diff --git a/Makefile b/Makefile index 67ef4221bf3..f15f3b5beff 100644 --- a/Makefile +++ b/Makefile @@ -27,6 +27,7 @@ $(call add-crd-gen,operator-alpha,./operator/v1alpha1,./operator/v1alpha1,./oper $(call add-crd-gen,quota,./quota/v1,./quota/v1,./quota/v1) $(call add-crd-gen,samples,./samples/v1,./samples/v1,./samples/v1) $(call add-crd-gen,security,./security/v1,./security/v1,./security/v1) +$(call add-crd-gen,network,./network/v1,./network/v1,./network/v1) RUNTIME ?= podman RUNTIME_IMAGE_NAME ?= openshift-api-generator diff --git a/network/v1/001-clusternetwork-crd.yaml b/network/v1/001-clusternetwork-crd.yaml new file mode 100644 index 00000000000..175f265991f --- /dev/null +++ b/network/v1/001-clusternetwork-crd.yaml @@ -0,0 +1,134 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + creationTimestamp: null + name: clusternetworks.network.openshift.io +spec: + group: network.openshift.io + names: + kind: ClusterNetwork + listKind: ClusterNetworkList + plural: clusternetworks + singular: clusternetwork + scope: Cluster + validation: + # As compared to ValidateClusterNetwork, this does not validate that: + # - the hostSubnetLengths are valid for their CIDRs + # - the cluster/service networks do not overlap + # - .network and .hostsubnetlength are set if name == 'default' + # - .network and .hostsubnetlength are either unset, or equal to + # .clusterNetworks[0].CIDR and .clusterNetworks[0].hostSubnetLength + openAPIV3Schema: + description: ClusterNetwork describes the cluster network. There is normally + only one object of this type, named "default", which is created by the SDN + network plugin based on the master configuration when the cluster is brought + up for the first time. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + clusterNetworks: + description: ClusterNetworks is a list of ClusterNetwork objects that defines + the global overlay network's L3 space by specifying a set of CIDR and + netmasks that the SDN can allocate addresses from. + items: + description: ClusterNetworkEntry defines an individual cluster network. + The CIDRs cannot overlap with other cluster network CIDRs, CIDRs reserved + for external ips, CIDRs reserved for service networks, and CIDRs reserved + for ingress ips. + properties: + CIDR: + description: CIDR defines the total range of a cluster networks address + space. + type: string + pattern: '^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])/([0-9]|[12][0-9]|3[0-2])$' + hostSubnetLength: + description: HostSubnetLength is the number of bits of the accompanying + CIDR address to allocate to each node. eg, 8 would mean that each + node would have a /24 slice of the overlay network for its pods. + format: int32 + type: integer + minimum: 2 + maximum: 30 + required: + - CIDR + - hostSubnetLength + type: object + type: array + hostsubnetlength: + description: HostSubnetLength is the number of bits of network to allocate + to each node. eg, 8 would mean that each node would have a /24 slice of + the overlay network for its pods + format: int32 + type: integer + minimum: 2 + maximum: 30 + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + mtu: + description: MTU is the MTU for the overlay network. This should be 50 less + than the MTU of the network connecting the nodes. It is normally autodetected + by the cluster network operator. + format: int32 + type: integer + minimum: 576 + maximum: 65536 + network: + description: Network is a CIDR string specifying the global overlay network's + L3 space + type: string + pattern: '^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])/([0-9]|[12][0-9]|3[0-2])$' + pluginName: + description: PluginName is the name of the network plugin being used + type: string + serviceNetwork: + description: ServiceNetwork is the CIDR range that Service IP addresses + are allocated from + type: string + pattern: '^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])/([0-9]|[12][0-9]|3[0-2])$' + vxlanPort: + description: VXLANPort sets the VXLAN destination port used by the cluster. + It is set by the master configuration file on startup and cannot be edited + manually. Valid values for VXLANPort are integers 1-65535 inclusive and + if unset defaults to 4789. Changing VXLANPort allows users to resolve + issues between openshift SDN and other software trying to use the same + VXLAN destination port. + format: int32 + type: integer + minimum: 1 + maximum: 65535 + required: + - clusterNetworks + - serviceNetwork + type: object + additionalPrinterColumns: + - name: Cluster Network + type: string + description: The primary cluster network CIDR + JSONPath: .network + - name: Service Network + type: string + description: The service network CIDR + JSONPath: .serviceNetwork + - name: Plugin Name + type: string + description: The OpenShift SDN network plug-in in use + JSONPath: .pluginName + version: v1 + versions: + - name: v1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/network/v1/002-hostsubnet-crd.yaml b/network/v1/002-hostsubnet-crd.yaml new file mode 100644 index 00000000000..aec27e5c2e5 --- /dev/null +++ b/network/v1/002-hostsubnet-crd.yaml @@ -0,0 +1,104 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + creationTimestamp: null + name: hostsubnets.network.openshift.io +spec: + group: network.openshift.io + names: + kind: HostSubnet + listKind: HostSubnetList + plural: hostsubnets + singular: hostsubnet + scope: Cluster + validation: + # As compared to ValidateHostSubnet, this does not validate that: + # - .host == .name + # - either .subnet is set or the assign-subnet annotation is present + # As compared to ValidateHostSubnetUpdate, this does not validate that: + # - .subnet is not changed on an existing object + openAPIV3Schema: + description: HostSubnet describes the container subnet network on a node. The + HostSubnet object must have the same name as the Node object it corresponds + to. