-
Notifications
You must be signed in to change notification settings - Fork 99
/
types.go
108 lines (90 loc) · 3.38 KB
/
types.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
// Unless explicitly stated otherwise all files in this repository are licensed
// under the Apache License Version 2.0.
// This product includes software developed at Datadog (https://www.datadoghq.com/).
// Copyright 2016-present Datadog, Inc.
package cilium
import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)
// Protocol is a Cilium network protocol
type Protocol string
const (
// ProtocolTCP refers to the TCP network protocol
ProtocolTCP Protocol = "TCP"
// ProtocolUDP refers to the UDP network protocol
ProtocolUDP Protocol = "UDP"
// ProtocolAny refers to any network protocol
ProtocolAny Protocol = "ANY"
)
// Entity is a Cilium rule entity
type Entity string
const (
// EntityHost is a host entity
EntityHost Entity = "host"
// EntityRemoteNode is a remote-node entity
EntityRemoteNode Entity = "remote-node"
// EntityWorld is a world entity
EntityWorld Entity = "world"
)
// NetworkPolicy is a Cilium network policy
type NetworkPolicy struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
Specs []NetworkPolicySpec `json:"specs,omitempty"`
}
// NetworkPolicySpec is a Cilium network policy spec
type NetworkPolicySpec struct {
Description string `json:"description,omitempty"`
EndpointSelector metav1.LabelSelector `json:"endpointSelector,omitempty"`
Ingress []IngressRule `json:"ingress,omitempty"`
Egress []EgressRule `json:"egress,omitempty"`
}
// IngressRule is a Cilium ingress rule
type IngressRule struct {
FromEndpoints []metav1.LabelSelector `json:"fromEndpoints,omitempty"`
FromEntities []Entity `json:"fromEntities,omitempty"`
ToPorts []PortRule `json:"toPorts,omitempty"`
}
// EgressRule is a Cilium egress rule
type EgressRule struct {
ToCIDR []string `json:"toCIDR,omitempty"`
ToPorts []PortRule `json:"toPorts,omitempty"`
ToEndpoints []metav1.LabelSelector `json:"toEndpoints,omitempty"`
ToFQDNs []FQDNSelector `json:"toFQDNs,omitempty"`
ToEntities []Entity `json:"toEntities,omitempty"`
ToServices []Service `json:"toServices,omitempty"`
}
// PortRule is a Cilium port rule
type PortRule struct {
Ports []PortProtocol `json:"ports,omitempty"`
Rules *L7Rules `json:"rules,omitempty"`
}
// PortProtocol is a Cilium port protocol
type PortProtocol struct {
Port string `json:"port,omitempty"`
Protocol Protocol `json:"protocol,omitempty"`
}
// L7Rules is a Cilium L7 port rule
type L7Rules struct {
DNS []FQDNSelector `json:"dns,omitempty"`
}
// FQDNSelector is a Cilium FQDN selector
type FQDNSelector struct {
MatchName string `json:"matchName,omitempty"`
MatchPattern string `json:"matchPattern,omitempty"`
}
// Service is a Cilium service selector
type Service struct {
K8sServiceSelector *K8sServiceSelectorNamespace `json:"k8sServiceSelector,omitempty"`
K8sService *K8sServiceNamespace `json:"k8sService,omitempty"`
}
// K8sServiceNamespace is a Cilium service + namespace
type K8sServiceNamespace struct {
ServiceName string `json:"serviceName,omitempty"`
Namespace string `json:"namespace,omitempty"`
}
// K8sServiceSelectorNamespace is a Cilium service selector + namespace
type K8sServiceSelectorNamespace struct {
Selector metav1.LabelSelector `json:"selector"`
Namespace string `json:"namespace,omitempty"`
}