diff --git a/Makefile b/Makefile index 6a5ad268..a330fad8 100644 --- a/Makefile +++ b/Makefile @@ -112,7 +112,7 @@ ENVTEST_ASSETS_DIR=$(shell pwd)/testbin test-only: envtest ## Only run tests. KUBEBUILDER_ASSETS="$(shell $(ENVTEST) use $(ENVTEST_K8S_VERSION) -p path)" go test ./... -coverprofile cover.out -.PHONY: openapi-extractor +.PHONY: extract-openapi extract-openapi: envtest openapi-extractor KUBEBUILDER_ASSETS="$(shell $(ENVTEST) use $(ENVTEST_K8S_VERSION) -p path)" $(OPENAPI_EXTRACTOR) \ --apiserver-package="github.com/ironcore-dev/ironcore-net/cmd/apiserver" \ diff --git a/api/core/v1alpha1/common_types.go b/api/core/v1alpha1/common_types.go index 3f82bda7..7488f293 100644 --- a/api/core/v1alpha1/common_types.go +++ b/api/core/v1alpha1/common_types.go @@ -3,6 +3,11 @@ package v1alpha1 +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/types" +) + const ( ReconcileRequestAnnotation = "reconcile.apinet.ironcore.dev/requestedAt" @@ -28,3 +33,20 @@ func APINetletCommonName(name string) string { func MetalnetletCommonName(name string) string { return MetalnetletUserNamePrefix + name } + +// ObjectSelector specifies how to select objects of a certain kind. +type ObjectSelector struct { + // Kind is the kind of object to select. + Kind string `json:"kind"` + // LabelSelector is the label selector to select objects of the specified Kind by. + metav1.LabelSelector `json:",inline"` +} + +// LocalUIDReference is a reference to another entity including its UID +// +structType=atomic +type LocalUIDReference struct { + // Name is the name of the referenced entity. + Name string `json:"name"` + // UID is the UID of the referenced entity. + UID types.UID `json:"uid"` +} diff --git a/api/core/v1alpha1/networkpolicy_types.go b/api/core/v1alpha1/networkpolicy_types.go new file mode 100644 index 00000000..2d3f9f7a --- /dev/null +++ b/api/core/v1alpha1/networkpolicy_types.go @@ -0,0 +1,118 @@ +// SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and IronCore contributors +// SPDX-License-Identifier: Apache-2.0 + +package v1alpha1 + +import ( + "github.com/ironcore-dev/ironcore-net/apimachinery/api/net" + corev1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +type NetworkPolicySpec struct { + // NetworkRef is the network to regulate using this policy. + NetworkRef corev1.LocalObjectReference `json:"networkRef"` + // NetworkInterfaceSelector selects the network interfaces that are subject to this policy. + NetworkInterfaceSelector metav1.LabelSelector `json:"networkInterfaceSelector"` + // Priority is an optional field that specifies the order in which the policy is applied. + // Policies with higher "order" are applied after those with lower + // order. If the order is omitted, it may be considered to be "infinite" - i.e. the + // policy will be applied last. Policies with identical order will be applied in + // alphanumerical order based on the Policy "Name". + Priority *int32 `json:"priority,omitempty"` + // Ingress specifies rules for ingress traffic. + Ingress []NetworkPolicyIngressRule `json:"ingress,omitempty"` + // Egress specifies rules for egress traffic. + Egress []NetworkPolicyEgressRule `json:"egress,omitempty"` + // PolicyTypes specifies the types of policies this network policy contains. + PolicyTypes []PolicyType `json:"policyTypes,omitempty"` +} + +// NetworkPolicyPort describes a port to allow traffic on +type NetworkPolicyPort struct { + // Protocol (TCP, UDP, or SCTP) which traffic must match. If not specified, this + // field defaults to TCP. + Protocol *corev1.Protocol `json:"protocol,omitempty"` + + // The port on the given protocol. If this field is not provided, this matches + // all port names and numbers. + // If present, only traffic on the specified protocol AND port will be matched. + Port int32 `json:"port,omitempty"` + + // EndPort indicates that the range of ports from Port to EndPort, inclusive, + // should be allowed by the policy. This field cannot be defined if the port field + // is not defined. The endPort must be equal or greater than port. + EndPort *int32 `json:"endPort,omitempty" protobuf:"bytes,3,opt,name=endPort"` +} + +// IPBlock specifies an ip block with optional exceptions. +type IPBlock struct { + // CIDR is a string representing the ip block. + CIDR net.IPPrefix `json:"cidr"` + // Except is a slice of CIDRs that should not be included within the specified CIDR. + // Values will be rejected if they are outside CIDR. + Except []net.IPPrefix `json:"except,omitempty"` +} + +// NetworkPolicyPeer describes a peer to allow traffic to / from. +type NetworkPolicyPeer struct { + // ObjectSelector selects peers with the given kind matching the label selector. + // Exclusive with other peer specifiers. + ObjectSelector *ObjectSelector `json:"objectSelector,omitempty"` + // IPBlock specifies the ip block from or to which network traffic may come. + IPBlock *IPBlock `json:"ipBlock,omitempty"` +} + +// NetworkPolicyIngressRule describes a rule to regulate ingress traffic with. +type NetworkPolicyIngressRule struct { + // From specifies the list of sources which should be able to send traffic to the + // selected network interfaces. Fields are combined using a logical OR. Empty matches all sources. + // As soon as a single item is present, only these peers are allowed. + From []NetworkPolicyPeer `json:"from,omitempty"` + // Ports specifies the list of ports which should be made accessible for + // this rule. Each item in this list is combined using a logical OR. Empty matches all ports. + // As soon as a single item is present, only these ports are allowed. + Ports []NetworkPolicyPort `json:"ports,omitempty"` +} + +// NetworkPolicyEgressRule describes a rule to regulate egress traffic with. +type NetworkPolicyEgressRule struct { + // Ports specifies the list of destination ports that can be called with + // this rule. Each item in this list is combined using a logical OR. Empty matches all ports. + // As soon as a single item is present, only these ports are allowed. + Ports []NetworkPolicyPort `json:"ports,omitempty"` + // To specifies the list of destinations which the selected network interfaces should be + // able to send traffic to. Fields are combined using a logical OR. Empty matches all destinations. + // As soon as a single item is present, only these peers are allowed. + To []NetworkPolicyPeer `json:"to,omitempty"` +} + +// PolicyType is a type of policy. +type PolicyType string + +const ( + // PolicyTypeIngress is a policy that describes ingress traffic. + PolicyTypeIngress PolicyType = "Ingress" + // PolicyTypeEgress is a policy that describes egress traffic. + PolicyTypeEgress PolicyType = "Egress" +) + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +genclient + +// NetworkPolicy is the Schema for the networkpolicies API. +type NetworkPolicy struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + Spec NetworkPolicySpec `json:"spec,omitempty"` +} + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// NetworkPolicyList contains a list of NetworkPolicy. +type NetworkPolicyList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []NetworkPolicy `json:"items"` +} diff --git a/api/core/v1alpha1/networkpolicyrule_types.go b/api/core/v1alpha1/networkpolicyrule_types.go new file mode 100644 index 00000000..ca7800f2 --- /dev/null +++ b/api/core/v1alpha1/networkpolicyrule_types.go @@ -0,0 +1,64 @@ +// SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and IronCore contributors +// SPDX-License-Identifier: Apache-2.0 + +package v1alpha1 + +import ( + "github.com/ironcore-dev/ironcore-net/apimachinery/api/net" + corev1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +genclient + +// NetworkPolicyRule is the schema for the networkpolicyrules API. +type NetworkPolicyRule struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + // NetworkRef is the network the load balancer is assigned to. + NetworkRef LocalUIDReference `json:"networkRef"` + // Targets are the targets of the network policy. + Targets []TargetNetworkInterface `json:"targets,omitempty"` + // Priority is an optional field that specifies the order in which the policy is applied. + Priority *int32 `json:"priority,omitempty"` + // IngressRules are the ingress rules. + IngressRules []Rule `json:"ingressRule,omitempty"` + // EgressRules are the egress rules. + EgressRules []Rule `json:"egressRule,omitempty"` +} + +// TargetNetworkInterface is the target of the network policy. +type TargetNetworkInterface struct { + // IP is the IP address of the target network interface. + IP net.IP `json:"ip"` + // TargetRef is the target providing the destination. + TargetRef *LocalUIDReference `json:"targetRef,omitempty"` +} + +type Rule struct { + // CIDRBlock specifies the CIDR block from which network traffic may come or go. + CIDRBlock []IPBlock `json:"ipBlock,omitempty"` + // ObjectIPs are the object IPs the rule applies to. + ObjectIPs []ObjectIP `json:"ips,omitempty"` + // NetworkPolicyPorts are the protocol type and ports. + NetworkPolicyPorts []NetworkPolicyPort `json:"networkPolicyPorts,omitempty"` +} + +type ObjectIP struct { + // IPFamily is the IPFamily of the prefix. + // If unset but Prefix is set, this can be inferred. + IPFamily corev1.IPFamily `json:"ipFamily,omitempty"` + // Prefix is the prefix of the IP. + Prefix net.IPPrefix `json:"prefix,omitempty"` +} + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// NetworkPolicyRulesList contains a list of NetworkPolicyRule. +type NetworkPolicyRuleList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []NetworkPolicyRule `json:"items"` +} diff --git a/api/core/v1alpha1/register.go b/api/core/v1alpha1/register.go index 663ffaf2..5a08a1fe 100644 --- a/api/core/v1alpha1/register.go +++ b/api/core/v1alpha1/register.go @@ -55,6 +55,10 @@ func addKnownTypes(scheme *runtime.Scheme) error { &NetworkIDList{}, &NetworkInterface{}, &NetworkInterfaceList{}, + &NetworkPolicy{}, + &NetworkPolicyList{}, + &NetworkPolicyRule{}, + &NetworkPolicyRuleList{}, &Node{}, &NodeList{}, ) diff --git a/api/core/v1alpha1/zz_generated.deepcopy.go b/api/core/v1alpha1/zz_generated.deepcopy.go index 7153a27e..bb57cfa9 100644 --- a/api/core/v1alpha1/zz_generated.deepcopy.go +++ b/api/core/v1alpha1/zz_generated.deepcopy.go @@ -267,6 +267,30 @@ func (in *IPAddressSpec) DeepCopy() *IPAddressSpec { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IPBlock) DeepCopyInto(out *IPBlock) { + *out = *in + in.CIDR.DeepCopyInto(&out.CIDR) + if in.Except != nil { + in, out := &in.Except, &out.Except + *out = make([]net.IPPrefix, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IPBlock. +func (in *IPBlock) DeepCopy() *IPBlock { + if in == nil { + return nil + } + out := new(IPBlock) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *IPClaimRef) DeepCopyInto(out *IPClaimRef) { *out = *in @@ -820,6 +844,22 @@ func (in *LoadBalancerTargetRef) DeepCopy() *LoadBalancerTargetRef { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *LocalUIDReference) DeepCopyInto(out *LocalUIDReference) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LocalUIDReference. +func (in *LocalUIDReference) DeepCopy() *LocalUIDReference { + if in == nil { + return nil + } + out := new(LocalUIDReference) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *NATGateway) DeepCopyInto(out *NATGateway) { *out = *in @@ -1554,6 +1594,306 @@ func (in *NetworkPeeringStatus) DeepCopy() *NetworkPeeringStatus { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NetworkPolicy) DeepCopyInto(out *NetworkPolicy) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkPolicy. +func (in *NetworkPolicy) DeepCopy() *NetworkPolicy { + if in == nil { + return nil + } + out := new(NetworkPolicy) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *NetworkPolicy) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NetworkPolicyEgressRule) DeepCopyInto(out *NetworkPolicyEgressRule) { + *out = *in + if in.Ports != nil { + in, out := &in.Ports, &out.Ports + *out = make([]NetworkPolicyPort, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.To != nil { + in, out := &in.To, &out.To + *out = make([]NetworkPolicyPeer, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkPolicyEgressRule. +func (in *NetworkPolicyEgressRule) DeepCopy() *NetworkPolicyEgressRule { + if in == nil { + return nil + } + out := new(NetworkPolicyEgressRule) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NetworkPolicyIngressRule) DeepCopyInto(out *NetworkPolicyIngressRule) { + *out = *in + if in.From != nil { + in, out := &in.From, &out.From + *out = make([]NetworkPolicyPeer, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Ports != nil { + in, out := &in.Ports, &out.Ports + *out = make([]NetworkPolicyPort, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkPolicyIngressRule. +func (in *NetworkPolicyIngressRule) DeepCopy() *NetworkPolicyIngressRule { + if in == nil { + return nil + } + out := new(NetworkPolicyIngressRule) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NetworkPolicyList) DeepCopyInto(out *NetworkPolicyList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]NetworkPolicy, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkPolicyList. +func (in *NetworkPolicyList) DeepCopy() *NetworkPolicyList { + if in == nil { + return nil + } + out := new(NetworkPolicyList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *NetworkPolicyList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NetworkPolicyPeer) DeepCopyInto(out *NetworkPolicyPeer) { + *out = *in + if in.ObjectSelector != nil { + in, out := &in.ObjectSelector, &out.ObjectSelector + *out = new(ObjectSelector) + (*in).DeepCopyInto(*out) + } + if in.IPBlock != nil { + in, out := &in.IPBlock, &out.IPBlock + *out = new(IPBlock) + (*in).DeepCopyInto(*out) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkPolicyPeer. +func (in *NetworkPolicyPeer) DeepCopy() *NetworkPolicyPeer { + if in == nil { + return nil + } + out := new(NetworkPolicyPeer) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NetworkPolicyPort) DeepCopyInto(out *NetworkPolicyPort) { + *out = *in + if in.Protocol != nil { + in, out := &in.Protocol, &out.Protocol + *out = new(corev1.Protocol) + **out = **in + } + if in.EndPort != nil { + in, out := &in.EndPort, &out.EndPort + *out = new(int32) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkPolicyPort. +func (in *NetworkPolicyPort) DeepCopy() *NetworkPolicyPort { + if in == nil { + return nil + } + out := new(NetworkPolicyPort) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NetworkPolicyRule) DeepCopyInto(out *NetworkPolicyRule) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + out.NetworkRef = in.NetworkRef + if in.Targets != nil { + in, out := &in.Targets, &out.Targets + *out = make([]TargetNetworkInterface, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Priority != nil { + in, out := &in.Priority, &out.Priority + *out = new(int32) + **out = **in + } + if in.IngressRules != nil { + in, out := &in.IngressRules, &out.IngressRules + *out = make([]Rule, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.EgressRules != nil { + in, out := &in.EgressRules, &out.EgressRules + *out = make([]Rule, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkPolicyRule. +func (in *NetworkPolicyRule) DeepCopy() *NetworkPolicyRule { + if in == nil { + return nil + } + out := new(NetworkPolicyRule) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *NetworkPolicyRule) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NetworkPolicyRuleList) DeepCopyInto(out *NetworkPolicyRuleList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]NetworkPolicyRule, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkPolicyRuleList. +func (in *NetworkPolicyRuleList) DeepCopy() *NetworkPolicyRuleList { + if in == nil { + return nil + } + out := new(NetworkPolicyRuleList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *NetworkPolicyRuleList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NetworkPolicySpec) DeepCopyInto(out *NetworkPolicySpec) { + *out = *in + out.NetworkRef = in.NetworkRef + in.NetworkInterfaceSelector.DeepCopyInto(&out.NetworkInterfaceSelector) + if in.Priority != nil { + in, out := &in.Priority, &out.Priority + *out = new(int32) + **out = **in + } + if in.Ingress != nil { + in, out := &in.Ingress, &out.Ingress + *out = make([]NetworkPolicyIngressRule, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Egress != nil { + in, out := &in.Egress, &out.Egress + *out = make([]NetworkPolicyEgressRule, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.PolicyTypes != nil { + in, out := &in.PolicyTypes, &out.PolicyTypes + *out = make([]PolicyType, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkPolicySpec. +func (in *NetworkPolicySpec) DeepCopy() *NetworkPolicySpec { + if in == nil { + return nil + } + out := new(NetworkPolicySpec) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *NetworkSpec) DeepCopyInto(out *NetworkSpec) { *out = *in @@ -1784,6 +2124,40 @@ func (in *NodeStatus) DeepCopy() *NodeStatus { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ObjectIP) DeepCopyInto(out *ObjectIP) { + *out = *in + in.Prefix.DeepCopyInto(&out.Prefix) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ObjectIP. +func (in *ObjectIP) DeepCopy() *ObjectIP { + if in == nil { + return nil + } + out := new(ObjectIP) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ObjectSelector) DeepCopyInto(out *ObjectSelector) { + *out = *in + in.LabelSelector.DeepCopyInto(&out.LabelSelector) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ObjectSelector. +func (in *ObjectSelector) DeepCopy() *ObjectSelector { + if in == nil { + return nil + } + out := new(ObjectSelector) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *PCIAddress) DeepCopyInto(out *PCIAddress) { *out = *in @@ -1800,6 +2174,65 @@ func (in *PCIAddress) DeepCopy() *PCIAddress { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Rule) DeepCopyInto(out *Rule) { + *out = *in + if in.CIDRBlock != nil { + in, out := &in.CIDRBlock, &out.CIDRBlock + *out = make([]IPBlock, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.ObjectIPs != nil { + in, out := &in.ObjectIPs, &out.ObjectIPs + *out = make([]ObjectIP, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.NetworkPolicyPorts != nil { + in, out := &in.NetworkPolicyPorts, &out.NetworkPolicyPorts + *out = make([]NetworkPolicyPort, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Rule. +func (in *Rule) DeepCopy() *Rule { + if in == nil { + return nil + } + out := new(Rule) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TargetNetworkInterface) DeepCopyInto(out *TargetNetworkInterface) { + *out = *in + in.IP.DeepCopyInto(&out.IP) + if in.TargetRef != nil { + in, out := &in.TargetRef, &out.TargetRef + *out = new(LocalUIDReference) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TargetNetworkInterface. +func (in *TargetNetworkInterface) DeepCopy() *TargetNetworkInterface { + if in == nil { + return nil + } + out := new(TargetNetworkInterface) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *TopologySpreadConstraint) DeepCopyInto(out *TopologySpreadConstraint) { *out = *in diff --git a/apinetlet/client/client.go b/apinetlet/client/client.go index 92203f5f..50d437bf 100644 --- a/apinetlet/client/client.go +++ b/apinetlet/client/client.go @@ -3,6 +3,38 @@ package client +import ( + "context" + + apinetv1alpha1 "github.com/ironcore-dev/ironcore-net/api/core/v1alpha1" + "sigs.k8s.io/controller-runtime/pkg/client" + "sigs.k8s.io/controller-runtime/pkg/reconcile" +) + const ( NetworkInterfaceProviderIDField = ".status.providerID" + NetworkPolicyNetworkNameField = "networkpolicy-network-name" ) + +func SetupNetworkPolicyNetworkNameFieldIndexer(ctx context.Context, indexer client.FieldIndexer) error { + return indexer.IndexField(ctx, &apinetv1alpha1.NetworkPolicy{}, NetworkPolicyNetworkNameField, func(obj client.Object) []string { + networkPolicy := obj.