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + egressCIDRs: + description: EgressCIDRs is the list of CIDR ranges available for automatically + assigning egress IPs to this node from. If this field is set then EgressIPs + should be treated as read-only. + items: + type: string + pattern: '^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])/([0-9]|[12][0-9]|3[0-2])$' + type: array + egressIPs: + description: EgressIPs is the list of automatic egress IP addresses currently + hosted by this node. If EgressCIDRs is empty, this can be set by hand; + if EgressCIDRs is set then the master will overwrite the value here with + its own allocation of egress IPs. + items: + type: string + pattern: '^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])$' + type: array + host: + description: Host is the name of the node. (This is the same as the object's + name, but both fields must be set.) + type: string + pattern: '^[a-z0-9.-]+$' + hostIP: + description: HostIP is the IP address to be used as a VTEP by other nodes + in the overlay network + type: string + pattern: '^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])$' + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + subnet: + description: Subnet is the CIDR range of the overlay network assigned to + the node for its pods + type: string + pattern: '^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])/([0-9]|[12][0-9]|3[0-2])$' + required: + - host + - hostIP + type: object + additionalPrinterColumns: + - name: Host + type: string + description: The name of the node + JSONPath: .host + - name: Host IP + type: string + description: The IP address to be used as a VTEP by other nodes in the overlay network + JSONPath: .hostIP + - name: Subnet + type: string + description: The CIDR range of the overlay network assigned to the node for its pods + JSONPath: .subnet + - name: Egress CIDRs + type: string + description: The network egress CIDRs + JSONPath: .egressCIDRs + - name: Egress IPs + type: string + description: The network egress IP addresses + JSONPath: .egressIPs + version: v1 + versions: + - name: v1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/network/v1/003-netnamespace-crd.yaml b/network/v1/003-netnamespace-crd.yaml new file mode 100644 index 00000000000..b00ecfa082d --- /dev/null +++ b/network/v1/003-netnamespace-crd.yaml @@ -0,0 +1,80 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + creationTimestamp: null + name: netnamespaces.network.openshift.io +spec: + group: network.openshift.io + names: + kind: NetNamespace + listKind: NetNamespaceList + plural: netnamespaces + singular: netnamespace + scope: Cluster + validation: + # As compared to ValidateNetNamespace, this does not validate that: + # - .netname == .name + # - .netid is not 1-9 + openAPIV3Schema: + description: NetNamespace describes a single isolated network. When using the + redhat/openshift-ovs-multitenant plugin, every Namespace will have a corresponding + NetNamespace object with the same name. (When using redhat/openshift-ovs-subnet, + NetNamespaces are not used.) + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + egressIPs: + description: EgressIPs is a list of reserved IPs that will be used as the + source for external traffic coming from pods in this namespace. (If empty, + external traffic will be masqueraded to Node IPs.) + items: + type: string + pattern: '^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])$' + type: array + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + netid: + description: NetID is the network identifier of the network namespace assigned + to each overlay network packet. This can be manipulated with the "oc adm + pod-network" commands. + format: int32 + type: integer + minimum: 0 + maximum: 16777215 + netname: + description: NetName is the name of the network namespace. (This is the + same as the object's name, but both fields must be set.) + type: string + pattern: '^[a-z0-9.-]+$' + required: + - netid + - netname + type: object + additionalPrinterColumns: + - name: NetID + type: integer + description: The network identifier of the network namespace + JSONPath: .netid + - name: Egress IPs + type: string + description: The network egress IP addresses + JSONPath: .egressIPs + version: v1 + versions: + - name: v1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/network/v1/004-egressnetworkpolicy-crd.yaml b/network/v1/004-egressnetworkpolicy-crd.yaml new file mode 100644 index 00000000000..34b541fc946 --- /dev/null +++ b/network/v1/004-egressnetworkpolicy-crd.yaml @@ -0,0 +1,87 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + creationTimestamp: null + name: egressnetworkpolicies.network.openshift.io +spec: + group: network.openshift.io + names: + kind: EgressNetworkPolicy + listKind: EgressNetworkPolicyList + plural: egressnetworkpolicies + singular: egressnetworkpolicy + scope: Namespaced + validation: + # This should be mostly equivalent to ValidateEgressNetworkPolicy + openAPIV3Schema: + description: EgressNetworkPolicy describes the current egress network policy + for a Namespace. When using the 'redhat/openshift-ovs-multitenant' network + plugin, traffic from a pod to an IP address outside the cluster will be checked + against each EgressNetworkPolicyRule in the pod's namespace's EgressNetworkPolicy, + in order. If no rule matches (or no EgressNetworkPolicy is present) then the + traffic will be allowed by default. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec is the specification of the current egress network policy + properties: + egress: + description: egress contains the list of egress policy rules + items: + description: EgressNetworkPolicyRule contains a single egress network + policy rule + properties: + to: + description: to is the target that traffic is allowed/denied to + properties: + cidrSelector: + description: cidrSelector is the CIDR range to allow/deny + traffic to. If this is set, dnsName must be unset + type: string + pattern: '^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])/([0-9]|[12][0-9]|3[0-2])$' + dnsName: + description: dnsName is the domain name to allow/deny traffic + to. If this is set, cidrSelector must be unset + type: string + pattern: '^([A-Za-z0-9-]+\.)