeTableRange) || !has(self.routeTableRanges)"
type: object
served: true
storage: true
87 changes: 83 additions & 4 deletions ...rts/crds/calico/v1.crd.projectcalico.org/crd.projectcalico.org_globalnetworkpolicies.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -96,15 +96,19 @@ spec:
methods:
items:
type: string
maxItems: 20
type: array
paths:
items:
properties:
exact:
maxLength: 1024
type: string
prefix:
maxLength: 1024
type: string
type: object
maxItems: 20
type: array
type: object
icmp:
Expand All @@ -114,10 +118,14 @@ spec:
minimum: 0
type: integer
type:
maximum: 255
maximum: 254
minimum: 0
type: integer
type: object
x-kubernetes-validations:
- message: ICMP code specified without an ICMP type
reason: FieldValueInvalid
rule: "!has(self.code) || has(self.type)"
ipVersion:
enum:
- 4
Expand All @@ -137,10 +145,14 @@ spec:
minimum: 0
type: integer
type:
maximum: 255
maximum: 254
minimum: 0
type: integer
type: object
x-kubernetes-validations:
- message: ICMP code specified without an ICMP type
reason: FieldValueInvalid
rule: "!has(self.code) || has(self.type)"
notProtocol:
anyOf:
- type: integer
Expand Down Expand Up @@ -207,6 +219,22 @@ spec:
required:
- action
type: object
x-kubernetes-validations:
- message: rules with HTTP match must have protocol TCP or unset
reason: FieldValueInvalid
rule:
"!has(self.http) || !has(self.protocol) || self.protocol
== 'TCP' || self.protocol == 6"
- message: HTTP match is only valid on Allow rules
reason: FieldValueForbidden
rule: self.action == 'Allow' || !has(self.http)
- message: ports and notPorts cannot be specified with services
reason: FieldValueForbidden
rule:
"!has(self.destination) || !has(self.destination.services)
|| (!has(self.destination.ports) || size(self.destination.ports)
== 0) && (!has(self.destination.notPorts) || size(self.destination.notPorts)
== 0)"
type: array
ingress:
items:
Expand Down Expand Up @@ -274,15 +302,19 @@ spec:
methods:
items:
type: string
maxItems: 20
type: array
paths:
items:
properties:
exact:
maxLength: 1024
type: string
prefix:
maxLength: 1024
type: string
type: object
maxItems: 20
type: array
type: object
icmp:
Expand All @@ -292,10 +324,14 @@ spec:
minimum: 0
type: integer
type:
maximum: 255
maximum: 254
minimum: 0
type: integer
type: object
x-kubernetes-validations:
- message: ICMP code specified without an ICMP type
reason: FieldValueInvalid
rule: "!has(self.code) || has(self.type)"
ipVersion:
enum:
- 4
Expand All @@ -315,10 +351,14 @@ spec:
minimum: 0
type: integer
type:
maximum: 255
maximum: 254
minimum: 0
type: integer
type: object
x-kubernetes-validations:
- message: ICMP code specified without an ICMP type
reason: FieldValueInvalid
rule: "!has(self.code) || has(self.type)"
notProtocol:
anyOf:
- type: integer
Expand Down Expand Up @@ -385,6 +425,22 @@ spec:
required:
- action
type: object
x-kubernetes-validations:
- message: rules with HTTP match must have protocol TCP or unset
reason: FieldValueInvalid
rule:
"!has(self.http) || !has(self.protocol) || self.protocol
== 'TCP' || self.protocol == 6"
- message: HTTP match is only valid on Allow rules
reason: FieldValueForbidden
rule: self.action == 'Allow' || !has(self.http)
- message: ports and notPorts cannot be specified with services
reason: FieldValueForbidden
rule:
"!has(self.destination) || !has(self.destination.services)
|| (!has(self.destination.ports) || size(self.destination.ports)
== 0) && (!has(self.destination.notPorts) || size(self.destination.notPorts)
== 0)"
type: array
namespaceSelector:
type: string
Expand Down Expand Up @@ -416,6 +472,29 @@ spec:
type: array
x-kubernetes-list-type: set
type: object
x-kubernetes-validations:
- message: preDNAT and doNotTrack cannot both be true
reason: FieldValueForbidden
rule:
"!((has(self.doNotTrack) && self.doNotTrack) && (has(self.preDNAT)
&& self.preDNAT))"
- message: preDNAT policy cannot have any egress rules
reason: FieldValueForbidden
rule:
(!has(self.preDNAT) || !self.preDNAT) || !has(self.egress) ||
size(self.egress) == 0
- message: preDNAT policy cannot have 'Egress' type
reason: FieldValueForbidden
rule:
(!has(self.preDNAT) || !self.preDNAT) || !has(self.types) || !self.types.exists(t,
t == 'Egress')
- message:
applyOnForward must be true if either preDNAT or doNotTrack
is true
reason: FieldValueInvalid
rule:
(has(self.applyOnForward) && self.applyOnForward) || ((!has(self.doNotTrack)
|| !self.doNotTrack) && (!has(self.preDNAT) || !self.preDNAT))
type: object
served: true
storage: true
Loading
Loading