(*apinetv1alpha1.NetworkPolicy) + return []string{networkPolicy.Spec.NetworkRef.Name} + }) +} + +type Object[O any] interface { + client.Object + *O +} + +func ReconcileRequestsFromObjectStructSlice[O Object[OStruct], S ~[]OStruct, OStruct any](objs S) []reconcile.Request { + res := make([]reconcile.Request, len(objs)) + for i := range objs { + obj := O(&objs[i]) + res[i] = reconcile.Request{ + NamespacedName: client.ObjectKeyFromObject(obj), + } + } + return res +} diff --git a/apinetlet/controllers/controllers_suite_test.go b/apinetlet/controllers/controllers_suite_test.go index 8f9f13a6..72f44a48 100644 --- a/apinetlet/controllers/controllers_suite_test.go +++ b/apinetlet/controllers/controllers_suite_test.go @@ -11,6 +11,9 @@ import ( "github.com/ironcore-dev/controller-utils/buildutils" "github.com/ironcore-dev/controller-utils/modutils" + apinetletclient "github.com/ironcore-dev/ironcore-net/apinetlet/client" + apinetclient "github.com/ironcore-dev/ironcore-net/internal/client" + apinetv1alpha1 "github.com/ironcore-dev/ironcore-net/api/core/v1alpha1" "github.com/ironcore-dev/ironcore-net/client-go/ironcorenet" ipamv1alpha1 "github.com/ironcore-dev/ironcore/api/ipam/v1alpha1" @@ -138,6 +141,9 @@ func SetupTest(apiNetNamespace *corev1.Namespace) *corev1.Namespace { }) Expect(err).ToNot(HaveOccurred()) + Expect(apinetletclient.SetupNetworkPolicyNetworkNameFieldIndexer(ctx, k8sManager.GetFieldIndexer())).To(Succeed()) + Expect(apinetclient.SetupNetworkInterfaceNetworkNameFieldIndexer(ctx, k8sManager.GetFieldIndexer())).To(Succeed()) + apiNetInterface := ironcorenet.NewForConfigOrDie(cfg) // register reconciler here @@ -174,12 +180,20 @@ func SetupTest(apiNetNamespace *corev1.Namespace) *corev1.Namespace { APINetNamespace: apiNetNamespace.Name, }).SetupWithManager(k8sManager, k8sManager.GetCache())).To(Succeed()) + Expect((&NetworkPolicyReconciler{ + Client: k8sManager.GetClient(), + APINetClient: k8sManager.GetClient(), + APINetInterface: apiNetInterface, + APINetNamespace: apiNetNamespace.Name, + }).SetupWithManager(k8sManager, k8sManager.GetCache())).To(Succeed()) + mgrCtx, cancel := context.WithCancel(context.Background()) DeferCleanup(cancel) go func() { defer GinkgoRecover() Expect(k8sManager.Start(mgrCtx)).To(Succeed(), "failed to start manager") }() + }) return apiNetNamespace diff --git a/apinetlet/controllers/conversion.go b/apinetlet/controllers/conversion.go index 8aa8c516..8e433f39 100644 --- a/apinetlet/controllers/conversion.go +++ b/apinetlet/controllers/conversion.go @@ -11,9 +11,13 @@ import ( apinetv1alpha1 "github.com/ironcore-dev/ironcore-net/api/core/v1alpha1" "github.com/ironcore-dev/ironcore-net/apimachinery/api/net" apinetv1alpha1ac "github.com/ironcore-dev/ironcore-net/client-go/applyconfigurations/core/v1alpha1" + apinetmetav1ac "github.com/ironcore-dev/ironcore-net/client-go/applyconfigurations/meta/v1" + commonv1alpha1 "github.com/ironcore-dev/ironcore/api/common/v1alpha1" + corev1alpha1 "github.com/ironcore-dev/ironcore/api/core/v1alpha1" networkingv1alpha1 "github.com/ironcore-dev/ironcore/api/networking/v1alpha1" utilslices "github.com/ironcore-dev/ironcore/utils/slices" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) func ipToAPINetIP(ip commonv1alpha1.IP) net.IP { @@ -87,3 +91,85 @@ func apiNetNetworkPeeringsStatusToNetworkPeeringsStatus(peerings []apinetv1alpha } return networkPeeringsStatus } + +func networkPolicyTypesToAPINetNetworkPolicyTypes(policyTypes []networkingv1alpha1.PolicyType) ([]apinetv1alpha1.PolicyType, error) { + var apiNetPolicyTypes []apinetv1alpha1.PolicyType + for _, policyType := range policyTypes { + switch policyType { + case networkingv1alpha1.PolicyTypeIngress: + apiNetPolicyTypes = append(apiNetPolicyTypes, apinetv1alpha1.PolicyTypeIngress) + case networkingv1alpha1.PolicyTypeEgress: + apiNetPolicyTypes = append(apiNetPolicyTypes, apinetv1alpha1.PolicyTypeEgress) + default: + return nil, fmt.Errorf("invalid policy type: %s", policyType) + } + } + return apiNetPolicyTypes, nil +} + +func translatePeers(peers []networkingv1alpha1.NetworkPolicyPeer) []apinetv1alpha1ac.NetworkPolicyPeerApplyConfiguration { + var apiNetPeers []apinetv1alpha1ac.NetworkPolicyPeerApplyConfiguration + for _, peer := range peers { + apiNetPeer := apinetv1alpha1ac.NetworkPolicyPeer(). + WithObjectSelector(translateObjectSelector(peer.ObjectSelector)). + WithIPBlock(translateIPBlock(peer.IPBlock)) + apiNetPeers = append(apiNetPeers, *apiNetPeer) + } + return apiNetPeers +} + +func translateIPBlock(ipBlock *networkingv1alpha1.IPBlock) *apinetv1alpha1ac.IPBlockApplyConfiguration { + if ipBlock == nil { + return nil + } + + var except []net.IPPrefix + for _, prefix := range ipBlock.Except { + except = append(except, net.IPPrefix(prefix)) + } + + return apinetv1alpha1ac.IPBlock(). + WithCIDR(net.IPPrefix(ipBlock.CIDR)). + WithExcept(except...) +} + +func translateObjectSelector(objSel *corev1alpha1.ObjectSelector) *apinetv1alpha1ac.ObjectSelectorApplyConfiguration { + if objSel == nil { + return nil + } + + return apinetv1alpha1ac.ObjectSelector(). + WithKind(objSel.Kind). + WithMatchLabels(objSel.MatchLabels). + WithMatchExpressions(translateLabelSelectorRequirements(objSel.MatchExpressions)...) +} + +func translateLabelSelectorRequirements(reqs []metav1.LabelSelectorRequirement) []*apinetmetav1ac.LabelSelectorRequirementApplyConfiguration { + var translated []*apinetmetav1ac.LabelSelectorRequirementApplyConfiguration + for _, req := range reqs { + translated = append(translated, apinetmetav1ac.LabelSelectorRequirement(). + WithKey(req.Key). + WithOperator(req.Operator). + WithValues(req.Values...)) + } + return translated +} + +func translateLabelSelector(labelSelector metav1.LabelSelector) *apinetmetav1ac.LabelSelectorApplyConfiguration { + return apinetmetav1ac.LabelSelector(). + WithMatchLabels(labelSelector.MatchLabels). + WithMatchExpressions(translateLabelSelectorRequirements(labelSelector.MatchExpressions)...) +} + +func translatePorts(ports []networkingv1alpha1.NetworkPolicyPort) []apinetv1alpha1ac.NetworkPolicyPortApplyConfiguration { + var apiNetPorts []apinetv1alpha1ac.NetworkPolicyPortApplyConfiguration + for _, port := range ports { + apiNetPort := apinetv1alpha1ac.NetworkPolicyPortApplyConfiguration{ + Protocol: port.Protocol, + Port: &port.Port, + EndPort: port.EndPort, + } + apiNetPorts = append(apiNetPorts, apiNetPort) + } + return apiNetPorts +} diff --git a/apinetlet/controllers/helper.go b/apinetlet/controllers/helper.go index d8c5fc0e..0a3fb77e 100644 --- a/apinetlet/controllers/helper.go +++ b/apinetlet/controllers/helper.go @@ -7,6 +7,7 @@ import ( "context" "fmt" + apinetv1alpha1 "github.com/ironcore-dev/ironcore-net/api/core/v1alpha1" ipamv1alpha1 "github.com/ironcore-dev/ironcore/api/ipam/v1alpha1" networkingv1alpha1 "github.com/ironcore-dev/ironcore/api/networking/v1alpha1" apierrors "k8s.io/apimachinery/pkg/api/errors" @@ -27,6 +28,17 @@ func getAPINetNetworkName(ctx context.Context, c client.Client, networkKey clien return string(network.UID), nil } +func getApiNetNetwork(ctx context.Context, c client.Client, apiNetNetworkKey client.ObjectKey) (*apinetv1alpha1.Network, error) { + network := &apinetv1alpha1.Network{} + if err := c.Get(ctx, apiNetNetworkKey, network); err != nil { + if !apierrors.IsNotFound(err) { + return nil, fmt.Errorf("error getting apiNetNetwork %s: %w", apiNetNetworkKey.Name, err) + } + return nil, nil + } + return network, nil +} + func isPrefixAllocated(prefix *ipamv1alpha1.Prefix) bool { return prefix.Status.Phase == ipamv1alpha1.PrefixPhaseAllocated } diff --git a/apinetlet/controllers/networkinterface_controller.go b/apinetlet/controllers/networkinterface_controller.go index 37a93df1..409e91e2 100644 --- a/apinetlet/controllers/networkinterface_controller.go +++ b/apinetlet/controllers/networkinterface_controller.go @@ -222,7 +222,18 @@ func (s *apiNetNetworkInterfaceClaimStrategy) ClaimState(claimer client.Object, func (s *apiNetNetworkInterfaceClaimStrategy) Adopt(ctx context.Context, claimer client.Object, obj client.Object) error { apiNetNic := obj.(*apinetv1alpha1.NetworkInterface) base := apiNetNic.DeepCopy() - metautils.SetLabels(apiNetNic, apinetletclient.SourceLabels(s.Scheme(), s.RESTMapper(), claimer)) + combinedLabels := make(map[string]string) + if claimerLabels := claimer.GetLabels(); claimerLabels != nil { + for key, value := range claimerLabels { + combinedLabels[key] = value + } + } + if sourceLabels := apinetletclient.SourceLabels(s.Scheme(), s.RESTMapper(), claimer); sourceLabels != nil { + for key, value := range sourceLabels { + combinedLabels[key] = value + } + } + apiNetNic.SetLabels(combinedLabels) return s.Patch(ctx, apiNetNic, client.StrategicMergeFrom(base)) } diff --git a/apinetlet/controllers/networkinterface_controller_test.go b/apinetlet/controllers/networkinterface_controller_test.go index 41c28058..f5a237ea 100644 --- a/apinetlet/controllers/networkinterface_controller_test.go +++ b/apinetlet/controllers/networkinterface_controller_test.go @@ -64,6 +64,9 @@ var _ = Describe("NetworkInterfaceController", func() { ObjectMeta: metav1.ObjectMeta{ Namespace: ns.Name, GenerateName: "nic-", + Labels: map[string]string{ + "app": "test", + }, }, Spec: networkingv1alpha1.NetworkInterfaceSpec{ ProviderID: provider.GetNetworkInterfaceID(apiNetNs.Name, apiNetNic.Name, "node", apiNetNic.UID), @@ -81,6 +84,7 @@ var _ = Describe("NetworkInterfaceController", func() { By("waiting for the APINet network interface to be claimed") Eventually(Object(apiNetNic)).Should(SatisfyAll( + HaveField("Labels", HaveKeyWithValue("app", "test")), HaveField("Spec.PublicIPs", ConsistOf(HaveField("IP", net.IP{Addr: publicIP.Addr}))), WithTransform(func(apiNetNic *apinetv1alpha1.NetworkInterface) *apinetletclient.SourceObjectData { return apinetletclient.SourceObjectDataFromObject( diff --git a/apinetlet/controllers/networkpolicy_controller.go b/apinetlet/controllers/networkpolicy_controller.go new file mode 100644 index 00000000..440adba8 --- /dev/null +++ b/apinetlet/controllers/networkpolicy_controller.go @@ -0,0 +1,602 @@ +// SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and IronCore contributors +// SPDX-License-Identifier: Apache-2.0 + +package controllers + +import ( + "context" + "fmt" + "net/netip" + + "github.com/go-logr/logr" + "github.com/ironcore-dev/controller-utils/clientutils" + apinetv1alpha1 "github.com/ironcore-dev/ironcore-net/api/core/v1alpha1" + "github.com/ironcore-dev/ironcore-net/apimachinery/api/net" + apinetletclient "github.com/ironcore-dev/ironcore-net/apinetlet/client" + apinetlethandler "github.com/ironcore-dev/ironcore-net/apinetlet/handler" + apinetv1alpha1ac "github.com/ironcore-dev/ironcore-net/client-go/applyconfigurations/core/v1alpha1" + "github.com/ironcore-dev/ironcore-net/client-go/ironcorenet" + apinetclient "github.com/ironcore-dev/ironcore-net/internal/client" + networkingv1alpha1 "github.com/ironcore-dev/ironcore/api/networking/v1alpha1" + "github.com/ironcore-dev/ironcore/utils/predicates" + corev1 "k8s.io/api/core/v1" + apierrors "k8s.io/apimachinery/pkg/api/errors" + + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/labels" + "k8s.io/client-go/util/workqueue" + "k8s.io/klog/v2" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/builder" + "sigs.k8s.io/controller-runtime/pkg/cache" + "sigs.k8s.io/controller-runtime/pkg/client" + "sigs.k8s.io/controller-runtime/pkg/controller/controllerutil" + "sigs.k8s.io/controller-runtime/pkg/event" + "sigs.k8s.io/controller-runtime/pkg/handler" + "sigs.k8s.io/controller-runtime/pkg/predicate" + "sigs.k8s.io/controller-runtime/pkg/source" +) + +const ( + networkPolicyFinalizer = "apinet.ironcore.dev/networkpolicy" +) + +var ( + networkPolicyFieldOwner = client.FieldOwner(networkingv1alpha1.Resource("networkpolicies").String()) +) + +type NetworkPolicyReconciler struct { + client.Client + APINetClient client.Client + APINetInterface ironcorenet.Interface + + APINetNamespace string + + WatchFilterValue string +} + +//+kubebuilder:rbac:groups="",resources=events,verbs=create;patch +//+kubebuilder:rbac:groups=networking.ironcore.dev,resources=networkpolicies,verbs=get;list;watch;update;patch +//+kubebuilder:rbac:groups=networking.ironcore.dev,resources=networkpolicies/finalizers,verbs=update;patch + +//+kubebuilder:rbac:groups=core.apinet.ironcore.dev,resources=networkinterfaces,verbs=get;list;watch +//+kubebuilder:rbac:groups=core.apinet.ironcore.dev,resources=networks,verbs=get;list;watch + +//+cluster=apinet:kubebuilder:rbac:groups=core.apinet.ironcore.dev,resources=networkpolicies,verbs=get;list;watch;create;update;patch;delete;deletecollection +//+cluster=apinet:kubebuilder:rbac:groups=core.apinet.ironcore.dev,resources=networkpolicyrules,verbs=get;list;watch;create;update;patch;delete;deletecollection + +func (r *NetworkPolicyReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) { + log := ctrl.LoggerFrom(ctx) + networkPolicy := &networkingv1alpha1.NetworkPolicy{} + if err := r.Get(ctx, req.NamespacedName, networkPolicy); err != nil { + if !apierrors.IsNotFound(err) { + return ctrl.Result{}, fmt.Errorf("error getting network policy %s: %w", req.NamespacedName, err) + } + + return r.deleteGone(ctx, log, req.NamespacedName) + } + + return r.reconcileExists(ctx, log, networkPolicy) +} + +func (r *NetworkPolicyReconciler) deleteGone(ctx context.Context, log logr.Logger, networkPolicyKey client.ObjectKey) (ctrl.Result, error) { + log.V(1).Info("Delete gone") + + log.V(1).Info("Deleting any matching apinet network policies") + if err := r.APINetClient.DeleteAllOf(ctx, &apinetv1alpha1.NetworkPolicy{}, + client.InNamespace(r.APINetNamespace), + apinetletclient.MatchingSourceKeyLabels(r.Scheme(), r.RESTMapper(), networkPolicyKey, &networkingv1alpha1.NetworkPolicy{}), + ); err != nil { + return ctrl.Result{}, fmt.Errorf("error deleting apinet network policies: %w", err) + } + + log.V(1).Info("Deleted any leftover APINet network policy") + return ctrl.Result{}, nil +} + +func (r *NetworkPolicyReconciler) reconcileExists(ctx context.Context, log logr.Logger, networkPolicy *networkingv1alpha1.NetworkPolicy) (ctrl.Result, error) { + log = log.WithValues("UID", networkPolicy.UID) + if !networkPolicy.DeletionTimestamp.IsZero() { + return r.delete(ctx, log, networkPolicy) + } + return r.reconcile(ctx, log, networkPolicy) +} + +func (r *NetworkPolicyReconciler) delete(ctx context.Context, log logr.Logger, networkPolicy *networkingv1alpha1.NetworkPolicy) (ctrl.Result, error) { + log.V(1).Info("Delete") + + if !controllerutil.ContainsFinalizer(networkPolicy, networkPolicyFinalizer) { + log.V(1).Info("No finalizer present, nothing to do") + return ctrl.Result{}, nil + } + + apiNetNetworkPolicy := &apinetv1alpha1.NetworkPolicy{ + ObjectMeta: metav1.ObjectMeta{ + Namespace: r.APINetNamespace, + Name: string(networkPolicy.UID), + }, + } + if err := r.APINetClient.Delete(ctx, apiNetNetworkPolicy); err != nil { + if !apierrors.IsNotFound(err) { + return ctrl.Result{}, fmt.Errorf("error deleting apinet network policy: %w", err) + } + } + + log.V(1).Info("APINet network policy is gone, removing finalizer") + if err := clientutils.PatchRemoveFinalizer(ctx, r.Client, networkPolicy, networkPolicyFinalizer); err != nil { + return ctrl.Result{}, fmt.Errorf("error removing finalizer: %w", err) + } + + log.V(1).Info("Deleted") + + return ctrl.Result{}, nil +} + +func (r *NetworkPolicyReconciler) reconcile(ctx context.Context, log logr.Logger, networkPolicy *networkingv1alpha1.NetworkPolicy) (ctrl.Result, error) { + log.V(1).Info("Reconcile") + + log.V(1).Info("Ensuring finalizer") + modified, err := clientutils.PatchEnsureFinalizer(ctx, r.Client, networkPolicy, networkPolicyFinalizer) + if err != nil { + return ctrl.Result{}, fmt.Errorf("error ensuring finalizer: %w", err) + } + if modified { + log.V(1).Info("Added finalizer, requeueing") + return ctrl.Result{Requeue: true}, nil + } + + networkKey := client.ObjectKey{Namespace: networkPolicy.Namespace, Name: networkPolicy.Spec.NetworkRef.Name} + apiNetNetworkName, err := getAPINetNetworkName(ctx, r.Client, networkKey) + if err != nil { + return ctrl.Result{}, err + } + if apiNetNetworkName == "" { + log.V(1).Info("APINet network is not ready") + return ctrl.Result{}, nil + } + + apiNetNetworkKey := client.ObjectKey{Namespace: r.APINetNamespace, Name: apiNetNetworkName} + apiNetNetwork, err := getApiNetNetwork(ctx, r.APINetClient, apiNetNetworkKey) + if err != nil { + return ctrl.Result{}, err + } + + log.V(1).Info("Applying APINet network policy") + apiNetNetworkPolicy, err := r.applyAPINetNetworkPolicy(ctx, networkPolicy, apiNetNetworkName) + if err != nil { + return ctrl.Result{}, fmt.Errorf("error applying apinet network policy: %w", err) + } + + log.V(1).Info("Finding APINet network interface targets") + targets, err := r.findTargets(ctx, apiNetNetworkPolicy) + if err != nil { + return ctrl.Result{}, fmt.Errorf("error finding targets: %w", err) + } + + log.V(1).Info("Parsing ingress rules") + ingressRules, err := r.parseIngressRules(ctx, apiNetNetworkPolicy) + if err != nil { + return ctrl.Result{}, fmt.Errorf("error parsing ingress rules: %w", err) + } + + log.V(1).Info("Parsing egress rules") + egressRules, err := r.parseEgressRules(ctx, apiNetNetworkPolicy) + if err != nil { + return ctrl.Result{}, fmt.Errorf("error parsing egress rules: %w", err) + } + + log.V(1).Info("Applying APINet network policy rule", "targets", targets, "Network", klog.KObj(apiNetNetwork)) + if err := r.applyNetworkPolicyRule(ctx, networkPolicy, apiNetNetworkPolicy, targets, apiNetNetwork, ingressRules, egressRules); err != nil { + return ctrl.Result{}, fmt.Errorf("error applying apinet network policy rule: %w", err) + } + + log.V(1).Info("Reconciled") + return ctrl.Result{}, nil +} + +func (r *NetworkPolicyReconciler) findTargets(ctx context.Context, apiNetNetworkPolicy *apinetv1alpha1.NetworkPolicy) ([]apinetv1alpha1.TargetNetworkInterface, error) { + sel, err := metav1.LabelSelectorAsSelector(&apiNetNetworkPolicy.Spec.NetworkInterfaceSelector) + if err != nil { + return nil, err + } + + apiNetNicList := &apinetv1alpha1.NetworkInterfaceList{} + if err := r.APINetClient.List(ctx, apiNetNicList, + client.InNamespace(r.APINetNamespace), + client.MatchingLabelsSelector{Selector: sel}, + client.MatchingFields{apinetclient.NetworkInterfaceSpecNetworkRefNameField: apiNetNetworkPolicy.Spec.NetworkRef.Name}, + ); err != nil { + return nil, fmt.Errorf("error listing apinet network interfaces: %w", err) + } + + // Make slice non-nil so omitempty does not file. + targets := make([]apinetv1alpha1.TargetNetworkInterface, 0) + for _, apiNetNic := range apiNetNicList.Items { + if apiNetNic.Status.State != apinetv1alpha1.NetworkInterfaceStateReady { + continue + } + + for _, ip := range apiNetNic.Spec.IPs { + targets = append(targets, apinetv1alpha1.TargetNetworkInterface{ + IP: ip, + TargetRef: &apinetv1alpha1.LocalUIDReference{ + UID: apiNetNic.UID, + Name: apiNetNic.Name, + }, + }) + } + } + + return targets, nil +} + +func (r *NetworkPolicyReconciler) parseIngressRules(ctx context.Context, np *apinetv1alpha1.NetworkPolicy) ([]apinetv1alpha1.Rule, error) { + var rules []apinetv1alpha1.Rule + + for _, ingress := range np.Spec.Ingress { + rule := apinetv1alpha1.Rule{} + for _, port := range ingress.Ports { + rule.NetworkPolicyPorts = append(rule.NetworkPolicyPorts, apinetv1alpha1.NetworkPolicyPort{ + Protocol: port.Protocol, + Port: port.Port, + EndPort: port.EndPort, + }) + } + + for _, from := range ingress.From { + if from.IPBlock != nil { + rule.CIDRBlock = append(rule.CIDRBlock, *from.IPBlock) + } + + if from.ObjectSelector != nil { + ips, err := r.processObjectSelector(ctx, np, from.ObjectSelector) + if err != nil { + return nil, err + } + rule.ObjectIPs = append(rule.ObjectIPs, ips...) + } + } + rules = append(rules, rule) + } + + return rules, nil +} + +func (r *NetworkPolicyReconciler) parseEgressRules(ctx context.Context, np *apinetv1alpha1.NetworkPolicy) ([]apinetv1alpha1.Rule, error) { + var