*[A-Za-z0-9-]+\.?$' + type: object + minProperties: 1 + maxProperties: 1 + type: + description: type marks this as an "Allow" or "Deny" rule + type: string + pattern: '^Allow|Deny$' + required: + - to + - type + type: object + type: array + maxItems: 50 + required: + - egress + type: object + required: + - spec + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/network/v1/generated.pb.go b/network/v1/generated.pb.go index 67f25cae282..34073bd902c 100644 --- a/network/v1/generated.pb.go +++ b/network/v1/generated.pb.go @@ -383,68 +383,70 @@ func init() { } var fileDescriptor_38d1cb27735fa5d9 = []byte{ - // 967 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xbc, 0x56, 0xcf, 0x6e, 0xe3, 0x44, - 0x18, 0x8f, 0xf3, 0xa7, 0x6d, 0x26, 0x6d, 0x5a, 0xcd, 0x22, 0xd6, 0x14, 0xc9, 0x89, 0xbc, 0x12, - 0x0a, 0x5a, 0x61, 0x93, 0x2e, 0x42, 0x3d, 0x20, 0x10, 0xde, 0x56, 0xda, 0x48, 0xdd, 0x10, 0x4d, - 0xca, 0xaa, 0x42, 0x80, 0x70, 0x9d, 0x59, 0xc7, 0x34, 0xb1, 0x2d, 0xcf, 0x38, 0x10, 0x21, 0xfe, - 0x3c, 0x02, 0x0f, 0xc0, 0x63, 0xf0, 0x00, 0x1c, 0x38, 0xf4, 0xc0, 0x61, 0x4f, 0xb0, 0xa7, 0x88, - 0x9a, 0x33, 0x2f, 0xc0, 0x09, 0xcd, 0x78, 0x1c, 0xdb, 0x5d, 0x17, 0xa2, 0x22, 0x72, 0x4a, 0xe6, - 0xfb, 0x7d, 0x7f, 0xe7, 0xf7, 0x7d, 0xdf, 0x18, 0x3c, 0xb0, 0x1d, 0x3a, 0x0e, 0xcf, 0x35, 0xcb, - 0x9b, 0xea, 0x9e, 0x8f, 0x5d, 0x32, 0x76, 0x9e, 0x52, 0xdd, 0xf4, 0x1d, 0xdd, 0xc5, 0xf4, 0x0b, - 0x2f, 0xb8, 0xd0, 0x67, 0x5d, 0xdd, 0xc6, 0x2e, 0x0e, 0x4c, 0x8a, 0x47, 0x9a, 0x1f, 0x78, 0xd4, - 0x83, 0xf7, 0x52, 0x23, 0x6d, 0x69, 0xa4, 0x99, 0xbe, 0xa3, 0x09, 0x23, 0x6d, 0xd6, 0xdd, 0x7f, - 0x23, 0xe3, 0xd9, 0xf6, 0x6c, 0x4f, 0xe7, 0xb6, 0xe7, 0xe1, 0x53, 0x7e, 0xe2, 0x07, 0xfe, 0x2f, - 0xf6, 0xb9, 0xff, 0xd6, 0xc5, 0x21, 0xd1, 0x1c, 0x8f, 0x85, 0x9e, 0x9a, 0xd6, 0xd8, 0x71, 0x71, - 0x30, 0xd7, 0xfd, 0x0b, 0x9b, 0x09, 0x88, 0x3e, 0xc5, 0xd4, 0x2c, 0xc8, 0x64, 0xff, 0xed, 0x9b, - 0xac, 0x82, 0xd0, 0xa5, 0xce, 0x14, 0xeb, 0xc4, 0x1a, 0xe3, 0xa9, 0x79, 0xdd, 0x4e, 0xfd, 0xa1, - 0x0a, 0x9a, 0x0f, 0x27, 0x21, 0xa1, 0x38, 0xe8, 0xc7, 0x29, 0xc3, 0xcf, 0xc0, 0x16, 0x8b, 0x32, - 0x32, 0xa9, 0x29, 0x4b, 0x6d, 0xa9, 0xd3, 0x38, 0x78, 0x53, 0x8b, 0xbd, 0x6b, 0x59, 0xef, 0x9a, - 0x7f, 0x61, 0x33, 0x01, 0xd1, 0x98, 0xb6, 0x36, 0xeb, 0x6a, 0x1f, 0x9c, 0x7f, 0x8e, 0x2d, 0xfa, - 0x18, 0x53, 0xd3, 0x80, 0x97, 0x8b, 0x56, 0x29, 0x5a, 0xb4, 0x40, 0x2a, 0x43, 0x4b, 0xaf, 0xf0, - 0x75, 0xb0, 0x29, 0xee, 0x47, 0x2e, 0xb7, 0xa5, 0x4e, 0xdd, 0xd8, 0x15, 0xea, 0x9b, 0x22, 0x07, - 0x94, 0xe0, 0xf0, 0x08, 0xec, 0x8d, 0x3d, 0x42, 0x49, 0x78, 0xee, 0x62, 0x3a, 0xc1, 0xae, 0x4d, - 0xc7, 0x72, 0xa5, 0x2d, 0x75, 0x76, 0x0c, 0x59, 0xd8, 0xec, 0x3d, 0xf2, 0x08, 0x1d, 0x72, 0xfc, - 0x84, 0xe3, 0xe8, 0x05, 0x0b, 0xf8, 0x2e, 0x68, 0x12, 0x1c, 0xcc, 0x1c, 0x0b, 0x8b, 0x00, 0x72, - 0x95, 0xc7, 0x7d, 0x59, 0xf8, 0x68, 0x0e, 0x73, 0x28, 0xba, 0xa6, 0x0d, 0x0f, 0x00, 0xf0, 0x27, - 0xa1, 0xed, 0xb8, 0x7d, 0x73, 0x8a, 0xe5, 0x1a, 0xb7, 0x5d, 0x96, 0x38, 0x58, 0x22, 0x28, 0xa3, - 0x05, 0xbf, 0x02, 0xbb, 0x56, 0xee, 0x62, 0x89, 0xbc, 0xd1, 0xae, 0x74, 0x1a, 0x07, 0x87, 0xda, - 0x0a, 0x5d, 0xa3, 0xe5, 0x49, 0x39, 0x76, 0x69, 0x30, 0x37, 0xee, 0x8a, 0x90, 0xbb, 0x79, 0x90, - 0xa0, 0xeb, 0x91, 0xe0, 0x7d, 0x50, 0x9f, 0x7d, 0x39, 0x31, 0xdd, 0x81, 0x17, 0x50, 0x79, 0x93, - 0xdf, 0xd7, 0x4e, 0xb4, 0x68, 0xd5, 0x9f, 0x9c, 0x9d, 0xbc, 0xdf, 0x67, 0x42, 0x94, 0xe2, 0xf0, - 0x15, 0x50, 0x99, 0xd2, 0x50, 0xde, 0xe2, 0x6a, 0x9b, 0xd1, 0xa2, 0x55, 0x79, 0x7c, 0xfa, 0x21, - 0x62, 0x32, 0xf5, 0x6b, 0x70, 0xa7, 0x20, 0x11, 0xd8, 0x06, 0x55, 0xcb, 0x19, 0x05, 0xbc, 0x3d, - 0xea, 0xc6, 0xb6, 0x48, 0xab, 0xfa, 0xb0, 0x77, 0x84, 0x10, 0x47, 0x12, 0xde, 0xb2, 0xbc, 0x70, - 0xae, 0xff, 0x95, 0xb7, 0xac, 0x44, 0xfd, 0x45, 0x02, 0x30, 0x1f, 0xff, 0xc4, 0x21, 0x14, 0x7e, - 0xfc, 0x42, 0x87, 0x6a, 0xab, 0x75, 0x28, 0xb3, 0xe6, 0xfd, 0xb9, 0x27, 0x92, 0xd8, 0x4a, 0x24, - 0x99, 0xee, 0x3c, 0x03, 0x35, 0x87, 0xe2, 0x29, 0x91, 0xcb, 0x9c, 0xae, 0x07, 0xb7, 0xa0, 0xcb, - 0xd8, 0x11, 0xfe, 0x6b, 0x3d, 0xe6, 0x09, 0xc5, 0x0e, 0xd5, 0xdf, 0x24, 0x70, 0xe7, 0xd8, 0x0e, - 0x30, 0x21, 0x42, 0x6f, 0xe0, 0x4d, 0x1c, 0x6b, 0xbe, 0x86, 0x89, 0xfb, 0x14, 0x54, 0x89, 0x8f, - 0x2d, 0x4e, 0x41, 0xe3, 0xe0, 0x9d, 0x95, 0x4a, 0x2a, 0xc8, 0x74, 0xe8, 0x63, 0x2b, 0xa5, 0x9b, - 0x9d, 0x10, 0xf7, 0xab, 0xfe, 0x2a, 0x81, 0xbb, 0x05, 0xfa, 0x6b, 0x60, 0xeb, 0x93, 0x3c, 0x5b, - 0x87, 0xb7, 0x2d, 0xed, 0x06, 0xca, 0xbe, 0x29, 0xac, 0x6b, 0x80, 0x71, 0x00, 0x0f, 0xc1, 0x36, - 0x6b, 0xf5, 0x21, 0x9e, 0x60, 0x8b, 0x7a, 0xc9, 0x30, 0xbc, 0x24, 0xdc, 0x6c, 0xb3, 0x61, 0x48, - 0x30, 0x94, 0xd3, 0x64, 0xfb, 0x6f, 0xe4, 0x12, 0xbe, 0x4b, 0xae, 0xed, 0xbf, 0xa3, 0xfe, 0x90, - 0x2f, 0x92, 0x04, 0x57, 0x7f, 0x2c, 0xbe, 0x58, 0x14, 0x4e, 0x30, 0x7c, 0x0f, 0x54, 0xe9, 0xdc, - 0xc7, 0x22, 0xf0, 0xfd, 0x84, 0x96, 0xd3, 0xb9, 0x8f, 0xff, 0x5a, 0xb4, 0x5e, 0xbd, 0xc1, 0x8c, - 0xc1, 0x88, 0x1b, 0xc2, 0x33, 0x50, 0xa6, 0xde, 0x7f, 0xed, 0x09, 0x76, 0x17, 0x06, 0x10, 0xc1, - 0xcb, 0xa7, 0x1e, 0x2a, 0x53, 0x4f, 0xfd, 0xb6, 0x30, 0x6b, 0xd6, 0x30, 0x70, 0x04, 0x36, 0x30, - 0x87, 0x64, 0x89, 0x33, 0x76, 0xeb, 0xc0, 0xac, 0x18, 0xa3, 0x29, 0x02, 0x6f, 0xc4, 0x0a, 0x48, - 0xf8, 0x56, 0x7f, 0x2a, 0x03, 0x90, 0x2e, 0x98, 0x35, 0x4c, 0x58, 0x1b, 0x54, 0xd9, 0xfa, 0x12, - 0x84, 0x2e, 0x67, 0x84, 0xe5, 0x80, 0x38, 0x02, 0x5f, 0x03, 0x1b, 0xec, 0xb7, 0x37, 0xe0, 0x0f, - 0x58, 0x3d, 0x4d, 0xfd, 0x11, 0x97, 0x22, 0x81, 0x32, 0xbd, 0xf8, 0xf1, 0x12, 0x8f, 0xd4, 0x52, - 0x2f, 0xae, 0x05, 0x09, 0x94, 0xed, 0xf8, 0xb8, 0xd8, 0xde, 0x80, 0xc8, 0xb5, 0x76, 0xa5, 0x53, - 0x8f, 0x77, 0xfc, 0x71, 0x22, 0x44, 0x29, 0x0e, 0xbb, 0xa0, 0x11, 0x1f, 0x58, 0x5b, 0xc6, 0x2f, - 0x51, 0xdd, 0xd8, 0x8d, 0x16, 0xad, 0xc6, 0x71, 0x2a, 0x46, 0x59, 0x1d, 0xf5, 0x67, 0x09, 0x34, - 0x33, 0x3b, 0xfa, 0xff, 0x1f, 0xe5, 0xd3, 0xfc, 0x28, 0xeb, 0x2b, 0x35, 0x46, 0x9a, 0xe1, 0x0d, - 0x13, 0xfc, 0xa7, 0x04, 0xb6, 0xfb, 0x98, 0xb2, 0x69, 0x22, 0xbe, 0x69, 0xe1, 0xb5, 0x7d, 0xdf, - 0xb8, 0x05, 0xf3, 