Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ingress: Create FromGroups resource #30708

Merged
merged 3 commits into from
Mar 12, 2024
Merged

ingress: Create FromGroups resource #30708

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
9fe893d
ingress: Rename FromGroups resource
Alex-Waring Feb 28, 2024
8a3cca8
abstract out ExtractCidrSet
Alex-Waring Feb 28, 2024
8c68fdb
ingress: Create FromGroups resource
Alex-Waring Feb 28, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
142 changes: 131 additions & 11 deletions pkg/k8s/apis/cilium.io/client/crds/v2/ciliumclusterwidenetworkpolicies.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -347,8 +347,8 @@ spec:
and the rule can select by multiple sub directives: \n Example:
toGroups: - aws: securityGroupsIds: - 'sg-XXXXXXXXXXXXX'"
items:
description: ToGroups structure to store all kinds of new
integrations that needs a new derivative policy.
description: Groups structure to store all kinds of new integrations
that needs a new derivative policy.
properties:
aws:
description: AWSGroup is an structure that can be used
Expand Down Expand Up @@ -1264,8 +1264,8 @@ spec:
and the rule can select by multiple sub directives: \n Example:
toGroups: - aws: securityGroupsIds: - 'sg-XXXXXXXXXXXXX'"
items:
description: ToGroups structure to store all kinds of new
integrations that needs a new derivative policy.
description: Groups structure to store all kinds of new integrations
that needs a new derivative policy.
properties:
aws:
description: AWSGroup is an structure that can be used
Expand Down Expand Up @@ -1787,6 +1787,36 @@ spec:
- kube-apiserver
type: string
type: array
fromGroups:
description: "FromGroups is a directive that allows the integration
with multiple outside providers. Currently, only AWS is supported,
and the rule can select by multiple sub directives: \n Example:
FromGroups: - aws: securityGroupsIds: - 'sg-XXXXXXXXXXXXX'"
items:
description: Groups structure to store all kinds of new integrations
that needs a new derivative policy.
properties:
aws:
description: AWSGroup is an structure that can be used
to whitelisting information from AWS integration
properties:
labels:
additionalProperties:
type: string
type: object
region:
type: string
securityGroupsIds:
items:
type: string
type: array
securityGroupsNames:
items:
type: string
type: array
type: object
type: object
type: array
fromNodes:
description: FromNodes is a list of nodes identified by an EndpointSelector
which are allowed to communicate with the endpoint subject
Expand Down Expand Up @@ -2428,9 +2458,9 @@ spec:
members are set, all of them need to match in order for the rule
to take effect. The exception to this rule is FromRequires field;
the effects of any Requires field in any rule will apply to all
other rules as well. \n - FromEndpoints, FromCIDR, FromCIDRSet
and FromEntities are mutually exclusive. Only one of these members
may be present within an individual rule."
other rules as well. \n - FromEndpoints, FromCIDR, FromCIDRSet,
FromGroups and FromEntities are mutually exclusive. Only one of
these members may be present within an individual rule."
properties:
fromCIDR:
description: "FromCIDR is a list of IP blocks which the endpoint
Expand Down Expand Up @@ -2588,6 +2618,36 @@ spec:
- kube-apiserver
type: string
type: array
fromGroups:
description: "FromGroups is a directive that allows the integration
with multiple outside providers. Currently, only AWS is supported,
and the rule can select by multiple sub directives: \n Example:
FromGroups: - aws: securityGroupsIds: - 'sg-XXXXXXXXXXXXX'"
items:
description: Groups structure to store all kinds of new integrations
that needs a new derivative policy.
properties:
aws:
description: AWSGroup is an structure that can be used
to whitelisting information from AWS integration
properties:
labels:
additionalProperties:
type: string
type: object
region:
type: string
securityGroupsIds:
items:
type: string
type: array
securityGroupsNames:
items:
type: string
type: array
type: object
type: object
type: array
fromNodes:
description: FromNodes is a list of nodes identified by an EndpointSelector
which are allowed to communicate with the endpoint subject
Expand Down Expand Up @@ -3210,7 +3270,7 @@ spec:
supported, and the rule can select by multiple sub directives:
\n Example: toGroups: - aws: securityGroupsIds: - 'sg-XXXXXXXXXXXXX'"
items:
description: ToGroups structure to store all kinds of new
description: Groups structure to store all kinds of new
integrations that needs a new derivative policy.
properties:
aws:
Expand Down Expand Up @@ -4142,7 +4202,7 @@ spec:
supported, and the rule can select by multiple sub directives:
\n Example: toGroups: - aws: securityGroupsIds: - 'sg-XXXXXXXXXXXXX'"
items:
description: ToGroups structure to store all kinds of new
description: Groups structure to store all kinds of new
integrations that needs a new derivative policy.
properties:
aws:
Expand Down Expand Up @@ -4671,6 +4731,36 @@ spec:
- kube-apiserver
type: string
type: array
fromGroups:
description: "FromGroups is a directive that allows the integration
with multiple outside providers. Currently, only AWS is
supported, and the rule can select by multiple sub directives:
\n Example: FromGroups: - aws: securityGroupsIds: - 'sg-XXXXXXXXXXXXX'"
items:
description: Groups structure to store all kinds of new
integrations that needs a new derivative policy.
properties:
aws:
description: AWSGroup is an structure that can be used
to whitelisting information from AWS integration
properties:
labels:
additionalProperties:
type: string
type: object
region:
type: string
securityGroupsIds:
items:
type: string
type: array
securityGroupsNames:
items:
type: string
type: array
type: object
type: object
type: array
fromNodes:
description: FromNodes is a list of nodes identified by an
EndpointSelector which are allowed to communicate with the
Expand Down Expand Up @@ -5324,8 +5414,8 @@ spec:
to match in order for the rule to take effect. The exception
to this rule is FromRequires field; the effects of any Requires
field in any rule will apply to all other rules as well. \n
- FromEndpoints, FromCIDR, FromCIDRSet and FromEntities are
mutually exclusive. Only one of these members may be present
- FromEndpoints, FromCIDR, FromCIDRSet, FromGroups and FromEntities
are mutually exclusive. Only one of these members may be present
within an individual rule."
properties:
fromCIDR:
Expand Down Expand Up @@ -5485,6 +5575,36 @@ spec:
- kube-apiserver
type: string
type: array
fromGroups:
description: "FromGroups is a directive that allows the integration
with multiple outside providers. Currently, only AWS is
supported, and the rule can select by multiple sub directives:
\n Example: FromGroups: - aws: securityGroupsIds: - 'sg-XXXXXXXXXXXXX'"
items:
description: Groups structure to store all kinds of new
integrations that needs a new derivative policy.
properties:
aws:
description: AWSGroup is an structure that can be used
to whitelisting information from AWS integration
properties:
labels:
additionalProperties:
type: string
type: object
region:
type: string
securityGroupsIds:
items:
type: string
type: array
securityGroupsNames:
items:
type: string
type: array
type: object
type: object
type: array
fromNodes:
description: FromNodes is a list of nodes identified by an
EndpointSelector which are allowed to communicate with the
Expand Down