rules []apinetv1alpha1.Rule + + for _, egress := range np.Spec.Egress { + rule := apinetv1alpha1.Rule{} + for _, port := range egress.Ports { + rule.NetworkPolicyPorts = append(rule.NetworkPolicyPorts, apinetv1alpha1.NetworkPolicyPort{ + Protocol: port.Protocol, + Port: port.Port, + EndPort: port.EndPort, + }) + } + + for _, to := range egress.To { + if to.IPBlock != nil { + rule.CIDRBlock = append(rule.CIDRBlock, *to.IPBlock) + } + + if to.ObjectSelector != nil { + ips, err := r.processObjectSelector(ctx, np, to.ObjectSelector) + if err != nil { + return nil, err + } + rule.ObjectIPs = append(rule.ObjectIPs, ips...) + } + } + rules = append(rules, rule) + } + + return rules, nil +} + +func (r *NetworkPolicyReconciler) processObjectSelector(ctx context.Context, np *apinetv1alpha1.NetworkPolicy, objectSelector *apinetv1alpha1.ObjectSelector) ([]apinetv1alpha1.ObjectIP, error) { + switch objectSelector.Kind { + case "NetworkInterface": + return r.fetchIPsFromNetworkInterfaces(ctx, np, objectSelector) + case "LoadBalancer": + return r.fetchIPsFromLoadBalancers(ctx, np, objectSelector) + //TODO: add more objects selector support if needed + default: + return nil, fmt.Errorf("unsupported object kind: %s", objectSelector.Kind) + } +} + +func (r *NetworkPolicyReconciler) fetchIPsFromNetworkInterfaces(ctx context.Context, np *apinetv1alpha1.NetworkPolicy, objectSelector *apinetv1alpha1.ObjectSelector) ([]apinetv1alpha1.ObjectIP, error) { + sel, err := metav1.LabelSelectorAsSelector(&objectSelector.LabelSelector) + if err != nil { + return nil, err + } + + nicList := &apinetv1alpha1.NetworkInterfaceList{} + if err := r.List(ctx, nicList, + client.InNamespace(np.Namespace), + client.MatchingLabelsSelector{Selector: sel}, + client.MatchingFields{apinetclient.NetworkInterfaceSpecNetworkRefNameField: np.Spec.NetworkRef.Name}, + ); err != nil { + return nil, fmt.Errorf("error listing apinet network interfaces: %w", err) + } + + var ips []apinetv1alpha1.ObjectIP + + for _, nic := range nicList.Items { + if nic.Status.State != apinetv1alpha1.NetworkInterfaceStateReady { + continue + } + + for _, ip := range nic.Spec.IPs { + ipFamily := corev1.IPv4Protocol + if ip.Addr.Is6() { + ipFamily = corev1.IPv6Protocol + } + ips = append(ips, apinetv1alpha1.ObjectIP{ + Prefix: net.IPPrefix{Prefix: netip.PrefixFrom(ip.Addr, ip.Addr.BitLen())}, + IPFamily: ipFamily, + }) + } + } + + return ips, nil +} + +func (r *NetworkPolicyReconciler) fetchIPsFromLoadBalancers(ctx context.Context, np *apinetv1alpha1.NetworkPolicy, objectSelector *apinetv1alpha1.ObjectSelector) ([]apinetv1alpha1.ObjectIP, error) { + sel, err := metav1.LabelSelectorAsSelector(&objectSelector.LabelSelector) + if err != nil { + return nil, err + } + + //TODO: apinet load balancer need to inherit labels from ironcore load balancer + lbList := &apinetv1alpha1.LoadBalancerList{} + if err := r.List(ctx, lbList, + client.InNamespace(np.Namespace), + client.MatchingLabelsSelector{Selector: sel}, + ); err != nil { + return nil, fmt.Errorf("error listing apinet load balancers: %w", err) + } + + var ips []apinetv1alpha1.ObjectIP + + for _, lb := range lbList.Items { + //TODO: handle loadbalancer ports + for _, ip := range lb.Spec.IPs { + // TODO: handle LoadBalancerIP when only IPFamily is specified to allocate a random IP. + ips = append(ips, apinetv1alpha1.ObjectIP{ + Prefix: net.IPPrefix{Prefix: netip.PrefixFrom(ip.IP.Addr, ip.IP.Addr.BitLen())}, + IPFamily: ip.IPFamily, + }) + } + } + + return ips, nil +} + +func (r *NetworkPolicyReconciler) applyNetworkPolicyRule( + ctx context.Context, + networkPolicy *networkingv1alpha1.NetworkPolicy, + apiNetNetworkPolicy *apinetv1alpha1.NetworkPolicy, + targets []apinetv1alpha1.TargetNetworkInterface, + network *apinetv1alpha1.Network, + ingressRules, egressRules []apinetv1alpha1.Rule, +) error { + networkPolicyRule := &apinetv1alpha1.NetworkPolicyRule{ + TypeMeta: metav1.TypeMeta{ + Kind: "NetworkPolicyRule", + APIVersion: apinetv1alpha1.SchemeGroupVersion.String(), + }, + ObjectMeta: metav1.ObjectMeta{ + Namespace: apiNetNetworkPolicy.Namespace, + Name: apiNetNetworkPolicy.Name, + Labels: apinetletclient.SourceLabels(r.Scheme(), r.RESTMapper(), networkPolicy), + OwnerReferences: []metav1.OwnerReference{ + *metav1.NewControllerRef(apiNetNetworkPolicy, apinetv1alpha1.SchemeGroupVersion.WithKind("NetworkPolicy")), + }, + }, + NetworkRef: apinetv1alpha1.LocalUIDReference{ + Name: network.Name, + UID: network.UID, + }, + Priority: apiNetNetworkPolicy.Spec.Priority, + Targets: targets, + IngressRules: ingressRules, + EgressRules: egressRules, + } + err := ctrl.SetControllerReference(apiNetNetworkPolicy, networkPolicyRule, r.Scheme()) + if err != nil { + return fmt.Errorf("error setting controller reference: %w", err) + } + + if err := r.Patch(ctx, networkPolicyRule, client.Apply, networkPolicyFieldOwner, client.ForceOwnership); err != nil { + return fmt.Errorf("error applying network policy rule: %w", err) + } + return nil +} + +func (r *NetworkPolicyReconciler) applyAPINetNetworkPolicy(ctx context.Context, networkPolicy *networkingv1alpha1.NetworkPolicy, apiNetNetworkName string) (*apinetv1alpha1.NetworkPolicy, error) { + var apiNetIngressRules []*apinetv1alpha1ac.NetworkPolicyIngressRuleApplyConfiguration + for _, ingressRule := range networkPolicy.Spec.Ingress { + apiNetIngressRule := &apinetv1alpha1ac.NetworkPolicyIngressRuleApplyConfiguration{ + From: translatePeers(ingressRule.From), + Ports: translatePorts(ingressRule.Ports), + } + apiNetIngressRules = append(apiNetIngressRules, apiNetIngressRule) + } + + var apiNetEgressRules []*apinetv1alpha1ac.NetworkPolicyEgressRuleApplyConfiguration + for _, egressRule := range networkPolicy.Spec.Egress { + apiNetEgressRule := &apinetv1alpha1ac.NetworkPolicyEgressRuleApplyConfiguration{ + To: translatePeers(egressRule.To), + Ports: translatePorts(egressRule.Ports), + } + apiNetEgressRules = append(apiNetEgressRules, apiNetEgressRule) + } + + apiNetNetworkPolicyTypes, err := networkPolicyTypesToAPINetNetworkPolicyTypes(networkPolicy.Spec.PolicyTypes) + if err != nil { + return nil, err + } + + nicSelector := translateLabelSelector(networkPolicy.Spec.NetworkInterfaceSelector) + + apiNetNetworkPolicyApplyCfg := + apinetv1alpha1ac.NetworkPolicy(string(networkPolicy.UID), r.APINetNamespace). + WithLabels(apinetletclient.SourceLabels(r.Scheme(), r.RESTMapper(), networkPolicy)). + WithSpec(apinetv1alpha1ac.NetworkPolicySpec(). + WithNetworkRef(corev1.LocalObjectReference{Name: apiNetNetworkName}). + WithNetworkInterfaceSelector(nicSelector). + WithPriority(1000). // set default value since networkingv1alpha1.NetworkPolicy does not have this field + WithIngress(apiNetIngressRules...). + WithEgress(apiNetEgressRules...). + WithPolicyTypes(apiNetNetworkPolicyTypes...), + ) + apiNetNetworkPolicy, err := r.APINetInterface.CoreV1alpha1(). + NetworkPolicies(r.APINetNamespace). + Apply(ctx, apiNetNetworkPolicyApplyCfg, metav1.ApplyOptions{FieldManager: string(fieldOwner), Force: true}) + if err != nil { + return nil, fmt.Errorf("error applying apinet network policy: %w", err) + } + return apiNetNetworkPolicy, nil +} + +func (r *NetworkPolicyReconciler) enqueueByNetwork() handler.EventHandler { + return handler.EnqueueRequestsFromMapFunc(func(ctx context.Context, obj client.Object) []ctrl.Request { + log := ctrl.LoggerFrom(ctx) + apiNetNetwork := obj.(*apinetv1alpha1.Network) + + networkPolicyList := &apinetv1alpha1.NetworkPolicyList{} + if err := r.List(ctx, networkPolicyList, + client.InNamespace(apiNetNetwork.Namespace), + client.MatchingFields{apinetletclient.NetworkPolicyNetworkNameField: apiNetNetwork.Name}, + ); err != nil { + log.Error(err, "Error listing network policies for network") + return nil + } + + return apinetletclient.ReconcileRequestsFromObjectStructSlice[*apinetv1alpha1.NetworkPolicy](networkPolicyList.Items) + }) +} + +func (r *NetworkPolicyReconciler) enqueueByNetworkInterface() handler.EventHandler { + getEnqueueFunc := func(ctx context.Context, nic *apinetv1alpha1.NetworkInterface) func(nics []*apinetv1alpha1.NetworkInterface, queue workqueue.RateLimitingInterface) { + log := ctrl.LoggerFrom(ctx) + networkPolicyList := &apinetv1alpha1.NetworkPolicyList{} + if err := r.APINetClient.List(ctx, networkPolicyList, + client.InNamespace(nic.Namespace), + client.MatchingFields{apinetletclient.NetworkPolicyNetworkNameField: nic.Spec.NetworkRef.Name}, + ); err != nil { + log.Error(err, "Error listing apinent network policies for nic") + return nil + } + + return func(nics []*apinetv1alpha1.NetworkInterface, queue workqueue.RateLimitingInterface) { + for _, networkPolicy := range networkPolicyList.Items { + networkPolicyKey := client.ObjectKeyFromObject(&networkPolicy) + log := log.WithValues("networkPolicyKey", networkPolicyKey) + nicSelector := networkPolicy.Spec.NetworkInterfaceSelector + if len(nicSelector.MatchLabels) == 0 && len(nicSelector.MatchExpressions) == 0 { + return + } + + sel, err := metav1.LabelSelectorAsSelector(&nicSelector) + if err != nil { + log.Error(err, "Invalid network interface selector") + continue + } + + for _, nic := range nics { + if sel.Matches(labels.Set(nic.Labels)) { + queue.Add(ctrl.Request{NamespacedName: networkPolicyKey}) + break + } + } + } + } + } + + return handler.Funcs{ + CreateFunc: func(ctx context.Context, evt event.CreateEvent, queue workqueue.RateLimitingInterface) { + nic := evt.Object.(*apinetv1alpha1.NetworkInterface) + enqueueFunc := getEnqueueFunc(ctx, nic) + if enqueueFunc != nil { + enqueueFunc([]*apinetv1alpha1.NetworkInterface{nic}, queue) + } + }, + UpdateFunc: func(ctx context.Context, evt event.UpdateEvent, queue workqueue.RateLimitingInterface) { + newNic := evt.ObjectNew.(*apinetv1alpha1.NetworkInterface) + oldNic := evt.ObjectOld.(*apinetv1alpha1.NetworkInterface) + enqueueFunc := getEnqueueFunc(ctx, newNic) + if enqueueFunc != nil { + enqueueFunc([]*apinetv1alpha1.NetworkInterface{newNic, oldNic}, queue) + } + }, + DeleteFunc: func(ctx context.Context, evt event.DeleteEvent, queue workqueue.RateLimitingInterface) { + nic := evt.Object.(*apinetv1alpha1.NetworkInterface) + enqueueFunc := getEnqueueFunc(ctx, nic) + if enqueueFunc != nil { + enqueueFunc([]*apinetv1alpha1.NetworkInterface{nic}, queue) + } + }, + GenericFunc: func(ctx context.Context, evt event.GenericEvent, queue workqueue.RateLimitingInterface) { + nic := evt.Object.(*apinetv1alpha1.NetworkInterface) + enqueueFunc := getEnqueueFunc(ctx, nic) + if enqueueFunc != nil { + enqueueFunc([]*apinetv1alpha1.NetworkInterface{nic}, queue) + } + }, + } +} + +func (r *NetworkPolicyReconciler) networkInterfaceReadyPredicate() predicate.Predicate { + isNetworkInterfaceReady := func(nic *apinetv1alpha1.NetworkInterface) bool { + return nic.Status.State == apinetv1alpha1.NetworkInterfaceStateReady + } + return predicate.Funcs{ + CreateFunc: func(evt event.CreateEvent) bool { + nic := evt.Object.(*apinetv1alpha1.NetworkInterface) + return isNetworkInterfaceReady(nic) + }, + UpdateFunc: func(evt event.UpdateEvent) bool { + oldNic := evt.ObjectOld.(*apinetv1alpha1.NetworkInterface) + newNic := evt.ObjectNew.(*apinetv1alpha1.NetworkInterface) + return isNetworkInterfaceReady(oldNic) || isNetworkInterfaceReady(newNic) + }, + DeleteFunc: func(evt event.DeleteEvent) bool { + nic := evt.Object.(*apinetv1alpha1.NetworkInterface) + return isNetworkInterfaceReady(nic) + }, + GenericFunc: func(evt event.GenericEvent) bool { + nic := evt.Object.(*apinetv1alpha1.NetworkInterface) + return isNetworkInterfaceReady(nic) + }, + } +} + +func (r *NetworkPolicyReconciler) SetupWithManager(mgr ctrl.Manager, apiNetCache cache.Cache) error { + log := ctrl.Log.WithName("networkpolicy").WithName("setup") + + return ctrl.NewControllerManagedBy(mgr). + For( + &networkingv1alpha1.NetworkPolicy{}, + builder.WithPredicates( + predicates.ResourceHasFilterLabel(log, r.WatchFilterValue), + predicates.ResourceIsNotExternallyManaged(log), + ), + ). + WatchesRawSource( + source.Kind(apiNetCache, &apinetv1alpha1.NetworkPolicy{}), + apinetlethandler.EnqueueRequestForSource(r.Scheme(), r.RESTMapper(), &networkingv1alpha1.NetworkPolicy{}), + ). + Watches( + &apinetv1alpha1.Network{}, + r.enqueueByNetwork(), + ). + Watches( + &apinetv1alpha1.NetworkInterface{}, + r.enqueueByNetworkInterface(), + builder.WithPredicates(r.networkInterfaceReadyPredicate()), + ). + Complete(r) +} diff --git a/apinetlet/controllers/networkpolicy_controller_test.go b/apinetlet/controllers/networkpolicy_controller_test.go new file mode 100644 index 00000000..79951f7e --- /dev/null +++ b/apinetlet/controllers/networkpolicy_controller_test.go @@ -0,0 +1,657 @@ +// SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and IronCore contributors +// SPDX-License-Identifier: Apache-2.0 + +package controllers + +import ( + "net/netip" + + apinetv1alpha1 "github.com/ironcore-dev/ironcore-net/api/core/v1alpha1" + "github.com/ironcore-dev/ironcore-net/apimachinery/api/net" + apinetletclient "github.com/ironcore-dev/ironcore-net/apinetlet/client" + commonv1alpha1 "github.com/ironcore-dev/ironcore/api/common/v1alpha1" + corev1alpha1 "github.com/ironcore-dev/ironcore/api/core/v1alpha1" + networkingv1alpha1 "github.com/ironcore-dev/ironcore/api/networking/v1alpha1" + "github.com/ironcore-dev/ironcore/utils/generic" + . "github.com/ironcore-dev/ironcore/utils/testing" + . "github.com/onsi/ginkgo/v2" + . "github.com/onsi/gomega" + . "github.com/onsi/gomega/gstruct" + + corev1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + . "sigs.k8s.io/controller-runtime/pkg/envtest/komega" +) + +var _ = Describe("NetworkPolicyController", func() { + ns := SetupNamespace(&k8sClient) + apiNetNs := SetupNamespace(&k8sClient) + SetupTest(apiNetNs) + + network, apiNetNetwork := SetupNetwork(ns, apiNetNs) + + It("should manage and reconcile the APINet network policy and its rules without target apinet nic", func(ctx SpecContext) { + + By("creating an apinet nic for ingress") + ingressApiNetNic := &apinetv1alpha1.NetworkInterface{ + ObjectMeta: metav1.ObjectMeta{ + Namespace: apiNetNs.Name, + GenerateName: "apinet-nic-", + Labels: map[string]string{ + "rule": "ingress", + }, + }, + Spec: apinetv1alpha1.NetworkInterfaceSpec{ + NetworkRef: corev1.LocalObjectReference{Name: apiNetNetwork.Name}, + IPs: []net.IP{net.MustParseIP("192.168.178.50")}, + NodeRef: corev1.LocalObjectReference{Name: "test-node"}, + }, + } + Expect(k8sClient.Create(ctx, ingressApiNetNic)).To(Succeed()) + DeferCleanup(k8sClient.Delete, ingressApiNetNic) + + By("setting the ingress apinet nic to be ready") + Eventually(UpdateStatus(ingressApiNetNic, func() { + ingressApiNetNic.Status.State = apinetv1alpha1.NetworkInterfaceStateReady + })).Should(Succeed()) + + By("creating an apinet nic for egress") + egressApiNetNic := &apinetv1alpha1.NetworkInterface{ + ObjectMeta: metav1.ObjectMeta{ + Namespace: apiNetNs.Name, + GenerateName: "apinet-nic-", + Labels: map[string]string{ + "rule": "egress", + }, + }, + Spec: apinetv1alpha1.NetworkInterfaceSpec{ + NetworkRef: corev1.LocalObjectReference{Name: apiNetNetwork.Name}, + IPs: []net.IP{net.MustParseIP("192.168.178.60")}, + NodeRef: corev1.LocalObjectReference{Name: "test-node"}, + }, + } + Expect(k8sClient.Create(ctx, egressApiNetNic)).To(Succeed()) + DeferCleanup(k8sClient.Delete, egressApiNetNic) + + By("setting the egress apinet nic to be ready") + Eventually(UpdateStatus(egressApiNetNic, func() { + egressApiNetNic.Status.State = apinetv1alpha1.NetworkInterfaceStateReady + })).Should(Succeed()) + + By("creating an ironcore network policy") + np := &networkingv1alpha1.NetworkPolicy{ + ObjectMeta: metav1.ObjectMeta{ + Namespace: ns.Name, + GenerateName: "network-policy-", + }, + Spec: networkingv1alpha1.NetworkPolicySpec{ + NetworkRef: corev1.LocalObjectReference{Name: network.Name}, + NetworkInterfaceSelector: metav1.LabelSelector{ + MatchLabels: map[string]string{ + "app": "target", + }, + }, + PolicyTypes: []networkingv1alpha1.PolicyType{networkingv1alpha1.PolicyTypeIngress, networkingv1alpha1.PolicyTypeEgress}, + Ingress: []networkingv1alpha1.NetworkPolicyIngressRule{ + { + Ports: []networkingv1alpha1.NetworkPolicyPort{ + { + Protocol: generic.Pointer(corev1.ProtocolTCP), + Port: 80, + }, + { + Protocol: generic.Pointer(corev1.ProtocolUDP), + Port: 8080, + EndPort: generic.Pointer(int32(8090)), + }, + }, + From: []networkingv1alpha1.NetworkPolicyPeer{ + { + ObjectSelector: &corev1alpha1.ObjectSelector{ + Kind: "NetworkInterface", + LabelSelector: metav1.LabelSelector{ + MatchLabels: map[string]string{ + "rule": "ingress", + }, + }, + }, + }, + { + IPBlock: &networkingv1alpha1.IPBlock{ + CIDR: commonv1alpha1.IPPrefix{Prefix: netip.MustParsePrefix("192.168.1.0/24")}, + Except: []commonv1alpha1.IPPrefix{ + {Prefix: netip.MustParsePrefix("192.168.1.1/32")}, + {Prefix: netip.MustParsePrefix("192.168.1.2/32")}}, + }, + }, + }, + }, + }, + Egress: []networkingv1alpha1.NetworkPolicyEgressRule{ + { + Ports: []networkingv1alpha1.NetworkPolicyPort{ + { + Protocol: generic.Pointer(corev1.ProtocolTCP), + Port: 443, + }, + }, + To: []networkingv1alpha1.NetworkPolicyPeer{ + { + ObjectSelector: &corev1alpha1.ObjectSelector{ + Kind: "NetworkInterface", + LabelSelector: metav1.LabelSelector{ + MatchLabels: map[string]string{ + "rule": "egress", + }, + }, + }, + }, + { + IPBlock: &networkingv1alpha1.IPBlock{ + CIDR: commonv1alpha1.IPPrefix{Prefix: netip.MustParsePrefix("10.0.0.0/16")}, + }, + }, + }, + }, + }, + }, + } + Expect(k8sClient.Create(ctx, np)).To(Succeed()) + DeferCleanup(k8sClient.Delete, np) + + By("waiting for the APINet network policy to exist with correct specs") + apiNetNP := &apinetv1alpha1.NetworkPolicy{ + ObjectMeta: metav1.ObjectMeta{ + Namespace: apiNetNs.Name, + Name: string(np.UID), + }, + } + + Eventually(Object(apiNetNP)).Should(SatisfyAll( + HaveField("Labels", apinetletclient.SourceLabels(k8sClient.Scheme(), k8sClient.RESTMapper(), np)), + HaveField("Spec.NetworkRef", Equal(corev1.LocalObjectReference{Name: apiNetNetwork.Name})), + HaveField("Spec.NetworkInterfaceSelector.MatchLabels", Equal(map[string]string{"app": "target"})), + HaveField("Spec.PolicyTypes", ConsistOf(apinetv1alpha1.PolicyTypeIngress, apinetv1alpha1.PolicyTypeEgress)), + HaveField("Spec.Ingress", ConsistOf( + MatchFields(IgnoreExtras, Fields{ + "Ports": ConsistOf( + MatchFields(IgnoreExtras, Fields{ + "Protocol": PointTo(Equal(corev1.ProtocolTCP)), + "Port": Equal(int32(80)), + }), + MatchFields(IgnoreExtras, Fields{ + "Protocol": PointTo(Equal(corev1.ProtocolUDP)), + "Port": Equal(int32(8080)), + "EndPort": PointTo(Equal(int32(8090))), + }), + ), + "From": ConsistOf( + MatchFields(IgnoreExtras, Fields{ + "ObjectSelector": PointTo(MatchFields(IgnoreExtras, Fields{ + "Kind": Equal("NetworkInterface"), + "LabelSelector": Equal(metav1.LabelSelector{ + MatchLabels: map[string]string{ + "rule": "ingress", + }, + }), + })), + }), + MatchFields(IgnoreExtras, Fields{ + "IPBlock": PointTo(MatchFields(IgnoreExtras, Fields{ + "CIDR": Equal(net.IPPrefix{Prefix: netip.MustParsePrefix("192.168.1.0/24")}), + "Except": ConsistOf( + Equal(net.IPPrefix{Prefix: netip.MustParsePrefix("192.168.1.1/32")}), + Equal(net.IPPrefix{Prefix: netip.MustParsePrefix("192.168.1.2/32")}), + ), + })), + }), + ), + }), + )), + HaveField("Spec.Egress", ConsistOf( + MatchFields(IgnoreExtras, Fields{ + "Ports": ConsistOf( + MatchFields(IgnoreExtras, Fields{ + "Protocol": PointTo(Equal(corev1.ProtocolTCP)), + "Port": Equal(int32(443)), + }), + ), + "To": ConsistOf( + MatchFields(IgnoreExtras, Fields{ + "ObjectSelector": PointTo(MatchFields(IgnoreExtras, Fields{ + "Kind": Equal("NetworkInterface"), + "LabelSelector": Equal(metav1.LabelSelector{ + MatchLabels: map[string]string{ + "rule": "egress", + }, + }), + })), + }), + MatchFields(IgnoreExtras, Fields{ + "IPBlock": PointTo(MatchFields(IgnoreExtras, Fields{ + "CIDR": Equal(net.IPPrefix{Prefix: netip.MustParsePrefix("10.0.0.0/16")}), + })), + }), + ), + }), + )), + )) + + By("waiting