0x2d, 0x12, 0x41, 0x09, 0x0e, 0xef, 0x81, 0x9a, 0x8b, 0xa9, 0x33, 0x12, 0x1f, - 0x35, 0xcb, 0x12, 0xfa, 0x98, 0xf6, 0x8e, 0x50, 0x8c, 0xe5, 0x99, 0xae, 0xfe, 0x33, 0xd3, 0xea, - 0xa5, 0x04, 0xf6, 0xb2, 0xf5, 0xae, 0x81, 0xb8, 0x27, 0x79, 0xe2, 0xba, 0x2b, 0x11, 0x97, 0xcd, - 0xb1, 0x98, 0x3a, 0xa3, 0x73, 0x79, 0xa5, 0x94, 0x9e, 0x5d, 0x29, 0xa5, 0xe7, 0x57, 0x4a, 0xe9, - 0xbb, 0x48, 0x91, 0x2e, 0x23, 0x45, 0x7a, 0x16, 0x29, 0xd2, 0xf3, 0x48, 0x91, 0x7e, 0x8f, 0x14, - 0xe9, 0xfb, 0x3f, 0x94, 0xd2, 0x47, 0xe5, 0x59, 0xf7, 0xef, 0x00, 0x00, 0x00, 0xff, 0xff, 0xf8, - 0xb8, 0xfc, 0x5f, 0xbe, 0x0b, 0x00, 0x00, + // 995 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xbc, 0x56, 0x4f, 0x6f, 0xe3, 0x44, + 0x14, 0x8f, 0xf3, 0xa7, 0x6d, 0x26, 0x6d, 0x5a, 0xcd, 0x56, 0xac, 0x29, 0x52, 0x12, 0xb9, 0x02, + 0x82, 0x56, 0xd8, 0xa4, 0x8b, 0x50, 0x0f, 0x08, 0xb4, 0x6e, 0x2b, 0x6d, 0xa4, 0x6e, 0x88, 0x26, + 0x65, 0x55, 0x21, 0x40, 0xb8, 0xce, 0xac, 0x63, 0x9a, 0xd8, 0x96, 0x67, 0x12, 0x88, 0x10, 0x7f, + 0x2e, 0xdc, 0xf9, 0x00, 0x7c, 0x0c, 0x3e, 0x02, 0x87, 0x1e, 0x38, 0xec, 0x09, 0xf6, 0x14, 0x51, + 0x73, 0xe7, 0x03, 0xf4, 0x84, 0x66, 0x3c, 0x8e, 0xed, 0xac, 0x2b, 0xa2, 0x22, 0x72, 0x4a, 0xe6, + 0xfd, 0xde, 0xdf, 0xf9, 0xbd, 0xf7, 0xc6, 0xe0, 0xa1, 0x65, 0xd3, 0xc1, 0xf8, 0x42, 0x35, 0xdd, + 0x91, 0xe6, 0x7a, 0xd8, 0x21, 0x03, 0xfb, 0x19, 0xd5, 0x0c, 0xcf, 0xd6, 0x1c, 0x4c, 0xbf, 0x72, + 0xfd, 0x4b, 0x6d, 0xd2, 0xd2, 0x2c, 0xec, 0x60, 0xdf, 0xa0, 0xb8, 0xaf, 0x7a, 0xbe, 0x4b, 0x5d, + 0xb8, 0x1f, 0x1b, 0xa9, 0x73, 0x23, 0xd5, 0xf0, 0x6c, 0x55, 0x18, 0xa9, 0x93, 0xd6, 0xde, 0xdb, + 0x09, 0xcf, 0x96, 0x6b, 0xb9, 0x1a, 0xb7, 0xbd, 0x18, 0x3f, 0xe3, 0x27, 0x7e, 0xe0, 0xff, 0x42, + 0x9f, 0x7b, 0xef, 0x5e, 0x1e, 0x12, 0xd5, 0x76, 0x59, 0xe8, 0x91, 0x61, 0x0e, 0x6c, 0x07, 0xfb, + 0x53, 0xcd, 0xbb, 0xb4, 0x98, 0x80, 0x68, 0x23, 0x4c, 0x8d, 0x8c, 0x4c, 0xf6, 0xde, 0xbb, 0xcd, + 0xca, 0x1f, 0x3b, 0xd4, 0x1e, 0x61, 0x8d, 0x98, 0x03, 0x3c, 0x32, 0x16, 0xed, 0x94, 0x9f, 0x8b, + 0xa0, 0x7a, 0x34, 0x1c, 0x13, 0x8a, 0xfd, 0x4e, 0x98, 0x32, 0xfc, 0x02, 0x6c, 0xb0, 0x28, 0x7d, + 0x83, 0x1a, 0xb2, 0xd4, 0x90, 0x9a, 0x95, 0x83, 0x77, 0xd4, 0xd0, 0xbb, 0x9a, 0xf4, 0xae, 0x7a, + 0x97, 0x16, 0x13, 0x10, 0x95, 0x69, 0xab, 0x93, 0x96, 0xfa, 0xd1, 0xc5, 0x97, 0xd8, 0xa4, 0x4f, + 0x30, 0x35, 0x74, 0x78, 0x35, 0xab, 0xe7, 0x82, 0x59, 0x1d, 0xc4, 0x32, 0x34, 0xf7, 0x0a, 0xdf, + 0x02, 0xeb, 0xe2, 0x7e, 0xe4, 0x7c, 0x43, 0x6a, 0x96, 0xf5, 0x6d, 0xa1, 0xbe, 0x2e, 0x72, 0x40, + 0x11, 0x0e, 0x8f, 0xc1, 0xce, 0xc0, 0x25, 0x94, 0x8c, 0x2f, 0x1c, 0x4c, 0x87, 0xd8, 0xb1, 0xe8, + 0x40, 0x2e, 0x34, 0xa4, 0xe6, 0x96, 0x2e, 0x0b, 0x9b, 0x9d, 0xc7, 0x2e, 0xa1, 0x3d, 0x8e, 0x9f, + 0x72, 0x1c, 0xbd, 0x64, 0x01, 0x3f, 0x00, 0x55, 0x82, 0xfd, 0x89, 0x6d, 0x62, 0x11, 0x40, 0x2e, + 0xf2, 0xb8, 0xaf, 0x08, 0x1f, 0xd5, 0x5e, 0x0a, 0x45, 0x0b, 0xda, 0xf0, 0x00, 0x00, 0x6f, 0x38, + 0xb6, 0x6c, 0xa7, 0x63, 0x8c, 0xb0, 0x5c, 0xe2, 0xb6, 0xf3, 0x12, 0xbb, 0x73, 0x04, 0x25, 0xb4, + 0xe0, 0x37, 0x60, 0xdb, 0x4c, 0x5d, 0x2c, 0x91, 0xd7, 0x1a, 0x85, 0x66, 0xe5, 0xe0, 0x50, 0x5d, + 0xa2, 0x6b, 0xd4, 0x34, 0x29, 0x27, 0x0e, 0xf5, 0xa7, 0xfa, 0x7d, 0x11, 0x72, 0x3b, 0x0d, 0x12, + 0xb4, 0x18, 0x09, 0x3e, 0x00, 0xe5, 0xc9, 0xd7, 0x43, 0xc3, 0xe9, 0xba, 0x3e, 0x95, 0xd7, 0xf9, + 0x7d, 0x6d, 0x05, 0xb3, 0x7a, 0xf9, 0xe9, 0xf9, 0xe9, 0xa3, 0x0e, 0x13, 0xa2, 0x18, 0x87, 0xaf, + 0x82, 0xc2, 0x88, 0x8e, 0xe5, 0x0d, 0xae, 0xb6, 0x1e, 0xcc, 0xea, 0x85, 0x27, 0x67, 0x1f, 0x23, + 0x26, 0x53, 0xbe, 0x05, 0xf7, 0x32, 0x12, 0x81, 0x0d, 0x50, 0x34, 0xed, 0xbe, 0xcf, 0xdb, 0xa3, + 0xac, 0x6f, 0x8a, 0xb4, 0x8a, 0x47, 0xed, 0x63, 0x84, 0x38, 0x12, 0xf1, 0x96, 0xe4, 0x85, 0x73, + 0xfd, 0xaf, 0xbc, 0x25, 0x25, 0xca, 0x6f, 0x12, 0x80, 0xe9, 0xf8, 0xa7, 0x36, 0xa1, 0xf0, 0xd3, + 0x97, 0x3a, 0x54, 0x5d, 0xae, 0x43, 0x99, 0x35, 0xef, 0xcf, 0x1d, 0x91, 0xc4, 0x46, 0x24, 0x49, + 0x74, 0xe7, 0x39, 0x28, 0xd9, 0x14, 0x8f, 0x88, 0x9c, 0xe7, 0x74, 0x3d, 0xbc, 0x03, 0x5d, 0xfa, + 0x96, 0xf0, 0x5f, 0x6a, 0x33, 0x4f, 0x28, 0x74, 0xa8, 0xfc, 0x21, 0x81, 0x7b, 0x27, 0x96, 0x8f, + 0x09, 0x11, 0x7a, 0x5d, 0x77, 0x68, 0x9b, 0xd3, 0x15, 0x4c, 0xdc, 0xe7, 0xa0, 0x48, 0x3c, 0x6c, + 0x72, 0x0a, 0x2a, 0x07, 0xef, 0x2f, 0x55, 0x52, 0x46, 0xa6, 0x3d, 0x0f, 0x9b, 0x31, 0xdd, 0xec, + 0x84, 0xb8, 0x5f, 0xe5, 0x77, 0x09, 0xdc, 0xcf, 0xd0, 0x5f, 0x01, 0x5b, 0x9f, 0xa5, 0xd9, 0x3a, + 0xbc, 0x6b, 0x69, 0xb7, 0x50, 0xf6, 0x5d, 0x66, 0x5d, 0x5d, 0x8c, 0x7d, 0x78, 0x08, 0x36, 0x59, + 0xab, 0xf7, 0xf0, 0x10, 0x9b, 0xd4, 0x8d, 0x86, 0x61, 0x57, 0xb8, 0xd9, 0x64, 0xc3, 0x10, 0x61, + 0x28, 0xa5, 0xc9, 0xf6, 0x5f, 0xdf, 0x21, 0x7c, 0x97, 0x2c, 0xec, 0xbf, 0xe3, 0x4e, 0x8f, 0x2f, + 0x92, 0x08, 0x57, 0x7e, 0xc9, 0xbe, 0x58, 0x34, 0x1e, 0x62, 0xf8, 0x21, 0x28, 0xd2, 0xa9, 0x87, + 0x45, 0xe0, 0x07, 0x11, 0x2d, 0x67, 0x53, 0x0f, 0xdf, 0xcc, 0xea, 0xaf, 0xdd, 0x62, 0xc6, 0x60, + 0xc4, 0x0d, 0xe1, 0x39, 0xc8, 0x53, 0xf7, 0xbf, 0xf6, 0x04, 0xbb, 0x0b, 0x1d, 0x88, 0xe0, 0xf9, + 0x33, 0x17, 0xe5, 0xa9, 0xab, 0x7c, 0x9f, 0x99, 0x35, 0x6b, 0x18, 0xd8, 0x07, 0x6b, 0x98, 0x43, + 0xb2, 0xc4, 0x19, 0xbb, 0x73, 0x60, 0x56, 0x8c, 0x5e, 0x15, 0x81, 0xd7, 0x42, 0x05, 0x24, 0x7c, + 0x2b, 0x7f, 0xe7, 0x01, 0x88, 0x17, 0xcc, 0x0a, 0x26, 0xac, 0x01, 0x8a, 0x6c, 0x7d, 0x09, 0x42, + 0xe7, 0x33, 0xc2, 0x72, 0x40, 0x1c, 0x81, 0x6f, 0x80, 0x35, 0xf6, 0xdb, 0xee, 0xf2, 0x07, 0xac, + 0x1c, 0xa7, 0xfe, 0x98, 0x4b, 0x91, 0x40, 0x99, 0x5e, 0xf8, 0x78, 0x89, 0x47, 0x6a, 0xae, 0x17, + 0xd6, 0x82, 0x04, 0x0a, 0x1f, 0x81, 0x72, 0x58, 0x6c, 0xbb, 0x4b, 0xe4, 0x52, 0xa3, 0xd0, 0x2c, + 0xeb, 0xfb, 0x6c, 0xc7, 0x9f, 0x44, 0xc2, 0x9b, 0x59, 0x1d, 0xc6, 0x77, 0x10, 0x89, 0x51, 0x6c, + 0x05, 0xdb, 0xa0, 0x12, 0x1e, 0x58, 0xb3, 0x86, 0xef, 0x53, 0x59, 0x7f, 0x33, 0x98, 0xd5, 0x2b, + 0x27, 0xb1, 0xf8, 0x66, 0x56, 0xdf, 0x5d, 0x74, 0xc3, 0x37, 0x7d, 0xd2, 0x56, 0xf9, 0x55, 0x02, + 0xd5, 0xc4, 0x46, 0xff, 0xff, 0x07, 0xff, 0x2c, 0x3d, 0xf8, 0xda, 0x52, 0x6d, 0x14, 0x67, 0x78, + 0xcb, 0xbc, 0xff, 0x98, 0x07, 0x9b, 0x1d, 0x4c, 0xd9, 0xec, 0x11, 0xcf, 0x30, 0xf1, 0xca, 0xbe, + 0x86, 