{ "description": "TrafficSelector is the Schema for the trafficselectors API", "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { "description": "TrafficSelectorSpec defines the desired state of TrafficSelector\nExactly one of {`Ingress`, `Egress`} pointers should be set.", "properties": { "egress": { "description": "Egress rule to be applied to the selected objects with subject as the frame of reference.", "minProperties": 1, "properties": { "ports": { "description": "Ports allows for matching traffic based on port and protocols.\nIf Ports is not set then the rule does not filter traffic via port.\nHowever, this is not currently supported and Ports (with at least 1 item) is required.", "items": { "description": "TrafficSelectorPort describes how to select network ports on pod(s).", "maxProperties": 1, "minProperties": 1, "properties": { "allPorts": { "description": "AllPorts selects all ports.", "properties": { "protocol": { "description": "Protocol is the network protocol (TCP, UDP) which traffic must match.", "enum": [ "UDP", "TCP" ], "type": "string" } }, "required": [ "protocol" ], "type": "object", "additionalProperties": false }, "portNumber": { "description": "Port selects a port on a pod(s) based on number.", "properties": { "port": { "description": "Number defines a network port value.", "format": "int32", "maximum": 65535, "minimum": 1, "type": "integer" }, "protocol": { "description": "Protocol is the network protocol (TCP, UDP) which traffic must match.", "enum": [ "UDP", "TCP" ], "type": "string" } }, "required": [ "port", "protocol" ], "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "maxItems": 10, "minItems": 1, "type": "array" }, "to": { "description": "Destination peer from which traffic will be steered by this TrafficSelector.\nIf this field is not present or empty, this rule matches all destination IPs.", "maxProperties": 1, "minProperties": 1, "properties": { "ipBlock": { "description": "IPBlock selects IP CIDR ranges.", "properties": { "cidr": { "description": "CIDR is a string representing the IP Block (e.g. \"192.168.1.1/24\", \"2001:db9::/64\").", "minLength": 1, "type": "string" } }, "required": [ "cidr" ], "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "ingress": { "description": "Ingress rule to be applied to the selected objects with subject as the frame of reference", "minProperties": 1, "properties": { "from": { "description": "Source peer from which traffic will be steered by this TrafficSelector.\nIf this field is not present or empty, this rule matches all source IPs.", "maxProperties": 1, "minProperties": 1, "properties": { "ipBlock": { "description": "IPBlock selects IP CIDR ranges.", "properties": { "cidr": { "description": "CIDR is a string representing the IP Block (e.g. \"192.168.1.1/24\", \"2001:db9::/64\").", "minLength": 1, "type": "string" } }, "required": [ "cidr" ], "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "ports": { "description": "Ports allows for matching traffic based on port and protocols.\nIf Ports is not set then the rule does not filter traffic via port.\nHowever, this is not currently supported and Ports (with at least 1 item) is required.", "items": { "description": "TrafficSelectorPort describes how to select network ports on pod(s).", "maxProperties": 1, "minProperties": 1, "properties": { "allPorts": { "description": "AllPorts selects all ports.", "properties": { "protocol": { "description": "Protocol is the network protocol (TCP, UDP) which traffic must match.", "enum": [ "UDP", "TCP" ], "type": "string" } }, "required": [ "protocol" ], "type": "object", "additionalProperties": false }, "portNumber": { "description": "Port selects a port on a pod(s) based on number.", "properties": { "port": { "description": "Number defines a network port value.", "format": "int32", "maximum": 65535, "minimum": 1, "type": "integer" }, "protocol": { "description": "Protocol is the network protocol (TCP, UDP) which traffic must match.", "enum": [ "UDP", "TCP" ], "type": "string" } }, "required": [ "port", "protocol" ], "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "maxItems": 10, "minItems": 1, "type": "array" } }, "type": "object", "additionalProperties": false }, "serviceFunctionChain": { "description": "ServiceFunctionChain defines the service chain where selected traffic should be sent.", "minLength": 1, "type": "string" }, "subject": { "description": "Subject defines what objects the TrafficSelector applies to.", "properties": { "network": { "description": "Network specifies to which network interfaces this TrafficSelector applies. All service\nfunctions in the referenced service chain must belong to the same network as the\nTrafficSelector to maintain network isolation. The default pod network is chosen if not\npresent.", "type": "string" }, "pods": { "description": "Allows the user to select a given set of pod(s) in selected namespace(s).", "properties": { "namespaceSelector": { "description": "This field follows standard label selector semantics. If empty, it selects all Namespaces.", "properties": { "matchExpressions": { "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "items": { "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { "key": { "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "items": { "type": "string" }, "type": "array" } }, "required": [ "key", "operator" ], "type": "object", "additionalProperties": false }, "type": "array" }, "matchLabels": { "additionalProperties": { "type": "string" }, "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object" } }, "type": "object", "x-kubernetes-map-type": "atomic", "additionalProperties": false }, "podSelector": { "description": "Used to explicitly select pods within a namespace; if empty, it selects all Pods.", "properties": { "matchExpressions": { "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "items": { "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { "key": { "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "items": { "type": "string" }, "type": "array" } }, "required": [ "key", "operator" ], "type": "object", "additionalProperties": false }, "type": "array" }, "matchLabels": { "additionalProperties": { "type": "string" }, "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object" } }, "type": "object", "x-kubernetes-map-type": "atomic", "additionalProperties": false } }, "required": [ "namespaceSelector", "podSelector" ], "type": "object", "additionalProperties": false } }, "required": [ "pods" ], "type": "object", "additionalProperties": false } }, "required": [ "serviceFunctionChain", "subject" ], "type": "object", "additionalProperties": false }, "status": { "description": "TrafficSelectorStatus defines the observed state of TrafficSelector", "type": "object" } }, "required": [ "spec" ], "type": "object" }