for the APINet network policy rule to exist with empty targets and other correct specs ") + networkPolicyRule := &apinetv1alpha1.NetworkPolicyRule{ + ObjectMeta: metav1.ObjectMeta{ + Namespace: apiNetNP.Namespace, + Name: apiNetNP.Name, + }, + } + + Eventually(Object(networkPolicyRule)).Should(SatisfyAll( + HaveField("NetworkRef", apinetv1alpha1.LocalUIDReference{ + Name: apiNetNetwork.Name, + UID: apiNetNetwork.UID, + }), + HaveField("Targets", BeEmpty()), + HaveField("IngressRules", ConsistOf( + MatchFields(IgnoreExtras, Fields{ + "NetworkPolicyPorts": ConsistOf( + MatchFields(IgnoreExtras, Fields{ + "Protocol": PointTo(Equal(corev1.ProtocolTCP)), + "Port": Equal(int32(80)), + "EndPort": BeNil(), + }), + MatchFields(IgnoreExtras, Fields{ + "Protocol": PointTo(Equal(corev1.ProtocolUDP)), + "Port": Equal(int32(8080)), + "EndPort": PointTo(Equal(int32(8090))), + }), + ), + "CIDRBlock": ConsistOf( + MatchFields(IgnoreExtras, Fields{ + "CIDR": Equal(net.IPPrefix{Prefix: netip.MustParsePrefix("192.168.1.0/24")}), + "Except": ConsistOf( + Equal(net.IPPrefix{Prefix: netip.MustParsePrefix("192.168.1.1/32")}), + Equal(net.IPPrefix{Prefix: netip.MustParsePrefix("192.168.1.2/32")}), + )}), + ), + "ObjectIPs": ConsistOf( + MatchFields(IgnoreExtras, Fields{ + "IPFamily": Equal(corev1.IPv4Protocol), + "Prefix": Equal(net.IPPrefix{Prefix: netip.MustParsePrefix("192.168.178.50/32")})}), + ), + }), + )), + HaveField("EgressRules", ConsistOf( + MatchFields(IgnoreExtras, Fields{ + "NetworkPolicyPorts": ConsistOf( + MatchFields(IgnoreExtras, Fields{ + "Protocol": PointTo(Equal(corev1.ProtocolTCP)), + "Port": Equal(int32(443)), + "EndPort": BeNil(), + }), + ), + "CIDRBlock": ConsistOf( + MatchFields(IgnoreExtras, Fields{ + "CIDR": Equal(net.IPPrefix{Prefix: netip.MustParsePrefix("10.0.0.0/16")}), + "Except": BeEmpty()}), + ), + "ObjectIPs": ConsistOf( + MatchFields(IgnoreExtras, Fields{ + "IPFamily": Equal(corev1.IPv4Protocol), + "Prefix": Equal(net.IPPrefix{Prefix: netip.MustParsePrefix("192.168.178.60/32")})}), + ), + }), + )), + )) + }) + + It("should manage and reconcile the APINet network policy and its rules with available target apinet nic ", func(ctx SpecContext) { + + By("creating a target apinet nic") + targetApiNetNic1 := &apinetv1alpha1.NetworkInterface{ + ObjectMeta: metav1.ObjectMeta{ + Namespace: apiNetNs.Name, + GenerateName: "apinet-nic-", + Labels: map[string]string{ + "app": "target", + }, + }, + Spec: apinetv1alpha1.NetworkInterfaceSpec{ + NetworkRef: corev1.LocalObjectReference{Name: apiNetNetwork.Name}, + IPs: []net.IP{net.MustParseIP("192.168.178.1")}, + NodeRef: corev1.LocalObjectReference{Name: "test-node"}, + }, + } + Expect(k8sClient.Create(ctx, targetApiNetNic1)).To(Succeed()) + DeferCleanup(k8sClient.Delete, targetApiNetNic1) + + By("setting the target apinet nic to be ready") + Eventually(UpdateStatus(targetApiNetNic1, func() { + targetApiNetNic1.Status.State = apinetv1alpha1.NetworkInterfaceStateReady + })).Should(Succeed()) + + By("creating an apinet nic for ingress") + ingressApiNetNic := &apinetv1alpha1.NetworkInterface{ + ObjectMeta: metav1.ObjectMeta{ + Namespace: apiNetNs.Name, + GenerateName: "apinet-nic-", + Labels: map[string]string{ + "rule": "ingress", + }, + }, + Spec: apinetv1alpha1.NetworkInterfaceSpec{ + NetworkRef: corev1.LocalObjectReference{Name: apiNetNetwork.Name}, + IPs: []net.IP{net.MustParseIP("192.168.178.50")}, + NodeRef: corev1.LocalObjectReference{Name: "test-node"}, + }, + } + Expect(k8sClient.Create(ctx, ingressApiNetNic)).To(Succeed()) + DeferCleanup(k8sClient.Delete, ingressApiNetNic) + + By("setting the ingress apinet nic to be ready") + Eventually(UpdateStatus(ingressApiNetNic, func() { + ingressApiNetNic.Status.State = apinetv1alpha1.NetworkInterfaceStateReady + })).Should(Succeed()) + + By("creating an apinet nic for egress") + egressApiNetNic := &apinetv1alpha1.NetworkInterface{ + ObjectMeta: metav1.ObjectMeta{ + Namespace: apiNetNs.Name, + GenerateName: "apinet-nic-", + Labels: map[string]string{ + "rule": "egress", + }, + }, + Spec: apinetv1alpha1.NetworkInterfaceSpec{ + NetworkRef: corev1.LocalObjectReference{Name: apiNetNetwork.Name}, + IPs: []net.IP{net.MustParseIP("192.168.178.60")}, + NodeRef: corev1.LocalObjectReference{Name: "test-node"}, + }, + } + Expect(k8sClient.Create(ctx, egressApiNetNic)).To(Succeed()) + DeferCleanup(k8sClient.Delete, egressApiNetNic) + + By("setting the egress apinet nic to be ready") + Eventually(UpdateStatus(egressApiNetNic, func() { + egressApiNetNic.Status.State = apinetv1alpha1.NetworkInterfaceStateReady + })).Should(Succeed()) + + By("creating an ironcore network policy") + np := &networkingv1alpha1.NetworkPolicy{ + ObjectMeta: metav1.ObjectMeta{ + Namespace: ns.Name, + GenerateName: "network-policy-", + }, + Spec: networkingv1alpha1.NetworkPolicySpec{ + NetworkRef: corev1.LocalObjectReference{Name: network.Name}, + NetworkInterfaceSelector: metav1.LabelSelector{ + MatchLabels: map[string]string{ + "app": "target", + }, + }, + PolicyTypes: []networkingv1alpha1.PolicyType{networkingv1alpha1.PolicyTypeIngress, networkingv1alpha1.PolicyTypeEgress}, + Ingress: []networkingv1alpha1.NetworkPolicyIngressRule{ + { + Ports: []networkingv1alpha1.NetworkPolicyPort{ + { + Protocol: generic.Pointer(corev1.ProtocolTCP), + Port: 80, + }, + { + Protocol: generic.Pointer(corev1.ProtocolUDP), + Port: 8080, + EndPort: generic.Pointer(int32(8090)), + }, + }, + From: []networkingv1alpha1.NetworkPolicyPeer{ + { + ObjectSelector: &corev1alpha1.ObjectSelector{ + Kind: "NetworkInterface", + LabelSelector: metav1.LabelSelector{ + MatchLabels: map[string]string{ + "rule": "ingress", + }, + }, + }, + }, + { + IPBlock: &networkingv1alpha1.IPBlock{ + CIDR: commonv1alpha1.IPPrefix{Prefix: netip.MustParsePrefix("192.168.1.0/24")}, + Except: []commonv1alpha1.IPPrefix{ + {Prefix: netip.MustParsePrefix("192.168.1.1/32")}, + {Prefix: netip.MustParsePrefix("192.168.1.2/32")}}, + }, + }, + }, + }, + }, + Egress: []networkingv1alpha1.NetworkPolicyEgressRule{ + { + Ports: []networkingv1alpha1.NetworkPolicyPort{ + { + Protocol: generic.Pointer(corev1.ProtocolTCP), + Port: 443, + }, + }, + To: []networkingv1alpha1.NetworkPolicyPeer{ + { + ObjectSelector: &corev1alpha1.ObjectSelector{ + Kind: "NetworkInterface", + LabelSelector: metav1.LabelSelector{ + MatchLabels: map[string]string{ + "rule": "egress", + }, + }, + }, + }, + { + IPBlock: &networkingv1alpha1.IPBlock{ + CIDR: commonv1alpha1.IPPrefix{Prefix: netip.MustParsePrefix("10.0.0.0/16")}, + }, + }, + }, + }, + }, + }, + } + Expect(k8sClient.Create(ctx, np)).To(Succeed()) + DeferCleanup(k8sClient.Delete, np) + + By("waiting for the APINet network policy to exist with correct specs") + apiNetNP := &apinetv1alpha1.NetworkPolicy{ + ObjectMeta: metav1.ObjectMeta{ + Namespace: apiNetNs.Name, + Name: string(np.UID), + }, + } + + Eventually(Object(apiNetNP)).Should(SatisfyAll( + HaveField("Labels", apinetletclient.SourceLabels(k8sClient.Scheme(), k8sClient.RESTMapper(), np)), + HaveField("Spec.NetworkRef", Equal(corev1.LocalObjectReference{Name: apiNetNetwork.Name})), + HaveField("Spec.NetworkInterfaceSelector.MatchLabels", Equal(map[string]string{"app": "target"})), + HaveField("Spec.PolicyTypes", ConsistOf(apinetv1alpha1.PolicyTypeIngress, apinetv1alpha1.PolicyTypeEgress)), + HaveField("Spec.Ingress", ConsistOf( + MatchFields(IgnoreExtras, Fields{ + "Ports": ConsistOf( + MatchFields(IgnoreExtras, Fields{ + "Protocol": PointTo(Equal(corev1.ProtocolTCP)), + "Port": Equal(int32(80)), + }), + MatchFields(IgnoreExtras, Fields{ + "Protocol": PointTo(Equal(corev1.ProtocolUDP)), + "Port": Equal(int32(8080)), + "EndPort": PointTo(Equal(int32(8090))), + }), + ), + "From": ConsistOf( + MatchFields(IgnoreExtras, Fields{ + "ObjectSelector": PointTo(MatchFields(IgnoreExtras, Fields{ + "Kind": Equal("NetworkInterface"), + "LabelSelector": Equal(metav1.LabelSelector{ + MatchLabels: map[string]string{ + "rule": "ingress", + }, + }), + })), + }), + MatchFields(IgnoreExtras, Fields{ + "IPBlock": PointTo(MatchFields(IgnoreExtras, Fields{ + "CIDR": Equal(net.IPPrefix{Prefix: netip.MustParsePrefix("192.168.1.0/24")}), + "Except": ConsistOf( + Equal(net.IPPrefix{Prefix: netip.MustParsePrefix("192.168.1.1/32")}), + Equal(net.IPPrefix{Prefix: netip.MustParsePrefix("192.168.1.2/32")}), + ), + })), + }), + ), + }), + )), + HaveField("Spec.Egress", ConsistOf( + MatchFields(IgnoreExtras, Fields{ + "Ports": ConsistOf( + MatchFields(IgnoreExtras, Fields{ + "Protocol": PointTo(Equal(corev1.ProtocolTCP)), + "Port": Equal(int32(443)), + }), + ), + "To": ConsistOf( + MatchFields(IgnoreExtras, Fields{ + "ObjectSelector": PointTo(MatchFields(IgnoreExtras, Fields{ + "Kind": Equal("NetworkInterface"), + "LabelSelector": Equal(metav1.LabelSelector{ + MatchLabels: map[string]string{ + "rule": "egress", + }, + }), + })), + }), + MatchFields(IgnoreExtras, Fields{ + "IPBlock": PointTo(MatchFields(IgnoreExtras, Fields{ + "CIDR": Equal(net.IPPrefix{Prefix: netip.MustParsePrefix("10.0.0.0/16")}), + })), + }), + ), + }), + )), + )) + + By("waiting for the APINet network policy rule to exist with correct specs") + networkPolicyRule := &apinetv1alpha1.NetworkPolicyRule{ + ObjectMeta: metav1.ObjectMeta{ + Namespace: apiNetNP.Namespace, + Name: apiNetNP.Name, + }, + } + + Eventually(Object(networkPolicyRule)).Should(SatisfyAll( + HaveField("NetworkRef", apinetv1alpha1.LocalUIDReference{ + Name: apiNetNetwork.Name, + UID: apiNetNetwork.UID, + }), + HaveField("Targets", ConsistOf( + MatchFields(IgnoreExtras, Fields{ + "IP": Equal(net.MustParseIP("192.168.178.1")), + "TargetRef": PointTo(MatchFields(IgnoreExtras, Fields{ + "UID": Equal(targetApiNetNic1.UID), + "Name": Equal(targetApiNetNic1.Name), + })), + }), + )), + HaveField("IngressRules", ConsistOf( + MatchFields(IgnoreExtras, Fields{ + "NetworkPolicyPorts": ConsistOf( + MatchFields(IgnoreExtras, Fields{ + "Protocol": PointTo(Equal(corev1.ProtocolTCP)), + "Port": Equal(int32(80)), + "EndPort": BeNil(), + }), + MatchFields(IgnoreExtras, Fields{ + "Protocol": PointTo(Equal(corev1.ProtocolUDP)), + "Port": Equal(int32(8080)), + "EndPort": PointTo(Equal(int32(8090))), + }), + ), + "CIDRBlock": ConsistOf( + MatchFields(IgnoreExtras, Fields{ + "CIDR": Equal(net.IPPrefix{Prefix: netip.MustParsePrefix("192.168.1.0/24")}), + "Except": ConsistOf( + Equal(net.IPPrefix{Prefix: netip.MustParsePrefix("192.168.1.1/32")}), + Equal(net.IPPrefix{Prefix: netip.MustParsePrefix("192.168.1.2/32")}), + )}), + ), + "ObjectIPs": ConsistOf( + MatchFields(IgnoreExtras, Fields{ + "IPFamily": Equal(corev1.IPv4Protocol), + "Prefix": Equal(net.IPPrefix{Prefix: netip.MustParsePrefix("192.168.178.50/32")})}), + ), + }), + )), + HaveField("EgressRules", ConsistOf( + MatchFields(IgnoreExtras, Fields{ + "NetworkPolicyPorts": ConsistOf( + MatchFields(IgnoreExtras, Fields{ + "Protocol": PointTo(Equal(corev1.ProtocolTCP)), + "Port": Equal(int32(443)), + "EndPort": BeNil(), + }), + ), + "CIDRBlock": ConsistOf( + MatchFields(IgnoreExtras, Fields{ + "CIDR": Equal(net.IPPrefix{Prefix: netip.MustParsePrefix("10.0.0.0/16")}), + "Except": BeEmpty()}), + ), + "ObjectIPs": ConsistOf( + MatchFields(IgnoreExtras, Fields{ + "IPFamily": Equal(corev1.IPv4Protocol), + "Prefix": Equal(net.IPPrefix{Prefix: netip.MustParsePrefix("192.168.178.60/32")})}), + ), + }), + )), + )) + + By("creating another target apinet nic") + targetApiNetNic2 := &apinetv1alpha1.NetworkInterface{ + ObjectMeta: metav1.ObjectMeta{ + Namespace: apiNetNs.Name, + GenerateName: "apinet-nic-", + Labels: map[string]string{ + "app": "target2", + }, + }, + Spec: apinetv1alpha1.NetworkInterfaceSpec{ + NetworkRef: corev1.LocalObjectReference{Name: apiNetNetwork.Name}, + IPs: []net.IP{net.MustParseIP("192.168.178.15")}, + NodeRef: corev1.LocalObjectReference{Name: "test-node"}, + }, + } + Expect(k8sClient.Create(ctx, targetApiNetNic2)).To(Succeed()) + DeferCleanup(k8sClient.Delete, targetApiNetNic2) + + By("setting the target apinet nic to be ready") + Eventually(UpdateStatus(targetApiNetNic2, func() { + targetApiNetNic2.Status.State = apinetv1alpha1.NetworkInterfaceStateReady + })).Should(Succeed()) + + By("updating the ironcore networkpolicy with new NetworkInterfaceSelector labels") + Eventually(Update(np, func() { + np.Spec.NetworkInterfaceSelector.MatchLabels = map[string]string{"app": "target2"} + })).Should(Succeed()) + + By("waiting for the APINet network policy rule to be updated with new target network interface") + Eventually(Object(networkPolicyRule)).Should(SatisfyAll( + HaveField("NetworkRef", apinetv1alpha1.LocalUIDReference{ + Name: apiNetNetwork.Name, + UID: apiNetNetwork.UID, + }), + HaveField("Targets", ConsistOf( + MatchFields(IgnoreExtras, Fields{ + "IP": Equal(net.MustParseIP("192.168.178.15")), + "TargetRef": PointTo(MatchFields(IgnoreExtras, Fields{ + "UID": Equal(targetApiNetNic2.UID), + "Name": Equal(targetApiNetNic2.Name), + })), + }), + )), + )) + + }) +}) diff --git a/client-go/applyconfigurations/core/v1alpha1/ipblock.go b/client-go/applyconfigurations/core/v1alpha1/ipblock.go new file mode 100644 index 00000000..ded7aaa9 --- /dev/null +++ b/client-go/applyconfigurations/core/v1alpha1/ipblock.go @@ -0,0 +1,41 @@ +// SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and IronCore contributors +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + net "github.com/ironcore-dev/ironcore-net/apimachinery/api/net" +) + +// IPBlockApplyConfiguration represents an declarative configuration of the IPBlock type for use +// with apply. +type IPBlockApplyConfiguration struct { + CIDR *net.IPPrefix `json:"cidr,omitempty"` + Except []net.IPPrefix `json:"except,omitempty"` +} + +// IPBlockApplyConfiguration constructs an declarative configuration of the IPBlock type for use with +// apply. +func IPBlock() *IPBlockApplyConfiguration { + return &IPBlockApplyConfiguration{} +} + +// WithCIDR sets the CIDR field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the CIDR field is set to the value of the last call. +func (b *IPBlockApplyConfiguration) WithCIDR(value net.IPPrefix) *IPBlockApplyConfiguration { + b.CIDR = &value + return b +} + +// WithExcept adds the given value to the Except field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the Except field. +func (b *IPBlockApplyConfiguration) WithExcept(values ...net.IPPrefix) *IPBlockApplyConfiguration { + for i := range values { + b.Except = append(b.Except, values[i]) + } + return b +} diff --git a/client-go/applyconfigurations/core/v1alpha1/localuidreference.go b/client-go/applyconfigurations/core/v1alpha1/localuidreference.go new file mode 100644 index 00000000..ce288721 --- /dev/null +++ b/client-go/applyconfigurations/core/v1alpha1/localuidreference.go @@ -0,0 +1,39 @@ +// SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and IronCore contributors +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + types "k8s.io/apimachinery/pkg/types" +) + +// LocalUIDReferenceApplyConfiguration represents an declarative configuration of the LocalUIDReference type for use +// with apply. +type LocalUIDReferenceApplyConfiguration struct { + Name *string `json:"name,omitempty"` + UID *types.UID `json:"uid,omitempty"` +} + +// LocalUIDReferenceApplyConfiguration constructs an declarative configuration of the LocalUIDReference type for use with +// apply. +func LocalUIDReference() *LocalUIDReferenceApplyConfiguration { + return &LocalUIDReferenceApplyConfiguration{} +} + +// WithName sets the Name field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Name field is set to the value of the last call. +func (b *LocalUIDReferenceApplyConfiguration) WithName(value string) *LocalUIDReferenceApplyConfiguration { + b.Name = &value + return b +} + +// WithUID sets the UID field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the UID field is set to the value of the last call. +func (b *LocalUIDReferenceApplyConfiguration) WithUID(value types.UID) *LocalUIDReferenceApplyConfiguration { + b.UID = &value + return b +} diff --git a/client-go/applyconfigurations/core/v1alpha1/networkpolicy.go b/client-go/applyconfigurations/core/v1alpha1/networkpolicy.go new file mode 100644 index 00000000..0c3e3f4f --- /dev/null +++ b/client-go/applyconfigurations/core/v1alpha1/networkpolicy.go @@ -0,0 +1,236 @@ +// SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and IronCore contributors +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + corev1alpha1 "github.com/ironcore-dev/ironcore-net/api/core/v1alpha1" + internal "github.com/ironcore-dev/ironcore-net/client-go/applyconfigurations/internal" + v1 "github.com/ironcore-dev/ironcore-net/client-go/applyconfigurations/meta/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + types "k8s.io/apimachinery/pkg/types" + managedfields "k8s.io/apimachinery/pkg/util/managedfields" +) + +// NetworkPolicyApplyConfiguration represents an declarative configuration of the NetworkPolicy type for use +// with apply. +type NetworkPolicyApplyConfiguration struct { + v1.TypeMetaApplyConfiguration `json:",inline"` + *v1.ObjectMetaApplyConfiguration `json:"metadata,omitempty"` + Spec *NetworkPolicySpecApplyConfiguration `json:"spec,omitempty"` +} + +// NetworkPolicy constructs an declarative configuration of the NetworkPolicy type for use with +// apply. +func NetworkPolicy(name, namespace string) *NetworkPolicyApplyConfiguration { + b := &NetworkPolicyApplyConfiguration{} + b.WithName(name) + b.WithNamespace(namespace) + b.WithKind("NetworkPolicy") + b.WithAPIVersion("core.apinet.ironcore.dev/v1alpha1") + return b +} + +// ExtractNetworkPolicy extracts the applied configuration owned by fieldManager from +// networkPolicy. If no managedFields are found in networkPolicy for fieldManager, a +// NetworkPolicyApplyConfiguration is returned with only the Name, Namespace (if applicable), +// APIVersion and Kind populated. It is possible that no managed fields were found for because other +// field managers have taken ownership of all the fields previously owned by fieldManager, or because +// the fieldManager never owned fields any fields. +// networkPolicy must be a unmodified NetworkPolicy API object that was retrieved from the Kubernetes API. +// ExtractNetworkPolicy provides a way to perform a extract/modify-in-place/apply workflow. +// Note that an extracted apply configuration will contain fewer fields than what the fieldManager previously +// applied if another fieldManager has updated or force applied any of the previously applied fields. +// Experimental! +func ExtractNetworkPolicy(networkPolicy *corev1alpha1.NetworkPolicy, fieldManager string) (*NetworkPolicyApplyConfiguration, error) { + return extractNetworkPolicy(networkPolicy, fieldManager, "") +} + +// ExtractNetworkPolicyStatus is the same as ExtractNetworkPolicy except +// that it extracts the status subresource applied configuration. +// Experimental! +func ExtractNetworkPolicyStatus(networkPolicy *corev1alpha1.NetworkPolicy, fieldManager string) (*NetworkPolicyApplyConfiguration, error) { + return extractNetworkPolicy(networkPolicy, fieldManager, "status") +} + +func extractNetworkPolicy(networkPolicy *corev1alpha1.NetworkPolicy, fieldManager string, subresource string) (*NetworkPolicyApplyConfiguration, error) { + b := &NetworkPolicyApplyConfiguration{} + err := managedfields.ExtractInto(networkPolicy, internal.Parser().Type("com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkPolicy"), fieldManager, b, subresource) + if err != nil { + return nil, err + } + b.WithName(networkPolicy.Name) + b.WithNamespace(networkPolicy.Namespace) + + b.WithKind("NetworkPolicy") + b.WithAPIVersion("core.apinet.ironcore.dev/v1alpha1") + return b, nil +} + +// WithKind sets the Kind field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Kind field is set to the value of the last call. +func (b *NetworkPolicyApplyConfiguration) WithKind(value string) *NetworkPolicyApplyConfiguration { + b.Kind = &value + return