0x9c, 0x8c, 0x6d, 0x20, 0x12, 0x41, 0x11, 0x0e, 0xf7, 0x41, 0xc9, 0xc1, 0xd4, 0xee, 0x8b, + 0x4f, 0xa0, 0x79, 0x09, 0x1d, 0x4c, 0xdb, 0xc7, 0x28, 0xc4, 0xe0, 0x51, 0xb2, 0x2f, 0x8a, 0x9c, + 0xd2, 0xd7, 0x17, 0xfb, 0x62, 0x37, 0x59, 0x63, 0x46, 0x67, 0x28, 0x57, 0x12, 0xd8, 0x49, 0xea, + 0xac, 0x80, 0xd0, 0xa7, 0x69, 0x42, 0x5b, 0x4b, 0x11, 0x9a, 0xcc, 0x31, 0x9b, 0x52, 0xbd, 0x79, + 0x75, 0x5d, 0xcb, 0x3d, 0xbf, 0xae, 0xe5, 0x5e, 0x5c, 0xd7, 0x72, 0x3f, 0x04, 0x35, 0xe9, 0x2a, + 0xa8, 0x49, 0xcf, 0x83, 0x9a, 0xf4, 0x22, 0xa8, 0x49, 0x7f, 0x06, 0x35, 0xe9, 0xa7, 0xbf, 0x6a, + 0xb9, 0x4f, 0xf2, 0x93, 0xd6, 0x3f, 0x01, 0x00, 0x00, 0xff, 0xff, 0xc3, 0xa5, 0xdd, 0x7e, 0x04, + 0x0c, 0x00, 0x00, } func (m *ClusterNetwork) Marshal() (dAtA []byte, err error) { @@ -2667,7 +2669,7 @@ func (m *HostSubnet) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.EgressIPs = append(m.EgressIPs, string(dAtA[iNdEx:postIndex])) + m.EgressIPs = append(m.EgressIPs, HostSubnetEgressIP(dAtA[iNdEx:postIndex])) iNdEx = postIndex case 6: if wireType != 2 { @@ -2699,7 +2701,7 @@ func (m *HostSubnet) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.EgressCIDRs = append(m.EgressCIDRs, string(dAtA[iNdEx:postIndex])) + m.EgressCIDRs = append(m.EgressCIDRs, HostSubnetEgressCIDR(dAtA[iNdEx:postIndex])) iNdEx = postIndex default: iNdEx = preIndex @@ -2988,7 +2990,7 @@ func (m *NetNamespace) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.EgressIPs = append(m.EgressIPs, string(dAtA[iNdEx:postIndex])) + m.EgressIPs = append(m.EgressIPs, NetNamespaceEgressIP(dAtA[iNdEx:postIndex])) iNdEx = postIndex default: iNdEx = preIndex diff --git a/network/v1/generated.proto b/network/v1/generated.proto index 62d0ace267b..e57003f4fcd 100644 --- a/network/v1/generated.proto +++ b/network/v1/generated.proto @@ -14,16 +14,24 @@ option go_package = "v1"; // ClusterNetwork describes the cluster network. There is normally only one object of this type, // named "default", which is created by the SDN network plugin based on the master configuration // when the cluster is brought up for the first time. +// +kubebuilder:resource:scope="Cluster" +// +kubebuilder:printcolumn:name="Cluster Network",type=string,JSONPath=`.network`,description="The primary cluster network CIDR" +// +kubebuilder:printcolumn:name="Service Network",type=string,JSONPath=`.serviceNetwork`,description="The service network CIDR" +// +kubebuilder:printcolumn:name="Plugin Name",type=string,JSONPath=`.pluginName`,description="The Openshift SDN network plug-in in use" message ClusterNetwork { optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; // Network is a CIDR string specifying the global overlay network's L3 space + // +kubebuilder:validation:Pattern=`^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])/([0-9]|[12][0-9]|3[0-2])$` optional string network = 2; // HostSubnetLength is the number of bits of network to allocate to each node. eg, 8 would mean that each node would have a /24 slice of the overlay network for its pods + // +kubebuilder:validation:Minimum=2 + // +kubebuilder:validation:Maximum=30 optional uint32 hostsubnetlength = 3; // ServiceNetwork is the CIDR range that Service IP addresses are allocated from + // +kubebuilder:validation:Pattern=`^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])/([0-9]|[12][0-9]|3[0-2])$` optional string serviceNetwork = 4; // PluginName is the name of the network plugin being used @@ -32,19 +40,33 @@ message ClusterNetwork { // ClusterNetworks is a list of ClusterNetwork objects that defines the global overlay network's L3 space by specifying a set of CIDR and netmasks that the SDN can allocate addresses from. repeated ClusterNetworkEntry clusterNetworks = 6; - // VXLANPort sets the VXLAN destination port used by the cluster. It is set by the master configuration file on startup and cannot be edited manually. Valid values for VXLANPort are integers 1-65535 inclusive and if unset defaults to 4789. Changing VXLANPort allows users to resolve issues between openshift SDN and other software trying to use the same VXLAN destination port. + // VXLANPort sets the VXLAN destination port used by the cluster. + // It is set by the master configuration file on startup and cannot be edited manually. + // Valid values for VXLANPort are integers 1-65535 inclusive and if unset defaults to 4789. + // Changing VXLANPort allows users to resolve issues between openshift SDN and other software trying to use the same VXLAN destination port. + // +kubebuilder:validation:Minimum=1 + // +kubebuilder:validation:Maximum=65535 + // +kubebuilder:validation:Optional + // +optional optional uint32 vxlanPort = 7; // MTU is the MTU for the overlay network. This should be 50 less than the MTU of the network connecting the nodes. It is normally autodetected by the cluster network operator. + // +kubebuilder:validation:Minimum=576 + // +kubebuilder:validation:Maximum=65536 + // +kubebuilder:validation:Optional + // +optional optional uint32 mtu = 8; } // ClusterNetworkEntry defines an individual cluster network. The CIDRs cannot overlap with other cluster network CIDRs, CIDRs reserved for external ips, CIDRs reserved for service networks, and CIDRs reserved for ingress ips. message ClusterNetworkEntry { // CIDR defines the total range of a cluster networks address space. + // +kubebuilder:validation:Pattern=`^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])/([0-9]|[12][0-9]|3[0-2])$` optional string cidr = 1; // HostSubnetLength is the number of bits of the accompanying CIDR address to allocate to each node. eg, 8 would mean that each node would have a /24 slice of the overlay network for its pods. + // +kubebuilder:validation:Minimum=2 + // +kubebuilder:validation:Maximum=30 optional uint32 hostSubnetLength = 2; } @@ -78,10 +100,15 @@ message EgressNetworkPolicyList { // EgressNetworkPolicyPeer specifies a target to apply egress network policy to message EgressNetworkPolicyPeer { - // cidrSelector is the CIDR range to allow/deny traffic to. If this is set, dnsName must be unset + // CIDRSelector is the CIDR range to allow/deny traffic to. If this is set, dnsName must be unset + // Ideally we would have liked to use the cidr openapi format for this property. + // But openshift-sdn only supports v4 while specifying the cidr format allows both v4 and v6 cidrs + // We are therefore using a regex pattern to validate instead. + // +kubebuilder:validation:Pattern=`^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])/([0-9]|[12][0-9]|3[0-2])$` optional string cidrSelector = 1; - // dnsName is the domain name to allow/deny traffic to. If this is set, cidrSelector must be unset + // DNSName is the domain name to allow/deny traffic to. If this is set, cidrSelector must be unset + // +kubebuilder:validation:Pattern=`^([A-Za-z0-9-]+\.)