{ "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { "properties": { "destinationCIDRs": { "description": "DestinationCIDRs is a list of destination CIDRs for destination IP addresses.\nIf a destination IP matches any one CIDR, it will be selected.", "items": { "pattern": "^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\/([0-9]|[1-2][0-9]|3[0-2])$", "type": "string" }, "type": "array" }, "egressGateway": { "description": "EgressGateway is the gateway node responsible for SNATing traffic.", "properties": { "egressIP": { "description": "EgressIP is the source IP address that the egress traffic is SNATed\nwith.\n\nExample:\nWhen set to \"192.168.1.100\", matching egress traffic will be\nredirected to the node matching the NodeSelector field and SNATed\nwith IP address 192.168.1.100.\n\nWhen none of the Interface or EgressIP fields is specified, the\npolicy will use the first IPv4 assigned to the interface with the\ndefault route.", "format": "ipv4", "type": "string" }, "interface": { "description": "Interface is the network interface to which the egress IP address\nthat the traffic is SNATed with is assigned.\n\nExample:\nWhen set to \"eth1\", matching egress traffic will be redirected to the\nnode matching the NodeSelector field and SNATed with the first IPv4\naddress assigned to the eth1 interface.\n\nWhen none of the Interface or EgressIP fields is specified, the\npolicy will use the first IPv4 assigned to the interface with the\ndefault route.", "type": "string" }, "nodeSelector": { "description": "This is a label selector which selects the node that should act as\negress gateway for the given policy.\nIn case multiple nodes are selected, only the first one in the\nlexical ordering over the node names will be used.\nThis field follows standard label selector semantics.", "properties": { "matchExpressions": { "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "items": { "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { "key": { "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "enum": [ "In", "NotIn", "Exists", "DoesNotExist" ], "type": "string" }, "values": { "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "items": { "type": "string" }, "type": "array", "x-kubernetes-list-type": "atomic" } }, "required": [ "key", "operator" ], "type": "object", "additionalProperties": false }, "type": "array", "x-kubernetes-list-type": "atomic" }, "matchLabels": { "additionalProperties": { "description": "MatchLabelsValue represents the value from the MatchLabels {key,value} pair.", "maxLength": 63, "pattern": "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$", "type": "string" }, "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object" } }, "type": "object", "x-kubernetes-map-type": "atomic", "additionalProperties": false } }, "required": [ "nodeSelector" ], "type": "object", "additionalProperties": false }, "excludedCIDRs": { "description": "ExcludedCIDRs is a list of destination CIDRs that will be excluded\nfrom the egress gateway redirection and SNAT logic.\nShould be a subset of destinationCIDRs otherwise it will not have any\neffect.", "items": { "pattern": "^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\/([0-9]|[1-2][0-9]|3[0-2])$", "type": "string" }, "type": "array" }, "selectors": { "description": "Egress represents a list of rules by which egress traffic is\nfiltered from the source pods.", "items": { "properties": { "namespaceSelector": { "description": "Selects Namespaces using cluster-scoped labels. This field follows standard label\nselector semantics; if present but empty, it selects all namespaces.", "properties": { "matchExpressions": { "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "items": { "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { "key": { "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "enum": [ "In", "NotIn", "Exists", "DoesNotExist" ], "type": "string" }, "values": { "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "items": { "type": "string" }, "type": "array", "x-kubernetes-list-type": "atomic" } }, "required": [ "key", "operator" ], "type": "object", "additionalProperties": false }, "type": "array", "x-kubernetes-list-type": "atomic" }, "matchLabels": { "additionalProperties": { "description": "MatchLabelsValue represents the value from the MatchLabels {key,value} pair.", "maxLength": 63, "pattern": "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$", "type": "string" }, "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object" } }, "type": "object", "x-kubernetes-map-type": "atomic", "additionalProperties": false }, "nodeSelector": { "description": "This is a label selector which selects Pods by Node. This field follows standard label\nselector semantics; if present but empty, it selects all nodes.", "properties": { "matchExpressions": { "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "items": { "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { "key": { "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "enum": [ "In", "NotIn", "Exists", "DoesNotExist" ], "type": "string" }, "values": { "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "items": { "type": "string" }, "type": "array", "x-kubernetes-list-type": "atomic" } }, "required": [ "key", "operator" ], "type": "object", "additionalProperties": false }, "type": "array", "x-kubernetes-list-type": "atomic" }, "matchLabels": { "additionalProperties": { "description": "MatchLabelsValue represents the value from the MatchLabels {key,value} pair.", "maxLength": 63, "pattern": "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$", "type": "string" }, "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object" } }, "type": "object", "x-kubernetes-map-type": "atomic", "additionalProperties": false }, "podSelector": { "description": "This is a label selector which selects Pods. This field follows standard label\nselector semantics; if present but empty, it selects all pods.", "properties": { "matchExpressions": { "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "items": { "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { "key": { "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "enum": [ "In", "NotIn", "Exists", "DoesNotExist" ], "type": "string" }, "values": { "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "items": { "type": "string" }, "type": "array", "x-kubernetes-list-type": "atomic" } }, "required": [ "key", "operator" ], "type": "object", "additionalProperties": false }, "type": "array", "x-kubernetes-list-type": "atomic" }, "matchLabels": { "additionalProperties": { "description": "MatchLabelsValue represents the value from the MatchLabels {key,value} pair.", "maxLength": 63, "pattern": "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$", "type": "string" }, "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object" } }, "type": "object", "x-kubernetes-map-type": "atomic", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "type": "array" } }, "required": [ "destinationCIDRs", "egressGateway", "selectors" ], "type": "object", "additionalProperties": false } }, "required": [ "metadata" ], "type": "object" }