b +} + +// WithAPIVersion sets the APIVersion field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the APIVersion field is set to the value of the last call. +func (b *NetworkPolicyApplyConfiguration) WithAPIVersion(value string) *NetworkPolicyApplyConfiguration { + b.APIVersion = &value + return b +} + +// WithName sets the Name field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Name field is set to the value of the last call. +func (b *NetworkPolicyApplyConfiguration) WithName(value string) *NetworkPolicyApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.Name = &value + return b +} + +// WithGenerateName sets the GenerateName field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the GenerateName field is set to the value of the last call. +func (b *NetworkPolicyApplyConfiguration) WithGenerateName(value string) *NetworkPolicyApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.GenerateName = &value + return b +} + +// WithNamespace sets the Namespace field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Namespace field is set to the value of the last call. +func (b *NetworkPolicyApplyConfiguration) WithNamespace(value string) *NetworkPolicyApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.Namespace = &value + return b +} + +// WithUID sets the UID field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the UID field is set to the value of the last call. +func (b *NetworkPolicyApplyConfiguration) WithUID(value types.UID) *NetworkPolicyApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.UID = &value + return b +} + +// WithResourceVersion sets the ResourceVersion field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the ResourceVersion field is set to the value of the last call. +func (b *NetworkPolicyApplyConfiguration) WithResourceVersion(value string) *NetworkPolicyApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.ResourceVersion = &value + return b +} + +// WithGeneration sets the Generation field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Generation field is set to the value of the last call. +func (b *NetworkPolicyApplyConfiguration) WithGeneration(value int64) *NetworkPolicyApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.Generation = &value + return b +} + +// WithCreationTimestamp sets the CreationTimestamp field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the CreationTimestamp field is set to the value of the last call. +func (b *NetworkPolicyApplyConfiguration) WithCreationTimestamp(value metav1.Time) *NetworkPolicyApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.CreationTimestamp = &value + return b +} + +// WithDeletionTimestamp sets the DeletionTimestamp field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the DeletionTimestamp field is set to the value of the last call. +func (b *NetworkPolicyApplyConfiguration) WithDeletionTimestamp(value metav1.Time) *NetworkPolicyApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.DeletionTimestamp = &value + return b +} + +// WithDeletionGracePeriodSeconds sets the DeletionGracePeriodSeconds field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the DeletionGracePeriodSeconds field is set to the value of the last call. +func (b *NetworkPolicyApplyConfiguration) WithDeletionGracePeriodSeconds(value int64) *NetworkPolicyApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.DeletionGracePeriodSeconds = &value + return b +} + +// WithLabels puts the entries into the Labels field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, the entries provided by each call will be put on the Labels field, +// overwriting an existing map entries in Labels field with the same key. +func (b *NetworkPolicyApplyConfiguration) WithLabels(entries map[string]string) *NetworkPolicyApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + if b.Labels == nil && len(entries) > 0 { + b.Labels = make(map[string]string, len(entries)) + } + for k, v := range entries { + b.Labels[k] = v + } + return b +} + +// WithAnnotations puts the entries into the Annotations field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, the entries provided by each call will be put on the Annotations field, +// overwriting an existing map entries in Annotations field with the same key. +func (b *NetworkPolicyApplyConfiguration) WithAnnotations(entries map[string]string) *NetworkPolicyApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + if b.Annotations == nil && len(entries) > 0 { + b.Annotations = make(map[string]string, len(entries)) + } + for k, v := range entries { + b.Annotations[k] = v + } + return b +} + +// WithOwnerReferences adds the given value to the OwnerReferences field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the OwnerReferences field. +func (b *NetworkPolicyApplyConfiguration) WithOwnerReferences(values ...*v1.OwnerReferenceApplyConfiguration) *NetworkPolicyApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + for i := range values { + if values[i] == nil { + panic("nil value passed to WithOwnerReferences") + } + b.OwnerReferences = append(b.OwnerReferences, *values[i]) + } + return b +} + +// WithFinalizers adds the given value to the Finalizers field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the Finalizers field. +func (b *NetworkPolicyApplyConfiguration) WithFinalizers(values ...string) *NetworkPolicyApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + for i := range values { + b.Finalizers = append(b.Finalizers, values[i]) + } + return b +} + +func (b *NetworkPolicyApplyConfiguration) ensureObjectMetaApplyConfigurationExists() { + if b.ObjectMetaApplyConfiguration == nil { + b.ObjectMetaApplyConfiguration = &v1.ObjectMetaApplyConfiguration{} + } +} + +// WithSpec sets the Spec field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Spec field is set to the value of the last call. +func (b *NetworkPolicyApplyConfiguration) WithSpec(value *NetworkPolicySpecApplyConfiguration) *NetworkPolicyApplyConfiguration { + b.Spec = value + return b +} diff --git a/client-go/applyconfigurations/core/v1alpha1/networkpolicyegressrule.go b/client-go/applyconfigurations/core/v1alpha1/networkpolicyegressrule.go new file mode 100644 index 00000000..571ebb06 --- /dev/null +++ b/client-go/applyconfigurations/core/v1alpha1/networkpolicyegressrule.go @@ -0,0 +1,45 @@ +// SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and IronCore contributors +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1alpha1 + +// NetworkPolicyEgressRuleApplyConfiguration represents an declarative configuration of the NetworkPolicyEgressRule type for use +// with apply. +type NetworkPolicyEgressRuleApplyConfiguration struct { + Ports []NetworkPolicyPortApplyConfiguration `json:"ports,omitempty"` + To []NetworkPolicyPeerApplyConfiguration `json:"to,omitempty"` +} + +// NetworkPolicyEgressRuleApplyConfiguration constructs an declarative configuration of the NetworkPolicyEgressRule type for use with +// apply. +func NetworkPolicyEgressRule() *NetworkPolicyEgressRuleApplyConfiguration { + return &NetworkPolicyEgressRuleApplyConfiguration{} +} + +// WithPorts adds the given value to the Ports field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the Ports field. +func (b *NetworkPolicyEgressRuleApplyConfiguration) WithPorts(values ...*NetworkPolicyPortApplyConfiguration) *NetworkPolicyEgressRuleApplyConfiguration { + for i := range values { + if values[i] == nil { + panic("nil value passed to WithPorts") + } + b.Ports = append(b.Ports, *values[i]) + } + return b +} + +// WithTo adds the given value to the To field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the To field. +func (b *NetworkPolicyEgressRuleApplyConfiguration) WithTo(values ...*NetworkPolicyPeerApplyConfiguration) *NetworkPolicyEgressRuleApplyConfiguration { + for i := range values { + if values[i] == nil { + panic("nil value passed to WithTo") + } + b.To = append(b.To, *values[i]) + } + return b +} diff --git a/client-go/applyconfigurations/core/v1alpha1/networkpolicyingressrule.go b/client-go/applyconfigurations/core/v1alpha1/networkpolicyingressrule.go new file mode 100644 index 00000000..b9f6aa2a --- /dev/null +++ b/client-go/applyconfigurations/core/v1alpha1/networkpolicyingressrule.go @@ -0,0 +1,45 @@ +// SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and IronCore contributors +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1alpha1 + +// NetworkPolicyIngressRuleApplyConfiguration represents an declarative configuration of the NetworkPolicyIngressRule type for use +// with apply. +type NetworkPolicyIngressRuleApplyConfiguration struct { + From []NetworkPolicyPeerApplyConfiguration `json:"from,omitempty"` + Ports []NetworkPolicyPortApplyConfiguration `json:"ports,omitempty"` +} + +// NetworkPolicyIngressRuleApplyConfiguration constructs an declarative configuration of the NetworkPolicyIngressRule type for use with +// apply. +func NetworkPolicyIngressRule() *NetworkPolicyIngressRuleApplyConfiguration { + return &NetworkPolicyIngressRuleApplyConfiguration{} +} + +// WithFrom adds the given value to the From field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the From field. +func (b *NetworkPolicyIngressRuleApplyConfiguration) WithFrom(values ...*NetworkPolicyPeerApplyConfiguration) *NetworkPolicyIngressRuleApplyConfiguration { + for i := range values { + if values[i] == nil { + panic("nil value passed to WithFrom") + } + b.From = append(b.From, *values[i]) + } + return b +} + +// WithPorts adds the given value to the Ports field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the Ports field. +func (b *NetworkPolicyIngressRuleApplyConfiguration) WithPorts(values ...*NetworkPolicyPortApplyConfiguration) *NetworkPolicyIngressRuleApplyConfiguration { + for i := range values { + if values[i] == nil { + panic("nil value passed to WithPorts") + } + b.Ports = append(b.Ports, *values[i]) + } + return b +} diff --git a/client-go/applyconfigurations/core/v1alpha1/networkpolicypeer.go b/client-go/applyconfigurations/core/v1alpha1/networkpolicypeer.go new file mode 100644 index 00000000..1b18b49f --- /dev/null +++ b/client-go/applyconfigurations/core/v1alpha1/networkpolicypeer.go @@ -0,0 +1,35 @@ +// SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and IronCore contributors +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1alpha1 + +// NetworkPolicyPeerApplyConfiguration represents an declarative configuration of the NetworkPolicyPeer type for use +// with apply. +type NetworkPolicyPeerApplyConfiguration struct { + ObjectSelector *ObjectSelectorApplyConfiguration `json:"objectSelector,omitempty"` + IPBlock *IPBlockApplyConfiguration `json:"ipBlock,omitempty"` +} + +// NetworkPolicyPeerApplyConfiguration constructs an declarative configuration of the NetworkPolicyPeer type for use with +// apply. +func NetworkPolicyPeer() *NetworkPolicyPeerApplyConfiguration { + return &NetworkPolicyPeerApplyConfiguration{} +} + +// WithObjectSelector sets the ObjectSelector field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the ObjectSelector field is set to the value of the last call. +func (b *NetworkPolicyPeerApplyConfiguration) WithObjectSelector(value *ObjectSelectorApplyConfiguration) *NetworkPolicyPeerApplyConfiguration { + b.ObjectSelector = value + return b +} + +// WithIPBlock sets the IPBlock field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the IPBlock field is set to the value of the last call. +func (b *NetworkPolicyPeerApplyConfiguration) WithIPBlock(value *IPBlockApplyConfiguration) *NetworkPolicyPeerApplyConfiguration { + b.IPBlock = value + return b +} diff --git a/client-go/applyconfigurations/core/v1alpha1/networkpolicyport.go b/client-go/applyconfigurations/core/v1alpha1/networkpolicyport.go new file mode 100644 index 00000000..8c0d1120 --- /dev/null +++ b/client-go/applyconfigurations/core/v1alpha1/networkpolicyport.go @@ -0,0 +1,48 @@ +// SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and IronCore contributors +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + v1 "k8s.io/api/core/v1" +) + +// NetworkPolicyPortApplyConfiguration represents an declarative configuration of the NetworkPolicyPort type for use +// with apply. +type NetworkPolicyPortApplyConfiguration struct { + Protocol *v1.Protocol `json:"protocol,omitempty"` + Port *int32 `json:"port,omitempty"` + EndPort *int32 `json:"endPort,omitempty"` +} + +// NetworkPolicyPortApplyConfiguration constructs an declarative configuration of the NetworkPolicyPort type for use with +// apply. +func NetworkPolicyPort() *NetworkPolicyPortApplyConfiguration { + return &NetworkPolicyPortApplyConfiguration{} +} + +// WithProtocol sets the Protocol field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Protocol field is set to the value of the last call. +func (b *NetworkPolicyPortApplyConfiguration) WithProtocol(value v1.Protocol) *NetworkPolicyPortApplyConfiguration { + b.Protocol = &value + return b +} + +// WithPort sets the Port field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Port field is set to the value of the last call. +func (b *NetworkPolicyPortApplyConfiguration) WithPort(value int32) *NetworkPolicyPortApplyConfiguration { + b.Port = &value + return b +} + +// WithEndPort sets the EndPort field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the EndPort field is set to the value of the last call. +func (b *NetworkPolicyPortApplyConfiguration) WithEndPort(value int32) *NetworkPolicyPortApplyConfiguration { + b.EndPort = &value + return b +} diff --git a/client-go/applyconfigurations/core/v1alpha1/networkpolicyrule.go b/client-go/applyconfigurations/core/v1alpha1/networkpolicyrule.go new file mode 100644 index 00000000..f63bd8c7 --- /dev/null +++ b/client-go/applyconfigurations/core/v1alpha1/networkpolicyrule.go @@ -0,0 +1,287 @@ +// SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and IronCore contributors +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + corev1alpha1 "github.com/ironcore-dev/ironcore-net/api/core/v1alpha1" + internal "github.com/ironcore-dev/ironcore-net/client-go/applyconfigurations/internal" + v1 "github.com/ironcore-dev/ironcore-net/client-go/applyconfigurations/meta/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + types "k8s.io/apimachinery/pkg/types" + managedfields "k8s.io/apimachinery/pkg/util/managedfields" +) + +// NetworkPolicyRuleApplyConfiguration represents an declarative configuration of the NetworkPolicyRule type for use +// with apply. +type NetworkPolicyRuleApplyConfiguration struct { + v1.TypeMetaApplyConfiguration `json:",inline"` + *v1.ObjectMetaApplyConfiguration `json:"metadata,omitempty"` + NetworkRef *LocalUIDReferenceApplyConfiguration `json:"networkRef,omitempty"` + Targets []TargetNetworkInterfaceApplyConfiguration `json:"targets,omitempty"` + Priority *int32 `json:"priority,omitempty"` + IngressRules []RuleApplyConfiguration `json:"ingressRule,omitempty"` + EgressRules []RuleApplyConfiguration `json:"egressRule,omitempty"` +} + +// NetworkPolicyRule constructs an declarative configuration of the NetworkPolicyRule type for use with +// apply. +func NetworkPolicyRule(name, namespace string) *NetworkPolicyRuleApplyConfiguration { + b := &NetworkPolicyRuleApplyConfiguration{} + b.WithName(name) + b.WithNamespace(namespace) + b.WithKind("NetworkPolicyRule") + b.WithAPIVersion("core.apinet.ironcore.dev/v1alpha1") + return b +} + +// ExtractNetworkPolicyRule extracts the applied configuration owned by fieldManager from +// networkPolicyRule. If no managedFields are found in networkPolicyRule for fieldManager, a +// NetworkPolicyRuleApplyConfiguration is returned with only the Name, Namespace (if applicable), +// APIVersion and Kind populated. It is possible that no managed fields were found for because other +// field managers have taken ownership of all the fields previously owned by fieldManager, or because +// the fieldManager never owned fields any fields. +// networkPolicyRule must be a unmodified NetworkPolicyRule API object that was retrieved from the Kubernetes API. +// ExtractNetworkPolicyRule provides a way to perform a extract/modify-in-place/apply workflow. +// Note that an extracted apply configuration will contain fewer fields than what the fieldManager previously +// applied if another fieldManager has updated or force applied any of the previously applied fields. +// Experimental! +func ExtractNetworkPolicyRule(networkPolicyRule *corev1alpha1.NetworkPolicyRule, fieldManager string) (*NetworkPolicyRuleApplyConfiguration, error) { + return extractNetworkPolicyRule(networkPolicyRule, fieldManager, "") +} + +// ExtractNetworkPolicyRuleStatus is the same as ExtractNetworkPolicyRule except +// that it extracts the status subresource applied configuration. +// Experimental! +func ExtractNetworkPolicyRuleStatus(networkPolicyRule *corev1alpha1.NetworkPolicyRule, fieldManager string) (*NetworkPolicyRuleApplyConfiguration, error) { + return extractNetworkPolicyRule(networkPolicyRule, fieldManager, "status") +} + +func extractNetworkPolicyRule(networkPolicyRule *corev1alpha1.NetworkPolicyRule, fieldManager string, subresource string) (*NetworkPolicyRuleApplyConfiguration, error) { + b := &NetworkPolicyRuleApplyConfiguration{} + err := managedfields.ExtractInto(networkPolicyRule, internal.Parser().Type("com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkPolicyRule"), fieldManager, b, subresource) + if err != nil { + return nil, err + } + b.WithName(networkPolicyRule.Name) + b.WithNamespace(networkPolicyRule.Namespace) + + b.WithKind("NetworkPolicyRule") + b.WithAPIVersion("core.apinet.ironcore.dev/v1alpha1") + return b, nil +} + +// WithKind sets the Kind field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Kind field is set to the value of the last call. +func (b *NetworkPolicyRuleApplyConfiguration) WithKind(value string) *NetworkPolicyRuleApplyConfiguration { + b.Kind = &value + return b +} + +// WithAPIVersion sets the APIVersion field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the APIVersion field is set to the value of the last call. +func (b *NetworkPolicyRuleApplyConfiguration) WithAPIVersion(value string) *NetworkPolicyRuleApplyConfiguration { + b.APIVersion = &value + return b +} + +// WithName sets the Name field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Name field is set to the value of the last call. +func (b *NetworkPolicyRuleApplyConfiguration) WithName(value string) *NetworkPolicyRuleApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.Name = &value + return b +} + +// WithGenerateName sets the GenerateName field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the GenerateName field is set to the value of the last call. +func (b *NetworkPolicyRuleApplyConfiguration) WithGenerateName(value string) *NetworkPolicyRuleApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.GenerateName = &value + return b +} + +// WithNamespace sets the Namespace field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Namespace field is set to the value of the last call. +func (b *NetworkPolicyRuleApplyConfiguration) WithNamespace(value string) *NetworkPolicyRuleApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.Namespace = &value + return b +} + +// WithUID sets the UID field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the UID field is set to the value of the last call. +func (b *NetworkPolicyRuleApplyConfiguration) WithUID(value types.UID) *NetworkPolicyRuleApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.UID = &value + return b +} + +// WithResourceVersion sets the ResourceVersion field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the ResourceVersion field is set to the value of the last call. +func (b *NetworkPolicyRuleApplyConfiguration) WithResourceVersion(value string) *NetworkPolicyRuleApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.ResourceVersion = &value + return b +} + +// WithGeneration sets the Generation field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Generation field is set to the value of the last call. +func (b *NetworkPolicyRuleApplyConfiguration) WithGeneration(value int64) *NetworkPolicyRuleApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.Generation = &value + return b +} + +// WithCreationTimestamp sets the CreationTimestamp field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the CreationTimestamp field is set to the value of the last call. +func (b *NetworkPolicyRuleApplyConfiguration) WithCreationTimestamp(value metav1.Time) *NetworkPolicyRuleApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.CreationTimestamp = &value + return b +} + +// WithDeletionTimestamp sets the DeletionTimestamp field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the DeletionTimestamp field is set to the value of the last call. +func (b *NetworkPolicyRuleApplyConfiguration) WithDeletionTimestamp(value metav1.Time) *NetworkPolicyRuleApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.DeletionTimestamp = &value + return b +} + +// WithDeletionGracePeriodSeconds sets the DeletionGracePeriodSeconds field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the DeletionGracePeriodSeconds field is set to the value of the last call. +func (b *NetworkPolicyRuleApplyConfiguration) WithDeletionGracePeriodSeconds(value int64) *NetworkPolicyRuleApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.DeletionGracePeriodSeconds = &value + return b +} + +// WithLabels puts the entries into the Labels field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, the entries provided by each call will be put on the Labels field, +// overwriting an existing map entries in Labels field with the same key. +func (b *NetworkPolicyRuleApplyConfiguration) WithLabels(entries map[string]string) *NetworkPolicyRuleApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + if b.Labels == nil && len(entries) > 0 { + b.Labels = make(map[string]string, len(entries)) + } + for k, v := range entries { + b.Labels[k] = v + } + return b +} + +// WithAnnotations puts the entries into the Annotations field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, the entries provided by each call will be put on the Annotations field, +// overwriting an existing map entries in Annotations field with the same key. +func (b *NetworkPolicyRuleApplyConfiguration) WithAnnotations(entries map[string]string) *NetworkPolicyRuleApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + if b.Annotations == nil && len(entries) > 0 { + b.Annotations = make(map[string]string, len(entries)) + } + for k, v := range entries { + b.Annotations[k] = v + } + return b +} + +// WithOwnerReferences adds the given value to the OwnerReferences field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the OwnerReferences field. +func (b *NetworkPolicyRuleApplyConfiguration) WithOwnerReferences(values ...