*[A-Za-z0-9-]+\.?$` optional string dnsName = 2; } @@ -102,16 +129,24 @@ message EgressNetworkPolicySpec { // HostSubnet describes the container subnet network on a node. The HostSubnet object must have the // same name as the Node object it corresponds to. +// +kubebuilder:printcolumn:name="Host",type=string,JSONPath=`.host`,description="The name of the node" +// +kubebuilder:printcolumn:name="Host IP",type=string,JSONPath=`.hostIP`,description="The IP address to be used as a VTEP by other nodes in the overlay network" +// +kubebuilder:printcolumn:name="Subnet",type=string,JSONPath=`.subnet`,description="The CIDR range of the overlay network assigned to the node for its pods" +// +kubebuilder:printcolumn:name="Egress CIDRs",type=string,JSONPath=`.egressCIDRs`,description="The network egress CIDRs" +// +kubebuilder:printcolumn:name="Egress IPs",type=string,JSONPath=`.egressIPs`,description="The network egress IP addresses" message HostSubnet { optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; // Host is the name of the node. (This is the same as the object's name, but both fields must be set.) + // +kubebuilder:validation:Pattern=`^[a-z0-9.-]+$` optional string host = 2; // HostIP is the IP address to be used as a VTEP by other nodes in the overlay network + // +kubebuilder:validation:Pattern=`^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])$` optional string hostIP = 3; // Subnet is the CIDR range of the overlay network assigned to the node for its pods + // +kubebuilder:validation:Pattern=`^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])/([0-9]|[12][0-9]|3[0-2])$` optional string subnet = 4; // EgressIPs is the list of automatic egress IP addresses currently hosted by this node. @@ -138,16 +173,22 @@ message HostSubnetList { // NetNamespace describes a single isolated network. When using the redhat/openshift-ovs-multitenant // plugin, every Namespace will have a corresponding NetNamespace object with the same name. // (When using redhat/openshift-ovs-subnet, NetNamespaces are not used.) +// +kubebuilder:printcolumn:name="NetID",type=integer,JSONPath=`.netid`,description="The network identifier of the network namespace" +// +kubebuilder:printcolumn:name="Egress IPs",type=string,JSONPath=`.egressIPs`,description="The network egress IP addresses" message NetNamespace { optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; // NetName is the name of the network namespace. (This is the same as the object's name, but both fields must be set.) + // +kubebuilder:validation:Pattern=`^[a-z0-9.-]+$` optional string netname = 2; // NetID is the network identifier of the network namespace assigned to each overlay network packet. This can be manipulated with the "oc adm pod-network" commands. + // +kubebuilder:validation:Minimum=0 + // +kubebuilder:validation:Maximum=16777215 optional uint32 netid = 3; - // EgressIPs is a list of reserved IPs that will be used as the source for external traffic coming from pods in this namespace. (If empty, external traffic will be masqueraded to Node IPs.) + // EgressIPs is a list of reserved IPs that will be used as the source for external traffic coming from pods in this namespace. + // (If empty, external traffic will be masqueraded to Node IPs.) // +optional repeated string egressIPs = 4; } diff --git a/network/v1/types.go b/network/v1/types.go index b8c6c5b53bf..c0ee55126f5 100644 --- a/network/v1/types.go +++ b/network/v1/types.go @@ -15,31 +15,60 @@ const ( // ClusterNetwork describes the cluster network. There is normally only one object of this type, // named "default", which is created by the SDN network plugin based on the master configuration // when the cluster is brought up for the first time. +// +kubebuilder:resource:scope="Cluster" +// +kubebuilder:printcolumn:name="Cluster Network",type=string,JSONPath=`.network`,description="The primary cluster network CIDR" +// +kubebuilder:printcolumn:name="Service Network",type=string,JSONPath=`.serviceNetwork`,description="The service network CIDR" +// +kubebuilder:printcolumn:name="Plugin Name",type=string,JSONPath=`.pluginName`,description="The Openshift SDN network plug-in in use" type ClusterNetwork struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` // Network is a CIDR string specifying the global overlay network's L3 space + // +kubebuilder:validation:Pattern=`^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])/([0-9]|[12][0-9]|3[0-2])$` Network string `json:"network,omitempty" protobuf:"bytes,2,opt,name=network"` + // HostSubnetLength is the number of bits of network to allocate to each node. eg, 8 would mean that each node would have a /24 slice of the overlay network for its pods + // +kubebuilder:validation:Minimum=2 + // +kubebuilder:validation:Maximum=30 HostSubnetLength uint32 `json:"hostsubnetlength,omitempty" protobuf:"varint,3,opt,name=hostsubnetlength"` + // ServiceNetwork is the CIDR range that Service IP addresses are allocated from + // +kubebuilder:validation:Pattern=`^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])/([0-9]|[12][0-9]|3[0-2])$` ServiceNetwork string `json:"serviceNetwork" protobuf:"bytes,4,opt,name=serviceNetwork"` + // PluginName is the name of the network plugin being used PluginName string `json:"pluginName,omitempty" protobuf:"bytes,5,opt,name=pluginName"` + // ClusterNetworks is a list of ClusterNetwork objects that defines the global overlay network's L3 space by specifying a set of CIDR and netmasks that the SDN can allocate addresses from. ClusterNetworks []ClusterNetworkEntry `json:"clusterNetworks" protobuf:"bytes,6,rep,name=clusterNetworks"` - // VXLANPort sets the VXLAN destination port used by the cluster. It is set by the master configuration file on startup and cannot be edited manually. Valid values for VXLANPort are integers 1-65535 inclusive and if unset defaults to 4789. Changing VXLANPort allows users to resolve issues between openshift SDN and other software trying to use the same VXLAN destination port. + + // VXLANPort sets the VXLAN destination port used by the cluster. + // It is set by the master configuration file on startup and cannot be edited manually. + // Valid values for VXLANPort are integers 1-65535 inclusive and if unset defaults to 4789. + // Changing VXLANPort allows users to resolve issues between openshift SDN and other software trying to use the same VXLAN destination port. + // +kubebuilder:validation:Minimum=1 + // +kubebuilder:validation:Maximum=65535 + // +kubebuilder:validation:Optional + // +optional VXLANPort *uint32 `json:"vxlanPort,omitempty" protobuf:"varint,7,opt,name=vxlanPort"` + // MTU is the MTU for the overlay network. This should be 50 less than the MTU of the network connecting the nodes. It is normally autodetected by the cluster network operator. + // +kubebuilder:validation:Minimum=576 + // +kubebuilder:validation:Maximum=65536 + // +kubebuilder:validation:Optional + // +optional MTU *uint32 `json:"mtu,omitempty" protobuf:"varint,8,opt,name=mtu"` } // ClusterNetworkEntry defines an individual cluster network. The CIDRs cannot overlap with other cluster network CIDRs, CIDRs reserved for external ips, CIDRs reserved for service networks, and CIDRs reserved for ingress ips. type ClusterNetworkEntry struct { // CIDR defines the total range of a cluster networks address space. + // +kubebuilder:validation:Pattern=`^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])/([0-9]|[12][0-9]|3[0-2])$` CIDR string `json:"CIDR" protobuf:"bytes,1,opt,name=cidr"` + // HostSubnetLength is the number of bits of the accompanying CIDR address to allocate to each node. eg, 8 would mean that each node would have a /24 slice of the overlay network for its pods. + // +kubebuilder:validation:Minimum=2 + // +kubebuilder:validation:Maximum=30 HostSubnetLength uint32 `json:"hostSubnetLength" protobuf:"varint,2,opt,name=hostSubnetLength"` } @@ -54,33 +83,54 @@ type ClusterNetworkList struct { Items []ClusterNetwork `json:"items" protobuf:"bytes,2,rep,name=items"` } +// HostSubnetEgressIP represents one egress IP address currently hosted on the node represented by +// HostSubnet +// +kubebuilder:validation:Pattern=`^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])$` +type HostSubnetEgressIP string + +// HostSubnetEgressCIDR represents one egress CIDR from which to assign IP addresses for this node +// represented by the HostSubnet +// +kubebuilder:validation:Pattern=`^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])/([0-9]|[12][0-9]|3[0-2])$` +type HostSubnetEgressCIDR string + // +genclient // +genclient:nonNamespaced // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // HostSubnet describes the container subnet network on a node. The HostSubnet object must have the // same name as the Node object it corresponds to. +// +kubebuilder:printcolumn:name="Host",type=string,JSONPath=`.host`,description="The name of the node" +// +kubebuilder:printcolumn:name="Host IP",type=string,JSONPath=`.hostIP`,description="The IP address to be used as a VTEP by other nodes in the overlay network" +// +kubebuilder:printcolumn:name="Subnet",type=string,JSONPath=`.subnet`,description="The CIDR range of the overlay network assigned to the node for its pods" +// +kubebuilder:printcolumn:name="Egress CIDRs",type=string,JSONPath=`.egressCIDRs`,description="The network egress CIDRs" +// +kubebuilder:printcolumn:name="Egress IPs",type=string,JSONPath=`.egressIPs`,description="The network egress IP addresses" type HostSubnet struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` // Host is the name of the node. (This is the same as the object's name, but both fields must be set.) + // +kubebuilder:validation:Pattern=`^[a-z0-9.-]+$` Host string `json:"host" protobuf:"bytes,2,opt,name=host"` + // HostIP is the IP address to be used as a VTEP by other nodes in the overlay network + // +kubebuilder:validation:Pattern=`^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])$` HostIP string `json:"hostIP" protobuf:"bytes,3,opt,name=hostIP"` + // Subnet is the CIDR range of the overlay network assigned to the node for its pods + // +kubebuilder:validation:Pattern=`^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])/([0-9]|[12][0-9]|3[0-2])$` Subnet string `json:"subnet" protobuf:"bytes,4,opt,name=subnet"` // EgressIPs is the list of automatic egress IP addresses currently hosted by this node. // If EgressCIDRs is empty, this can be set by hand; if EgressCIDRs is set then the // master will overwrite the value here with its own allocation of egress IPs. // +optional - EgressIPs []string `json:"egressIPs,omitempty" protobuf:"bytes,5,rep,name=egressIPs"` + EgressIPs []HostSubnetEgressIP `json:"egressIPs,omitempty" protobuf:"bytes,5,rep,name=egressIPs"` + // EgressCIDRs is the list of CIDR ranges available for automatically assigning // egress IPs to this node from. If this field is set then EgressIPs should be // treated as read-only. // +optional - EgressCIDRs []string `json:"egressCIDRs,omitempty" protobuf:"bytes,6,rep,name=egressCIDRs"` + EgressCIDRs []HostSubnetEgressCIDR `json:"egressCIDRs,omitempty" protobuf:"bytes,6,rep,name=egressCIDRs"` } // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object @@ -94,6 +144,11 @@ type HostSubnetList struct { Items []HostSubnet `json:"items" protobuf:"bytes,2,rep,name=items"` } +// NetNamespaceEgressIP is a single egress IP out of a list of reserved IPs used as source of external traffic coming +// from pods in this namespace +// +kubebuilder:validation:Pattern=`^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])$` +type NetNamespaceEgressIP string + // +genclient // +genclient:nonNamespaced // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object @@ -101,18 +156,25 @@ type HostSubnetList struct { // NetNamespace describes a single isolated network. When using the redhat/openshift-ovs-multitenant // plugin, every Namespace will have a corresponding NetNamespace object with the same name. // (When using redhat/openshift-ovs-subnet, NetNamespaces are not used.) +// +kubebuilder:printcolumn:name="NetID",type=integer,JSONPath=`.netid`,description="The network identifier of the network namespace" +// +kubebuilder:printcolumn:name="Egress IPs",type=string,JSONPath=`.egressIPs`,description="The network egress IP addresses" type NetNamespace struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` // NetName is the name of the network namespace. (This is the same as the object's name, but both fields must be set.) + // +kubebuilder:validation:Pattern=`^[a-z0-9.-]+$` NetName string `json:"netname" protobuf:"bytes,2,opt,name=netname"` + // NetID is the network identifier of the network namespace assigned to each overlay network packet. This can be manipulated with the "oc adm pod-network" commands. + // +kubebuilder:validation:Minimum=0 + // +kubebuilder:validation:Maximum=16777215 NetID uint32 `json:"netid" protobuf:"varint,3,opt,name=netid"` - // EgressIPs is a list of reserved IPs that will be used as the source for external traffic coming from pods in this namespace. (If empty, external traffic will be masqueraded to Node IPs.) + // EgressIPs is a list of reserved IPs that will be used as the source for external traffic coming from pods in this namespace. + // (If empty, external traffic will be masqueraded to Node IPs.) // +optional - EgressIPs []string `json:"egressIPs,omitempty" protobuf:"bytes,4,rep,name=egressIPs"` + EgressIPs []NetNamespaceEgressIP `json:"egressIPs,omitempty" protobuf:"bytes,4,rep,name=egressIPs"` } // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object @@ -127,6 +189,7 @@ type NetNamespaceList struct { } // EgressNetworkPolicyRuleType indicates whether an EgressNetworkPolicyRule allows or denies traffic +// +kubebuilder:validation:Pattern=`^Allow|Deny$` type EgressNetworkPolicyRuleType string const ( @@ -136,9 +199,14 @@ const ( // EgressNetworkPolicyPeer specifies a target to apply egress network policy to type EgressNetworkPolicyPeer struct { - // cidrSelector is the CIDR range to allow/deny traffic to. If this is set, dnsName must be unset + // CIDRSelector is the CIDR range to allow/deny traffic to. If this is set, dnsName must be unset + // Ideally we would have liked to use the cidr openapi format for this property. + // But openshift-sdn only supports v4 while specifying the cidr format allows both v4 and v6 cidrs + // We are therefore using a regex pattern to validate instead. + // +kubebuilder:validation:Pattern=`^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])/([0-9]|[12][0-9]|3[0-2])$` CIDRSelector string `json:"cidrSelector,omitempty" protobuf:"bytes,1,rep,name=cidrSelector"` - // dnsName is the domain name to allow/deny traffic to. If this is set, cidrSelector must be unset + // DNSName is the domain name to allow/deny traffic to. If this is set, cidrSelector must be unset + // +kubebuilder:validation:Pattern=`^([A-Za-z0-9-]+\.)*[A-Za-z0-9-]+\.?$` DNSName string `json:"dnsName,omitempty" protobuf:"bytes,2,rep,name=dnsName"` } diff --git a/network/v1/zz_generated.deepcopy.go b/network/v1/zz_generated.deepcopy.go index a1ff0991d75..32f766e01eb 100644 --- a/network/v1/zz_generated.deepcopy.go +++ b/network/v1/zz_generated.deepcopy.go @@ -219,12 +219,12 @@ func (in *HostSubnet) DeepCopyInto(out *HostSubnet) { in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) if in.EgressIPs != nil { in, out := &in.EgressIPs, &out.EgressIPs - *out = make([]string, len(*in)) + *out = make([]HostSubnetEgressIP, len(*in)) copy(*out, *in) } if in.EgressCIDRs != nil { in, out := &in.EgressCIDRs, &out.EgressCIDRs - *out = make([]string, len(*in)) + *out = make([]HostSubnetEgressCIDR, len(*in)) copy(*out, *in) } return @@ -288,7 +288,7 @@ func (in *NetNamespace) DeepCopyInto(out *NetNamespace) { in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) if in.EgressIPs != nil { in, out := &in.EgressIPs, &out.EgressIPs - *out = make([]string, len(*in)) + *out = make([]NetNamespaceEgressIP, len(*in)) copy(*out, *in) } return diff --git a/network/v1/zz_generated.swagger_doc_generated.go b/network/v1/zz_generated.swagger_doc_generated.go index 9a4b3a5baee..9a3d2ffdf84 100644 --- a/network/v1/zz_generated.swagger_doc_generated.go +++ b/network/v1/zz_generated.swagger_doc_generated.go @@ -65,8 +65,8 @@ func (EgressNetworkPolicyList) SwaggerDoc() map[string]string { var map_EgressNetworkPolicyPeer = map[string]string{ "": "EgressNetworkPolicyPeer specifies a target to apply egress network policy to", - "cidrSelector": "cidrSelector is the CIDR range to allow/deny traffic to. If this is set, dnsName must be unset", - "dnsName": "dnsName is the domain name to allow/deny traffic to. If this is set, cidrSelector must be unset", + "cidrSelector": "CIDRSelector is the CIDR range to allow/deny traffic to. If this is set, dnsName must be unset Ideally we would have liked to use the cidr openapi format for this property. But openshift-sdn only supports v4 while specifying the cidr format allows both v4 and v6 cidrs We are therefore using a regex pattern to validate instead.", + "dnsName": "DNSName is the domain name to allow/deny traffic to. If this is set, cidrSelector must be unset", } func (EgressNetworkPolicyPeer) SwaggerDoc() map[string]string {