*v1.OwnerReferenceApplyConfiguration) *NetworkPolicyRuleApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + for i := range values { + if values[i] == nil { + panic("nil value passed to WithOwnerReferences") + } + b.OwnerReferences = append(b.OwnerReferences, *values[i]) + } + return b +} + +// WithFinalizers adds the given value to the Finalizers field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the Finalizers field. +func (b *NetworkPolicyRuleApplyConfiguration) WithFinalizers(values ...string) *NetworkPolicyRuleApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + for i := range values { + b.Finalizers = append(b.Finalizers, values[i]) + } + return b +} + +func (b *NetworkPolicyRuleApplyConfiguration) ensureObjectMetaApplyConfigurationExists() { + if b.ObjectMetaApplyConfiguration == nil { + b.ObjectMetaApplyConfiguration = &v1.ObjectMetaApplyConfiguration{} + } +} + +// WithNetworkRef sets the NetworkRef field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the NetworkRef field is set to the value of the last call. +func (b *NetworkPolicyRuleApplyConfiguration) WithNetworkRef(value *LocalUIDReferenceApplyConfiguration) *NetworkPolicyRuleApplyConfiguration { + b.NetworkRef = value + return b +} + +// WithTargets adds the given value to the Targets field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the Targets field. +func (b *NetworkPolicyRuleApplyConfiguration) WithTargets(values ...*TargetNetworkInterfaceApplyConfiguration) *NetworkPolicyRuleApplyConfiguration { + for i := range values { + if values[i] == nil { + panic("nil value passed to WithTargets") + } + b.Targets = append(b.Targets, *values[i]) + } + return b +} + +// WithPriority sets the Priority field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Priority field is set to the value of the last call. +func (b *NetworkPolicyRuleApplyConfiguration) WithPriority(value int32) *NetworkPolicyRuleApplyConfiguration { + b.Priority = &value + return b +} + +// WithIngressRules adds the given value to the IngressRules field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the IngressRules field. +func (b *NetworkPolicyRuleApplyConfiguration) WithIngressRules(values ...*RuleApplyConfiguration) *NetworkPolicyRuleApplyConfiguration { + for i := range values { + if values[i] == nil { + panic("nil value passed to WithIngressRules") + } + b.IngressRules = append(b.IngressRules, *values[i]) + } + return b +} + +// WithEgressRules adds the given value to the EgressRules field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the EgressRules field. +func (b *NetworkPolicyRuleApplyConfiguration) WithEgressRules(values ...*RuleApplyConfiguration) *NetworkPolicyRuleApplyConfiguration { + for i := range values { + if values[i] == nil { + panic("nil value passed to WithEgressRules") + } + b.EgressRules = append(b.EgressRules, *values[i]) + } + return b +} diff --git a/client-go/applyconfigurations/core/v1alpha1/networkpolicyspec.go b/client-go/applyconfigurations/core/v1alpha1/networkpolicyspec.go new file mode 100644 index 00000000..6cf44489 --- /dev/null +++ b/client-go/applyconfigurations/core/v1alpha1/networkpolicyspec.go @@ -0,0 +1,89 @@ +// SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and IronCore contributors +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + corev1alpha1 "github.com/ironcore-dev/ironcore-net/api/core/v1alpha1" + metav1 "github.com/ironcore-dev/ironcore-net/client-go/applyconfigurations/meta/v1" + v1 "k8s.io/api/core/v1" +) + +// NetworkPolicySpecApplyConfiguration represents an declarative configuration of the NetworkPolicySpec type for use +// with apply. +type NetworkPolicySpecApplyConfiguration struct { + NetworkRef *v1.LocalObjectReference `json:"networkRef,omitempty"` + NetworkInterfaceSelector *metav1.LabelSelectorApplyConfiguration `json:"networkInterfaceSelector,omitempty"` + Priority *int32 `json:"priority,omitempty"` + Ingress []NetworkPolicyIngressRuleApplyConfiguration `json:"ingress,omitempty"` + Egress []NetworkPolicyEgressRuleApplyConfiguration `json:"egress,omitempty"` + PolicyTypes []corev1alpha1.PolicyType `json:"policyTypes,omitempty"` +} + +// NetworkPolicySpecApplyConfiguration constructs an declarative configuration of the NetworkPolicySpec type for use with +// apply. +func NetworkPolicySpec() *NetworkPolicySpecApplyConfiguration { + return &NetworkPolicySpecApplyConfiguration{} +} + +// WithNetworkRef sets the NetworkRef field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the NetworkRef field is set to the value of the last call. +func (b *NetworkPolicySpecApplyConfiguration) WithNetworkRef(value v1.LocalObjectReference) *NetworkPolicySpecApplyConfiguration { + b.NetworkRef = &value + return b +} + +// WithNetworkInterfaceSelector sets the NetworkInterfaceSelector field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the NetworkInterfaceSelector field is set to the value of the last call. +func (b *NetworkPolicySpecApplyConfiguration) WithNetworkInterfaceSelector(value *metav1.LabelSelectorApplyConfiguration) *NetworkPolicySpecApplyConfiguration { + b.NetworkInterfaceSelector = value + return b +} + +// WithPriority sets the Priority field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Priority field is set to the value of the last call. +func (b *NetworkPolicySpecApplyConfiguration) WithPriority(value int32) *NetworkPolicySpecApplyConfiguration { + b.Priority = &value + return b +} + +// WithIngress adds the given value to the Ingress field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the Ingress field. +func (b *NetworkPolicySpecApplyConfiguration) WithIngress(values ...*NetworkPolicyIngressRuleApplyConfiguration) *NetworkPolicySpecApplyConfiguration { + for i := range values { + if values[i] == nil { + panic("nil value passed to WithIngress") + } + b.Ingress = append(b.Ingress, *values[i]) + } + return b +} + +// WithEgress adds the given value to the Egress field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the Egress field. +func (b *NetworkPolicySpecApplyConfiguration) WithEgress(values ...*NetworkPolicyEgressRuleApplyConfiguration) *NetworkPolicySpecApplyConfiguration { + for i := range values { + if values[i] == nil { + panic("nil value passed to WithEgress") + } + b.Egress = append(b.Egress, *values[i]) + } + return b +} + +// WithPolicyTypes adds the given value to the PolicyTypes field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the PolicyTypes field. +func (b *NetworkPolicySpecApplyConfiguration) WithPolicyTypes(values ...corev1alpha1.PolicyType) *NetworkPolicySpecApplyConfiguration { + for i := range values { + b.PolicyTypes = append(b.PolicyTypes, values[i]) + } + return b +} diff --git a/client-go/applyconfigurations/core/v1alpha1/networkpolicytargetref.go b/client-go/applyconfigurations/core/v1alpha1/networkpolicytargetref.go new file mode 100644 index 00000000..8d60a2f5 --- /dev/null +++ b/client-go/applyconfigurations/core/v1alpha1/networkpolicytargetref.go @@ -0,0 +1,39 @@ +// SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and IronCore contributors +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + types "k8s.io/apimachinery/pkg/types" +) + +// NetworkPolicyTargetRefApplyConfiguration represents an declarative configuration of the NetworkPolicyTargetRef type for use +// with apply. +type NetworkPolicyTargetRefApplyConfiguration struct { + UID *types.UID `json:"uid,omitempty"` + Name *string `json:"name,omitempty"` +} + +// NetworkPolicyTargetRefApplyConfiguration constructs an declarative configuration of the NetworkPolicyTargetRef type for use with +// apply. +func NetworkPolicyTargetRef() *NetworkPolicyTargetRefApplyConfiguration { + return &NetworkPolicyTargetRefApplyConfiguration{} +} + +// WithUID sets the UID field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the UID field is set to the value of the last call. +func (b *NetworkPolicyTargetRefApplyConfiguration) WithUID(value types.UID) *NetworkPolicyTargetRefApplyConfiguration { + b.UID = &value + return b +} + +// WithName sets the Name field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Name field is set to the value of the last call. +func (b *NetworkPolicyTargetRefApplyConfiguration) WithName(value string) *NetworkPolicyTargetRefApplyConfiguration { + b.Name = &value + return b +} diff --git a/client-go/applyconfigurations/core/v1alpha1/objectip.go b/client-go/applyconfigurations/core/v1alpha1/objectip.go new file mode 100644 index 00000000..c50070ff --- /dev/null +++ b/client-go/applyconfigurations/core/v1alpha1/objectip.go @@ -0,0 +1,40 @@ +// SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and IronCore contributors +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + net "github.com/ironcore-dev/ironcore-net/apimachinery/api/net" + v1 "k8s.io/api/core/v1" +) + +// ObjectIPApplyConfiguration represents an declarative configuration of the ObjectIP type for use +// with apply. +type ObjectIPApplyConfiguration struct { + IPFamily *v1.IPFamily `json:"ipFamily,omitempty"` + Prefix *net.IPPrefix `json:"prefix,omitempty"` +} + +// ObjectIPApplyConfiguration constructs an declarative configuration of the ObjectIP type for use with +// apply. +func ObjectIP() *ObjectIPApplyConfiguration { + return &ObjectIPApplyConfiguration{} +} + +// WithIPFamily sets the IPFamily field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the IPFamily field is set to the value of the last call. +func (b *ObjectIPApplyConfiguration) WithIPFamily(value v1.IPFamily) *ObjectIPApplyConfiguration { + b.IPFamily = &value + return b +} + +// WithPrefix sets the Prefix field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Prefix field is set to the value of the last call. +func (b *ObjectIPApplyConfiguration) WithPrefix(value net.IPPrefix) *ObjectIPApplyConfiguration { + b.Prefix = &value + return b +} diff --git a/client-go/applyconfigurations/core/v1alpha1/objectselector.go b/client-go/applyconfigurations/core/v1alpha1/objectselector.go new file mode 100644 index 00000000..7b6ecb7f --- /dev/null +++ b/client-go/applyconfigurations/core/v1alpha1/objectselector.go @@ -0,0 +1,58 @@ +// SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and IronCore contributors +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + v1 "github.com/ironcore-dev/ironcore-net/client-go/applyconfigurations/meta/v1" +) + +// ObjectSelectorApplyConfiguration represents an declarative configuration of the ObjectSelector type for use +// with apply. +type ObjectSelectorApplyConfiguration struct { + Kind *string `json:"kind,omitempty"` + v1.LabelSelectorApplyConfiguration `json:",inline"` +} + +// ObjectSelectorApplyConfiguration constructs an declarative configuration of the ObjectSelector type for use with +// apply. +func ObjectSelector() *ObjectSelectorApplyConfiguration { + return &ObjectSelectorApplyConfiguration{} +} + +// WithKind sets the Kind field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Kind field is set to the value of the last call. +func (b *ObjectSelectorApplyConfiguration) WithKind(value string) *ObjectSelectorApplyConfiguration { + b.Kind = &value + return b +} + +// WithMatchLabels puts the entries into the MatchLabels field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, the entries provided by each call will be put on the MatchLabels field, +// overwriting an existing map entries in MatchLabels field with the same key. +func (b *ObjectSelectorApplyConfiguration) WithMatchLabels(entries map[string]string) *ObjectSelectorApplyConfiguration { + if b.MatchLabels == nil && len(entries) > 0 { + b.MatchLabels = make(map[string]string, len(entries)) + } + for k, v := range entries { + b.MatchLabels[k] = v + } + return b +} + +// WithMatchExpressions adds the given value to the MatchExpressions field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the MatchExpressions field. +func (b *ObjectSelectorApplyConfiguration) WithMatchExpressions(values ...*v1.LabelSelectorRequirementApplyConfiguration) *ObjectSelectorApplyConfiguration { + for i := range values { + if values[i] == nil { + panic("nil value passed to WithMatchExpressions") + } + b.MatchExpressions = append(b.MatchExpressions, *values[i]) + } + return b +} diff --git a/client-go/applyconfigurations/core/v1alpha1/rule.go b/client-go/applyconfigurations/core/v1alpha1/rule.go new file mode 100644 index 00000000..cbd9fc17 --- /dev/null +++ b/client-go/applyconfigurations/core/v1alpha1/rule.go @@ -0,0 +1,59 @@ +// SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and IronCore contributors +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1alpha1 + +// RuleApplyConfiguration represents an declarative configuration of the Rule type for use +// with apply. +type RuleApplyConfiguration struct { + CIDRBlock []IPBlockApplyConfiguration `json:"ipBlock,omitempty"` + ObjectIPs []ObjectIPApplyConfiguration `json:"ips,omitempty"` + NetworkPolicyPorts []NetworkPolicyPortApplyConfiguration `json:"networkPolicyPorts,omitempty"` +} + +// RuleApplyConfiguration constructs an declarative configuration of the Rule type for use with +// apply. +func Rule() *RuleApplyConfiguration { + return &RuleApplyConfiguration{} +} + +// WithCIDRBlock adds the given value to the CIDRBlock field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the CIDRBlock field. +func (b *RuleApplyConfiguration) WithCIDRBlock(values ...*IPBlockApplyConfiguration) *RuleApplyConfiguration { + for i := range values { + if values[i] == nil { + panic("nil value passed to WithCIDRBlock") + } + b.CIDRBlock = append(b.CIDRBlock, *values[i]) + } + return b +} + +// WithObjectIPs adds the given value to the ObjectIPs field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the ObjectIPs field. +func (b *RuleApplyConfiguration) WithObjectIPs(values ...*ObjectIPApplyConfiguration) *RuleApplyConfiguration { + for i := range values { + if values[i] == nil { + panic("nil value passed to WithObjectIPs") + } + b.ObjectIPs = append(b.ObjectIPs, *values[i]) + } + return b +} + +// WithNetworkPolicyPorts adds the given value to the NetworkPolicyPorts field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the NetworkPolicyPorts field. +func (b *RuleApplyConfiguration) WithNetworkPolicyPorts(values ...*NetworkPolicyPortApplyConfiguration) *RuleApplyConfiguration { + for i := range values { + if values[i] == nil { + panic("nil value passed to WithNetworkPolicyPorts") + } + b.NetworkPolicyPorts = append(b.NetworkPolicyPorts, *values[i]) + } + return b +} diff --git a/client-go/applyconfigurations/core/v1alpha1/targetnetworkinterface.go b/client-go/applyconfigurations/core/v1alpha1/targetnetworkinterface.go new file mode 100644 index 00000000..2ab5c3f8 --- /dev/null +++ b/client-go/applyconfigurations/core/v1alpha1/targetnetworkinterface.go @@ -0,0 +1,39 @@ +// SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and IronCore contributors +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + net "github.com/ironcore-dev/ironcore-net/apimachinery/api/net" +) + +// TargetNetworkInterfaceApplyConfiguration represents an declarative configuration of the TargetNetworkInterface type for use +// with apply. +type TargetNetworkInterfaceApplyConfiguration struct { + IP *net.IP `json:"ip,omitempty"` + TargetRef *LocalUIDReferenceApplyConfiguration `json:"targetRef,omitempty"` +} + +// TargetNetworkInterfaceApplyConfiguration constructs an declarative configuration of the TargetNetworkInterface type for use with +// apply. +func TargetNetworkInterface() *TargetNetworkInterfaceApplyConfiguration { + return &TargetNetworkInterfaceApplyConfiguration{} +} + +// WithIP sets the IP field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the IP field is set to the value of the last call. +func (b *TargetNetworkInterfaceApplyConfiguration) WithIP(value net.IP) *TargetNetworkInterfaceApplyConfiguration { + b.IP = &value + return b +} + +// WithTargetRef sets the TargetRef field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the TargetRef field is set to the value of the last call. +func (b *TargetNetworkInterfaceApplyConfiguration) WithTargetRef(value *LocalUIDReferenceApplyConfiguration) *TargetNetworkInterfaceApplyConfiguration { + b.TargetRef = value + return b +} diff --git a/client-go/applyconfigurations/internal/internal.go b/client-go/applyconfigurations/internal/internal.go index 27cc8965..9023ef8c 100644 --- a/client-go/applyconfigurations/internal/internal.go +++ b/client-go/applyconfigurations/internal/internal.go @@ -138,6 +138,18 @@ var schemaYAML = typed.YAMLObject(`types: - name: ip type: namedType: com.github.ironcore-dev.ironcore-net.apimachinery.api.net.IP +- name: com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.IPBlock + map: + fields: + - name: cidr + type: + namedType: com.github.ironcore-dev.ironcore-net.apimachinery.api.net.IPPrefix + - name: except + type: + list: + elementType: + namedType: com.github.ironcore-dev.ironcore-net.apimachinery.api.net.IPPrefix + elementRelationship: atomic - name: com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.IPClaimRef map: fields: @@ -411,6 +423,18 @@ var schemaYAML = typed.YAMLObject(`types: type: scalar: string default: "" +- name: com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.LocalUIDReference + map: + fields: + - name: name + type: + scalar: string + default: "" + - name: uid + type: + scalar: string + default: "" + elementRelationship: atomic - name: com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NATGateway map: fields: @@ -787,6 +811,144 @@ var schemaYAML = typed.YAMLObject(`types: - name: state type: scalar: string +- name: com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkPolicy + map: + fields: + - name: apiVersion + type: + scalar: string + - name: kind + type: + scalar: string + - name: metadata + type: + namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta + default: {} + - name: spec + type: + namedType: com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkPolicySpec + default: {} +- name: com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkPolicyEgressRule + map: + fields: + - name: ports + type: + list: + elementType: + namedType: com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkPolicyPort + elementRelationship: atomic + - name: to + type: + list: + elementType: + namedType: com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkPolicyPeer + elementRelationship: atomic +- name: com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkPolicyIngressRule + map: + fields: + - name: from + type: + list: + elementType: + namedType: com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkPolicyPeer + elementRelationship: atomic + - name: ports + type: + list: + elementType: + namedType: com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkPolicyPort + elementRelationship: atomic +- name: com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkPolicyPeer + map: + fields: + - name: ipBlock + type: + namedType: com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.IPBlock + - name: objectSelector + type: + namedType: com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.ObjectSelector +- name: com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkPolicyPort + map: + fields: + - name: endPort + type: + scalar: numeric + - name: port + type: + scalar: numeric + - name: protocol + type: + scalar: string +- name: com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkPolicyRule + map: + fields: + - name: apiVersion + type: + scalar: string + - name: egressRule + type: + list: + elementType: + namedType: com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Rule + elementRelationship: atomic + - name: ingressRule + type: + list: + elementType: + namedType: com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Rule + elementRelationship: atomic + - name: kind + type: + scalar: string + - name: metadata + type: + namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta + default: {} + - name: networkRef + type: + namedType: com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.LocalUIDReference + default: {} + - name: priority + type: + scalar: numeric + - name: targets + type: + list: + elementType: + namedType: com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.TargetNetworkInterface + elementRelationship: atomic +- name: com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkPolicySpec + map: + fields: + - name: egress + type: + list: + elementType: + namedType: com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkPolicyEgressRule + elementRelationship: atomic + - name: ingress + type: + list: + elementType: + namedType: com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkPolicyIngressRule + elementRelationship: atomic + - name: networkInterfaceSelector + type: + namedType: io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector + default: {} + - name: networkRef + type: + namedType: io.k8s.api.core.v1.LocalObjectReference + default: {} + - name: policyTypes + type: + list: + elementType: + scalar: string + elementRelationship: atomic + - name: priority + type: + scalar: numeric - name: com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkSpec map: fields: @@ -900,6 +1062,33 @@ var schemaYAML = typed.YAMLObject(`types: elementType: namedType: __untyped_deduced_ elementRelationship: separable +- name: com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.ObjectIP + map: + fields: + - name: ipFamily + type: + scalar: string + - name: prefix + type: + namedType: com.github.ironcore-dev.ironcore-net.apimachinery.api.net.IPPrefix +- name: com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.ObjectSelector + map: + fields: + - name: kind + type: + scalar: string + default: "" + - name: matchExpressions + type: + list: + elementType: + namedType: io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelectorRequirement + elementRelationship: atomic + - name: matchLabels + type: + map: + elementType: + scalar: string - name: com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.PCIAddress map: fields: @@ -915,6 +1104,36 @@ var schemaYAML = typed.YAMLObject(`types: - name: slot type: scalar: string +- name: com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Rule + map: + fields: + - name: ipBlock + type: + list: + elementType: + namedType: com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.IPBlock + elementRelationship: atomic + - name: ips + type: + list: + elementType: + namedType: com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.ObjectIP + elementRelationship: atomic + - name: networkPolicyPorts + type: + list: + elementType: + namedType: com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkPolicyPort + elementRelationship: atomic +- name: com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.TargetNetworkInterface + map: + fields: + - name: ip + type: + namedType: com.github.ironcore-dev.ironcore-net.apimachinery.api.net.IP + - name: targetRef + type: + namedType: com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.LocalUIDReference - name: com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.TopologySpreadConstraint map: fields: diff --git a/client-go/applyconfigurations/utils.go b/client-go/applyconfigurations/utils.go index b04cc99a..fd12a343 100644 --- a/client-go/applyconfigurations/utils.go +++ b/client-go/applyconfigurations/utils.go @@ -46,6 +46,8 @@ func ForKind(kind schema.GroupVersionKind) interface{} { return &corev1alpha1.IPAddressClaimRefApplyConfiguration{} case v1alpha1.SchemeGroupVersion.WithKind("IPAddressSpec"): return &corev1alpha1.IPAddressSpecApplyConfiguration{} + case v1alpha1.SchemeGroupVersion.WithKind("IPBlock"): + return &corev1alpha1.IPBlockApplyConfiguration{} case v1alpha1.SchemeGroupVersion.WithKind("IPClaimRef"): return &corev1alpha1.IPClaimRefApplyConfiguration{} case v1alpha1.SchemeGroupVersion.WithKind("IPSpec"): @@ -66,6 +68,8 @@ func ForKind(kind schema.GroupVersionKind) interface{} { return &corev1alpha1.LoadBalancerStatusApplyConfiguration{} case v1alpha1.SchemeGroupVersion.WithKind("LoadBalancerTargetRef"): return &corev1alpha1.LoadBalancerTargetRefApplyConfiguration{} + case v1alpha1.SchemeGroupVersion.WithKind("LocalUIDReference"): + return &corev1alpha1.LocalUIDReferenceApplyConfiguration{} case v1alpha1.SchemeGroupVersion.WithKind("NATGateway"): return &corev1alpha1.NATGatewayApplyConfiguration{} case v1alpha1.SchemeGroupVersion.WithKind("NATGatewayAutoscaler"): @@ -110,6 +114,20 @@ func ForKind(kind schema.GroupVersionKind) interface{} { return &corev1alpha1.NetworkPeeringApplyConfiguration{} case v1alpha1.SchemeGroupVersion.WithKind("NetworkPeeringStatus"): return &corev1alpha1.NetworkPeeringStatusApplyConfiguration{} + case v1alpha1.SchemeGroupVersion.WithKind("NetworkPolicy"): + return &corev1alpha1.NetworkPolicyApplyConfiguration{} + case v1alpha1.SchemeGroupVersion.WithKind("NetworkPolicyEgressRule"): + return &corev1alpha1.NetworkPolicyEgressRuleApplyConfiguration{} + case v1alpha1.SchemeGroupVersion.WithKind("NetworkPolicyIngressRule"): + return &corev1alpha1.NetworkPolicyIngressRuleApplyConfiguration{} + case v1alpha1.SchemeGroupVersion.WithKind("NetworkPolicyPeer"): + return &corev1alpha1.NetworkPolicyPeerApplyConfiguration{} + case v1alpha1.SchemeGroupVersion.WithKind("NetworkPolicyPort"): + return &corev1alpha1.NetworkPolicyPortApplyConfiguration{} + case v1alpha1.SchemeGroupVersion.WithKind("NetworkPolicyRule"): + return &corev1alpha1.NetworkPolicyRuleApplyConfiguration{} + case v1alpha1.SchemeGroupVersion.WithKind("NetworkPolicySpec"): + return &corev1alpha1.NetworkPolicySpecApplyConfiguration{} case v1alpha1.SchemeGroupVersion.WithKind("NetworkSpec"): return &corev1alpha1.NetworkSpecApplyConfiguration{} case v1alpha1.SchemeGroupVersion.WithKind("NetworkStatus"): @@ -124,8 +142,16 @@ func ForKind(kind schema.GroupVersionKind) interface{} { return &corev1alpha1.NodeSelectorRequirementApplyConfiguration{} case v1alpha1.SchemeGroupVersion.WithKind("NodeSelectorTerm"): return &corev1alpha1.NodeSelectorTermApplyConfiguration{} + case v1alpha1.SchemeGroupVersion.WithKind("ObjectIP"): + return &corev1alpha1.ObjectIPApplyConfiguration{} + case v1alpha1.SchemeGroupVersion.WithKind("ObjectSelector"): + return &corev1alpha1.ObjectSelectorApplyConfiguration{} case v1alpha1.SchemeGroupVersion.WithKind("PCIAddress"): return &corev1alpha1.PCIAddressApplyConfiguration{} + case v1alpha1.SchemeGroupVersion.WithKind("Rule"): + return &corev1alpha1.RuleApplyConfiguration{} + case v1alpha1.SchemeGroupVersion.WithKind("TargetNetworkInterface"): + return &corev1alpha1.TargetNetworkInterfaceApplyConfiguration{} case v1alpha1.SchemeGroupVersion.WithKind("TopologySpreadConstraint"): return &corev1alpha1.TopologySpreadConstraintApplyConfiguration{} diff --git a/client-go/informers/core/v1alpha1/interface.go b/client-go/informers/core/v1alpha1/interface.go index 736dbea0..618df28a 100644 --- a/client-go/informers/core/v1alpha1/interface.go +++ b/client-go/informers/core/v1alpha1/interface.go @@ -35,6 +35,10 @@ type Interface interface { NetworkIDs() NetworkIDInformer // NetworkInterfaces returns a NetworkInterfaceInformer. NetworkInterfaces() NetworkInterfaceInformer + // NetworkPolicies returns a NetworkPolicyInformer. + NetworkPolicies() NetworkPolicyInformer + // NetworkPolicyRules returns a NetworkPolicyRuleInformer. + NetworkPolicyRules() NetworkPolicyRuleInformer // Nodes returns a NodeInformer. Nodes() NodeInformer } @@ -110,6 +114,16 @@ func (v *version) NetworkInterfaces() NetworkInterfaceInformer { return &networkInterfaceInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} } +// NetworkPolicies returns a NetworkPolicyInformer. +func (v *version) NetworkPolicies() NetworkPolicyInformer { + return &networkPolicyInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} +} + +// NetworkPolicyRules returns a NetworkPolicyRuleInformer. +func (v *version) NetworkPolicyRules() NetworkPolicyRuleInformer { + return &networkPolicyRuleInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} +} + // Nodes returns a NodeInformer. func (v *version) Nodes() NodeInformer { return &nodeInformer{factory: v.factory, tweakListOptions: v.tweakListOptions} diff --git a/client-go/informers/core/v1alpha1/networkpolicy.go b/client-go/informers/core/v1alpha1/networkpolicy.go new file mode 100644 index 00000000..9b3dc84a --- /dev/null +++ b/client-go/informers/core/v1alpha1/networkpolicy.go @@ -0,0 +1,77 @@ +// SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and IronCore contributors +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by informer-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + "context" + time "time" + + corev1alpha1 "github.com/ironcore-dev/ironcore-net/api/core/v1alpha1" + internalinterfaces "github.com/ironcore-dev/ironcore-net/client-go/informers/internalinterfaces" + ironcorenet "github.com/ironcore-dev/ironcore-net/client-go/ironcorenet" + v1alpha1 "github.com/ironcore-dev/ironcore-net/client-go/listers/core/v1alpha1" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + runtime "k8s.io/apimachinery/pkg/runtime" + watch "k8s.io/apimachinery/pkg/watch" + cache "k8s.io/client-go/tools/cache" +) + +// NetworkPolicyInformer provides access to a shared informer and lister for +// NetworkPolicies. +type NetworkPolicyInformer interface { + Informer() cache.SharedIndexInformer + Lister() v1alpha1.NetworkPolicyLister +} + +type networkPolicyInformer struct { + factory internalinterfaces.SharedInformerFactory + tweakListOptions internalinterfaces.TweakListOptionsFunc + namespace string +} + +// NewNetworkPolicyInformer constructs a new informer for NetworkPolicy type. +// Always prefer using an informer factory to get a shared informer instead of getting an independent +// one. This reduces memory footprint and number of connections to the server. +func NewNetworkPolicyInformer(client ironcorenet.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { + return NewFilteredNetworkPolicyInformer(client, namespace, resyncPeriod, indexers, nil) +} + +// NewFilteredNetworkPolicyInformer constructs a new informer for NetworkPolicy type. +// Always prefer using an informer factory to get a shared informer instead of getting an independent +// one. This reduces memory footprint and number of connections to the server. +func NewFilteredNetworkPolicyInformer(client ironcorenet.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { + return cache.NewSharedIndexInformer( + &cache.ListWatch{ + ListFunc: func(options v1.ListOptions) (runtime.Object, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.CoreV1alpha1().NetworkPolicies(namespace).List(context.TODO(), options) + }, + WatchFunc: func(options v1.ListOptions) (watch.Interface, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.CoreV1alpha1().NetworkPolicies(namespace).Watch(context.TODO(), options) + }, + }, + &corev1alpha1.NetworkPolicy{}, + resyncPeriod, + indexers, + ) +} + +func (f *networkPolicyInformer) defaultInformer(client ironcorenet.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { + return NewFilteredNetworkPolicyInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) +} + +func (f *networkPolicyInformer) Informer() cache.SharedIndexInformer { + return f.factory.InformerFor(&corev1alpha1.NetworkPolicy{}, f.defaultInformer) +} + +func (f *networkPolicyInformer) Lister() v1alpha1.NetworkPolicyLister { + return v1alpha1.NewNetworkPolicyLister(f.Informer().GetIndexer()) +} diff --git a/client-go/informers/core/v1alpha1/networkpolicyrule.go b/client-go/informers/core/v1alpha1/networkpolicyrule.go new file mode 100644 index 00000000..5f5fcedb --- /dev/null +++ b/client-go/informers/core/v1alpha1/networkpolicyrule.go @@ -0,0 +1,77 @@ +// SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and IronCore contributors +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by informer-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + "context" + time "time" + + corev1alpha1 "github.com/ironcore-dev/ironcore-net/api/core/v1alpha1" + internalinterfaces "github.com/ironcore-dev/ironcore-net/client-go/informers/internalinterfaces" + ironcorenet "github.com/ironcore-dev/ironcore-net/client-go/ironcorenet" + v1alpha1 "github.com/ironcore-dev/ironcore-net/client-go/listers/core/v1alpha1" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + runtime "k8s.io/apimachinery/pkg/runtime" + watch "k8s.io/apimachinery/pkg/watch" + cache "k8s.io/client-go/tools/cache" +) + +// NetworkPolicyRuleInformer provides access to a shared informer and lister for +// NetworkPolicyRules. +type NetworkPolicyRuleInformer interface { + Informer() cache.SharedIndexInformer + Lister() v1alpha1.NetworkPolicyRuleLister +} + +type networkPolicyRuleInformer struct { + factory internalinterfaces.SharedInformerFactory + tweakListOptions internalinterfaces.TweakListOptionsFunc + namespace string +} + +// NewNetworkPolicyRuleInformer constructs a new informer for NetworkPolicyRule type. +// Always prefer using an informer factory to get a shared informer instead of getting an independent +// one. This reduces memory footprint and number of connections to the server. +func NewNetworkPolicyRuleInformer(client ironcorenet.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { + return NewFilteredNetworkPolicyRuleInformer(client, namespace, resyncPeriod, indexers, nil) +} + +// NewFilteredNetworkPolicyRuleInformer constructs a new informer for NetworkPolicyRule type. +// Always prefer using an informer factory to get a shared informer instead of getting an independent +// one. This reduces memory footprint and number of connections to the server. +func NewFilteredNetworkPolicyRuleInformer(client ironcorenet.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { + return cache.NewSharedIndexInformer( + &cache.ListWatch{ + ListFunc: func(options v1.ListOptions) (runtime.Object, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.CoreV1alpha1().NetworkPolicyRules(namespace).List(context.TODO(), options) + }, + WatchFunc: func(options v1.ListOptions) (watch.Interface, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.CoreV1alpha1().NetworkPolicyRules(namespace).Watch(context.TODO(), options) + }, + }, + &corev1alpha1.NetworkPolicyRule{}, + resyncPeriod, + indexers, + ) +} + +func (f *networkPolicyRuleInformer) defaultInformer(client ironcorenet.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { + return NewFilteredNetworkPolicyRuleInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) +} + +func (f *networkPolicyRuleInformer) Informer() cache.SharedIndexInformer { + return f.factory.InformerFor(&corev1alpha1.NetworkPolicyRule{}, f.defaultInformer) +} + +func (f *networkPolicyRuleInformer) Lister() v1alpha1.NetworkPolicyRuleLister { + return v1alpha1.NewNetworkPolicyRuleLister(f.Informer().GetIndexer()) +} diff --git a/client-go/informers/generic.go b/client-go/informers/generic.go index 7a1b9ff9..c404cd14 100644 --- a/client-go/informers/generic.go +++ b/client-go/informers/generic.go @@ -64,6 +64,10 @@ func (f *sharedInformerFactory) ForResource(resource schema.GroupVersionResource return &genericInformer{resource: resource.GroupResource(), informer: f.Core().V1alpha1().NetworkIDs().Informer()}, nil case v1alpha1.SchemeGroupVersion.WithResource("networkinterfaces"): return &genericInformer{resource: resource.GroupResource(), informer: f.Core().V1alpha1().NetworkInterfaces().Informer()}, nil + case v1alpha1.SchemeGroupVersion.WithResource("networkpolicies"): + return &genericInformer{resource: resource.GroupResource(), informer: f.Core().V1alpha1().NetworkPolicies().Informer()}, nil + case v1alpha1.SchemeGroupVersion.WithResource("networkpolicyrules"): + return &genericInformer{resource: resource.GroupResource(), informer: f.Core().V1alpha1().NetworkPolicyRules().Informer()}, nil case v1alpha1.SchemeGroupVersion.WithResource("nodes"): return &genericInformer{resource: resource.GroupResource(), informer: f.Core().V1alpha1().Nodes().Informer()}, nil diff --git a/client-go/ironcorenet/typed/core/v1alpha1/core_client.go b/client-go/ironcorenet/typed/core/v1alpha1/core_client.go index b11a16a1..0c4e37ac 100644 --- a/client-go/ironcorenet/typed/core/v1alpha1/core_client.go +++ b/client-go/ironcorenet/typed/core/v1alpha1/core_client.go @@ -27,6 +27,8 @@ type CoreV1alpha1Interface interface { NetworksGetter NetworkIDsGetter NetworkInterfacesGetter + NetworkPoliciesGetter + NetworkPolicyRulesGetter NodesGetter } @@ -83,6 +85,14 @@ func (c *CoreV1alpha1Client) NetworkInterfaces(namespace string) NetworkInterfac return newNetworkInterfaces(c, namespace) } +func (c *CoreV1alpha1Client) NetworkPolicies(namespace string) NetworkPolicyInterface { + return newNetworkPolicies(c, namespace) +} + +func (c *CoreV1alpha1Client) NetworkPolicyRules(namespace string) NetworkPolicyRuleInterface { + return newNetworkPolicyRules(c, namespace) +} + func (c *CoreV1alpha1Client) Nodes() NodeInterface { return newNodes(c) } diff --git a/client-go/ironcorenet/typed/core/v1alpha1/fake/fake_core_client.go b/client-go/ironcorenet/typed/core/v1alpha1/fake/fake_core_client.go index 04ae29d1..5d3db055 100644 --- a/client-go/ironcorenet/typed/core/v1alpha1/fake/fake_core_client.go +++ b/client-go/ironcorenet/typed/core/v1alpha1/fake/fake_core_client.go @@ -63,6 +63,14 @@ func (c *FakeCoreV1alpha1) NetworkInterfaces(namespace string) v1alpha1.NetworkI return &FakeNetworkInterfaces{c, namespace} } +func (c *FakeCoreV1alpha1) NetworkPolicies(namespace string) v1alpha1.NetworkPolicyInterface { + return &FakeNetworkPolicies{c, namespace} +} + +func (c *FakeCoreV1alpha1) NetworkPolicyRules(namespace string) v1alpha1.NetworkPolicyRuleInterface { + return &FakeNetworkPolicyRules{c, namespace} +} + func (c *FakeCoreV1alpha1) Nodes() v1alpha1.NodeInterface { return &FakeNodes{c} } diff --git a/client-go/ironcorenet/typed/core/v1alpha1/fake/fake_networkpolicy.go b/client-go/ironcorenet/typed/core/v1alpha1/fake/fake_networkpolicy.go new file mode 100644 index 00000000..f049464e --- /dev/null +++ b/client-go/ironcorenet/typed/core/v1alpha1/fake/fake_networkpolicy.go @@ -0,0 +1,141 @@ +// SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and IronCore contributors +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by client-gen. DO NOT EDIT. + +package fake + +import ( + "context" + json "encoding/json" + "fmt" + + v1alpha1 "github.com/ironcore-dev/ironcore-net/api/core/v1alpha1" + corev1alpha1 "github.com/ironcore-dev/ironcore-net/client-go/applyconfigurations/core/v1alpha1" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + labels "k8s.io/apimachinery/pkg/labels" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + testing "k8s.io/client-go/testing" +) + +// FakeNetworkPolicies implements NetworkPolicyInterface +type FakeNetworkPolicies struct { + Fake *FakeCoreV1alpha1 + ns string +} + +var networkpoliciesResource = v1alpha1.SchemeGroupVersion.WithResource("networkpolicies") + +var networkpoliciesKind = v1alpha1.SchemeGroupVersion.WithKind("NetworkPolicy") + +// Get takes name of the networkPolicy, and returns the corresponding networkPolicy object, and an error if there is any. +func (c *FakeNetworkPolicies) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.NetworkPolicy, err error) { + obj, err := c.Fake. + Invokes(testing.NewGetAction(networkpoliciesResource, c.ns, name), &v1alpha1.NetworkPolicy{}) + + if obj == nil { + return nil, err + } + return obj.(*v1alpha1.NetworkPolicy), err +} + +// List takes label and field selectors, and returns the list of NetworkPolicies that match those selectors. +func (c *FakeNetworkPolicies) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.NetworkPolicyList, err error) { + obj, err := c.Fake. + Invokes(testing.NewListAction(networkpoliciesResource, networkpoliciesKind, c.ns, opts), &v1alpha1.NetworkPolicyList{}) + + if obj == nil { + return nil, err + } + + label, _, _ := testing.ExtractFromListOptions(opts) + if label == nil { + label = labels.Everything() + } + list := &v1alpha1.NetworkPolicyList{ListMeta: obj.(*v1alpha1.NetworkPolicyList).ListMeta} + for _, item := range obj.(*v1alpha1.NetworkPolicyList).Items { + if label.Matches(labels.Set(item.Labels)) { + list.Items = append(list.Items, item) + } + } + return list, err +} + +// Watch returns a watch.Interface that watches the requested networkPolicies. +func (c *FakeNetworkPolicies) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { + return c.Fake. + InvokesWatch(testing.NewWatchAction(networkpoliciesResource, c.ns, opts)) + +} + +// Create takes the representation of a networkPolicy and creates it. Returns the server's representation of the networkPolicy, and an error, if there is any. +func (c *FakeNetworkPolicies) Create(ctx context.Context, networkPolicy *v1alpha1.NetworkPolicy, opts v1.CreateOptions) (result *v1alpha1.NetworkPolicy, err error) { + obj, err := c.Fake. + Invokes(testing.NewCreateAction(networkpoliciesResource, c.ns, networkPolicy), &v1alpha1.NetworkPolicy{}) + + if obj == nil { + return nil, err + } + return obj.(*v1alpha1.NetworkPolicy), err +} + +// Update takes the representation of a networkPolicy and updates it. Returns the server's representation of the networkPolicy, and an error, if there is any. +func (c *FakeNetworkPolicies) Update(ctx context.Context, networkPolicy *v1alpha1.NetworkPolicy, opts v1.UpdateOptions) (result *v1alpha1.NetworkPolicy, err error) { + obj, err := c.Fake. + Invokes(testing.NewUpdateAction(networkpoliciesResource, c.ns, networkPolicy), &v1alpha1.NetworkPolicy{}) + + if obj == nil { + return nil, err + } + return obj.(*v1alpha1.NetworkPolicy), err +} + +// Delete takes name of the networkPolicy and deletes it. Returns an error if one occurs. +func (c *FakeNetworkPolicies) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { + _, err := c.Fake. + Invokes(testing.NewDeleteActionWithOptions(networkpoliciesResource, c.ns, name, opts), &v1alpha1.NetworkPolicy{}) + + return err +} + +// DeleteCollection deletes a collection of objects. +func (c *FakeNetworkPolicies) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { + action := testing.NewDeleteCollectionAction(networkpoliciesResource, c.ns, listOpts) + + _, err := c.Fake.Invokes(action, &v1alpha1.NetworkPolicyList{}) + return err +} + +// Patch applies the patch and returns the patched networkPolicy. +func (c *FakeNetworkPolicies) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.NetworkPolicy, err error) { + obj, err := c.Fake. + Invokes(testing.NewPatchSubresourceAction(networkpoliciesResource, c.ns, name, pt, data, subresources...), &v1alpha1.NetworkPolicy{}) + + if obj == nil { + return nil, err + } + return obj.(*v1alpha1.NetworkPolicy), err +} + +// Apply takes the given apply declarative configuration, applies it and returns the applied networkPolicy. +func (c *FakeNetworkPolicies) Apply(ctx context.Context, networkPolicy *corev1alpha1.NetworkPolicyApplyConfiguration, opts v1.ApplyOptions) (result *v1alpha1.NetworkPolicy, err error) { + if networkPolicy == nil { + return nil, fmt.Errorf("networkPolicy provided to Apply must not be nil") + } + data, err := json.Marshal(networkPolicy) + if err != nil { + return nil, err + } + name := networkPolicy.Name + if name == nil { + return nil, fmt.Errorf("networkPolicy.Name must be provided to Apply") + } + obj, err := c.Fake. + Invokes(testing.NewPatchSubresourceAction(networkpoliciesResource, c.ns, *name, types.ApplyPatchType, data), &v1alpha1.NetworkPolicy{}) + + if obj == nil { + return nil, err + } + return obj.(*v1alpha1.NetworkPolicy), err +} diff --git a/client-go/ironcorenet/typed/core/v1alpha1/fake/fake_networkpolicyrule.go b/client-go/ironcorenet/typed/core/v1alpha1/fake/fake_networkpolicyrule.go new file mode 100644 index 00000000..fef99157 --- /dev/null +++ b/client-go/ironcorenet/typed/core/v1alpha1/fake/fake_networkpolicyrule.go @@ -0,0 +1,141 @@ +// SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and IronCore contributors +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by client-gen. DO NOT EDIT. + +package fake + +import ( + "context" + json "encoding/json" + "fmt" + + v1alpha1 "github.com/ironcore-dev/ironcore-net/api/core/v1alpha1" + corev1alpha1 "github.com/ironcore-dev/ironcore-net/client-go/applyconfigurations/core/v1alpha1" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + labels "k8s.io/apimachinery/pkg/labels" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + testing "k8s.io/client-go/testing" +) + +// FakeNetworkPolicyRules implements NetworkPolicyRuleInterface +type FakeNetworkPolicyRules struct { + Fake *FakeCoreV1alpha1 + ns string +} + +var networkpolicyrulesResource = v1alpha1.SchemeGroupVersion.WithResource("networkpolicyrules") + +var networkpolicyrulesKind = v1alpha1.SchemeGroupVersion.WithKind("NetworkPolicyRule") + +// Get takes name of the networkPolicyRule, and returns the corresponding networkPolicyRule object, and an error if there is any. +func (c *FakeNetworkPolicyRules) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.NetworkPolicyRule, err error) { + obj, err := c.Fake. + Invokes(testing.NewGetAction(networkpolicyrulesResource, c.ns, name), &v1alpha1.NetworkPolicyRule{}) + + if obj == nil { + return nil, err + } + return obj.(*v1alpha1.NetworkPolicyRule), err +} + +// List takes label and field selectors, and returns the list of NetworkPolicyRules that match those selectors. +func (c *FakeNetworkPolicyRules) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.NetworkPolicyRuleList, err error) { + obj, err := c.Fake. + Invokes(testing.NewListAction(networkpolicyrulesResource, networkpolicyrulesKind, c.ns, opts), &v1alpha1.NetworkPolicyRuleList{}) + + if obj == nil { + return nil, err + } + + label, _, _ := testing.ExtractFromListOptions(opts) + if label == nil { + label = labels.Everything() + } + list := &v1alpha1.NetworkPolicyRuleList{ListMeta: obj.(*v1alpha1.NetworkPolicyRuleList).ListMeta} + for _, item := range obj.(*v1alpha1.NetworkPolicyRuleList).Items { + if label.Matches(labels.Set(item.Labels)) { + list.Items = append(list.Items, item) + } + } + return list, err +} + +// Watch returns a watch.Interface that watches the requested networkPolicyRules. +func (c *FakeNetworkPolicyRules) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { + return c.Fake. + InvokesWatch(testing.NewWatchAction(networkpolicyrulesResource, c.ns, opts)) + +} + +// Create takes the representation of a networkPolicyRule and creates it. Returns the server's representation of the networkPolicyRule, and an error, if there is any. +func (c *FakeNetworkPolicyRules) Create(ctx context.Context, networkPolicyRule *v1alpha1.NetworkPolicyRule, opts v1.CreateOptions) (result *v1alpha1.NetworkPolicyRule, err error) { + obj, err := c.Fake. + Invokes(testing.NewCreateAction(networkpolicyrulesResource, c.ns, networkPolicyRule), &v1alpha1.NetworkPolicyRule{}) + + if obj == nil { + return nil, err + } + return obj.(*v1alpha1.NetworkPolicyRule), err +} + +// Update takes the representation of a networkPolicyRule and updates it. Returns the server's representation of the networkPolicyRule, and an error, if there is any. +func (c *FakeNetworkPolicyRules) Update(ctx context.Context, networkPolicyRule *v1alpha1.NetworkPolicyRule, opts v1.UpdateOptions) (result *v1alpha1.NetworkPolicyRule, err error) { + obj, err := c.Fake. + Invokes(testing.NewUpdateAction(networkpolicyrulesResource, c.ns, networkPolicyRule), &v1alpha1.NetworkPolicyRule{}) + + if obj == nil { + return nil, err + } + return obj.(*v1alpha1.NetworkPolicyRule), err +} + +// Delete takes name of the networkPolicyRule and deletes it. Returns an error if one occurs. +func (c *FakeNetworkPolicyRules) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { + _, err := c.Fake. + Invokes(testing.NewDeleteActionWithOptions(networkpolicyrulesResource, c.ns, name, opts), &v1alpha1.NetworkPolicyRule{}) + + return err +} + +// DeleteCollection deletes a collection of objects. +func (c *FakeNetworkPolicyRules) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { + action := testing.NewDeleteCollectionAction(networkpolicyrulesResource, c.ns, listOpts) + + _, err := c.Fake.Invokes(action, &v1alpha1.NetworkPolicyRuleList{}) + return err +} + +// Patch applies the patch and returns the patched networkPolicyRule. +func (c *FakeNetworkPolicyRules) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.NetworkPolicyRule, err error) { + obj, err := c.Fake. + Invokes(testing.NewPatchSubresourceAction(networkpolicyrulesResource, c.ns, name, pt, data, subresources...), &v1alpha1.NetworkPolicyRule{}) + + if obj == nil { + return nil, err + } + return obj.(*v1alpha1.NetworkPolicyRule), err +} + +// Apply takes the given apply declarative configuration, applies it and returns the applied networkPolicyRule. +func (c *FakeNetworkPolicyRules) Apply(ctx context.Context, networkPolicyRule *corev1alpha1.NetworkPolicyRuleApplyConfiguration, opts v1.ApplyOptions) (result *v1alpha1.NetworkPolicyRule, err error) { + if networkPolicyRule == nil { + return nil, fmt.Errorf("networkPolicyRule provided to Apply must not be nil") + } + data, err := json.Marshal(networkPolicyRule) + if err != nil { + return nil, err + } + name := networkPolicyRule.Name + if name == nil { + return nil, fmt.Errorf("networkPolicyRule.Name must be provided to Apply") + } + obj, err := c.Fake. + Invokes(testing.NewPatchSubresourceAction(networkpolicyrulesResource, c.ns, *name, types.ApplyPatchType, data), &v1alpha1.NetworkPolicyRule{}) + + if obj == nil { + return nil, err + } + return obj.(*v1alpha1.NetworkPolicyRule), err +} diff --git a/client-go/ironcorenet/typed/core/v1alpha1/generated_expansion.go b/client-go/ironcorenet/typed/core/v1alpha1/generated_expansion.go index 9b2f74c5..53f65c8c 100644 --- a/client-go/ironcorenet/typed/core/v1alpha1/generated_expansion.go +++ b/client-go/ironcorenet/typed/core/v1alpha1/generated_expansion.go @@ -29,4 +29,8 @@ type NetworkIDExpansion interface{} type NetworkInterfaceExpansion interface{} +type NetworkPolicyExpansion interface{} + +type NetworkPolicyRuleExpansion interface{} + type NodeExpansion interface{} diff --git a/client-go/ironcorenet/typed/core/v1alpha1/networkpolicy.go b/client-go/ironcorenet/typed/core/v1alpha1/networkpolicy.go new file mode 100644 index 00000000..1de7d117 --- /dev/null +++ b/client-go/ironcorenet/typed/core/v1alpha1/networkpolicy.go @@ -0,0 +1,195 @@ +// SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and IronCore contributors +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by client-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + "context" + json "encoding/json" + "fmt" + "time" + + v1alpha1 "github.com/ironcore-dev/ironcore-net/api/core/v1alpha1" + corev1alpha1 "github.com/ironcore-dev/ironcore-net/client-go/applyconfigurations/core/v1alpha1" + scheme "github.com/ironcore-dev/ironcore-net/client-go/ironcorenet/scheme" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + rest "k8s.io/client-go/rest" +) + +// NetworkPoliciesGetter has a method to return a NetworkPolicyInterface. +// A group's client should implement this interface. +type NetworkPoliciesGetter interface { + NetworkPolicies(namespace string) NetworkPolicyInterface +} + +// NetworkPolicyInterface has methods to work with NetworkPolicy resources. +type NetworkPolicyInterface interface { + Create(ctx context.Context, networkPolicy *v1alpha1.NetworkPolicy, opts v1.CreateOptions) (*v1alpha1.NetworkPolicy, error) + Update(ctx context.Context, networkPolicy *v1alpha1.NetworkPolicy, opts v1.UpdateOptions) (*v1alpha1.NetworkPolicy, error) + Delete(ctx context.Context, name string, opts v1.DeleteOptions) error + DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error + Get(ctx context.Context, name string, opts v1.GetOptions) (*v1alpha1.NetworkPolicy, error) + List(ctx context.Context, opts v1.ListOptions) (*v1alpha1.NetworkPolicyList, error) + Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) + Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.NetworkPolicy, err error) + Apply(ctx context.Context, networkPolicy *corev1alpha1.NetworkPolicyApplyConfiguration, opts v1.ApplyOptions) (result *v1alpha1.NetworkPolicy, err error) + NetworkPolicyExpansion +} + +// networkPolicies implements NetworkPolicyInterface +type networkPolicies struct { + client rest.Interface + ns string +} + +// newNetworkPolicies returns a NetworkPolicies +func newNetworkPolicies(c *CoreV1alpha1Client, namespace string) *networkPolicies { + return &networkPolicies{ + client: c.RESTClient(), + ns: namespace, + } +} + +// Get takes name of the networkPolicy, and returns the corresponding networkPolicy object, and an error if there is any. +func (c *networkPolicies) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.NetworkPolicy, err error) { + result = &v1alpha1.NetworkPolicy{} + err = c.client.Get(). + Namespace(c.ns). + Resource("networkpolicies"). + Name(name). + VersionedParams(&options, scheme.ParameterCodec). + Do(ctx). + Into(result) + return +} + +// List takes label and field selectors, and returns the list of NetworkPolicies that match those selectors. +func (c *networkPolicies) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.NetworkPolicyList, err error) { + var timeout time.Duration + if opts.TimeoutSeconds != nil { + timeout = time.Duration(*opts.TimeoutSeconds) * time.Second + } + result = &v1alpha1.NetworkPolicyList{} + err = c.client.Get(). + Namespace(c.ns). + Resource("networkpolicies"). + VersionedParams(&opts, scheme.ParameterCodec). + Timeout(timeout). + Do(ctx). + Into(result) + return +} + +// Watch returns a watch.Interface that watches the requested networkPolicies. +func (c *networkPolicies) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { + var timeout time.Duration + if opts.TimeoutSeconds != nil { + timeout = time.Duration(*opts.TimeoutSeconds) * time.Second + } + opts.Watch = true + return c.client.Get(). + Namespace(c.ns). + Resource("networkpolicies"). + VersionedParams(&opts, scheme.ParameterCodec). + Timeout(timeout). + Watch(ctx) +} + +// Create takes the representation of a networkPolicy and creates it. Returns the server's representation of the networkPolicy, and an error, if there is any. +func (c *networkPolicies) Create(ctx context.Context, networkPolicy *v1alpha1.NetworkPolicy, opts v1.CreateOptions) (result *v1alpha1.NetworkPolicy, err error) { + result = &v1alpha1.NetworkPolicy{} + err = c.client.Post(). + Namespace(c.ns). + Resource("networkpolicies"). + VersionedParams(&opts, scheme.ParameterCodec). + Body(networkPolicy). + Do(ctx). + Into(result) + return +} + +// Update takes the representation of a networkPolicy and updates it. Returns the server's representation of the networkPolicy, and an error, if there is any. +func (c *networkPolicies) Update(ctx context.Context, networkPolicy *v1alpha1.NetworkPolicy, opts v1.UpdateOptions) (result *v1alpha1.NetworkPolicy, err error) { + result = &v1alpha1.NetworkPolicy{} + err = c.client.Put(). + Namespace(c.ns). + Resource("networkpolicies"). + Name(networkPolicy.Name). + VersionedParams(&opts, scheme.ParameterCodec). + Body(networkPolicy). + Do(ctx). + Into(result) + return +} + +// Delete takes name of the networkPolicy and deletes it. Returns an error if one occurs. +func (c *networkPolicies) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { + return c.client.Delete(). + Namespace(c.ns). + Resource("networkpolicies"). + Name(name). + Body(&opts). + Do(ctx). + Error() +} + +// DeleteCollection deletes a collection of objects. +func (c *networkPolicies) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { + var timeout time.Duration + if listOpts.TimeoutSeconds != nil { + timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second + } + return c.client.Delete(). + Namespace(c.ns). + Resource("networkpolicies"). + VersionedParams(&listOpts, scheme.ParameterCodec). + Timeout(timeout). + Body(&opts). + Do(ctx). + Error() +} + +// Patch applies the patch and returns the patched networkPolicy. +func (c *networkPolicies) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.NetworkPolicy, err error) { + result = &v1alpha1.NetworkPolicy{} + err = c.client.Patch(pt). + Namespace(c.ns). + Resource("networkpolicies"). + Name(name). + SubResource(subresources...). + VersionedParams(&opts, scheme.ParameterCodec). + Body(data). + Do(ctx). + Into(result) + return +} + +// Apply takes the given apply declarative configuration, applies it and returns the applied networkPolicy. +func (c *networkPolicies) Apply(ctx context.Context, networkPolicy *corev1alpha1.NetworkPolicyApplyConfiguration, opts v1.ApplyOptions) (result *v1alpha1.NetworkPolicy, err error) { + if networkPolicy == nil { + return nil, fmt.Errorf("networkPolicy provided to Apply must not be nil") + } + patchOpts := opts.ToPatchOptions() + data, err := json.Marshal(networkPolicy) + if err != nil { + return nil, err + } + name := networkPolicy.Name + if name == nil { + return nil, fmt.Errorf("networkPolicy.Name must be provided to Apply") + } + result = &v1alpha1.NetworkPolicy{} + err = c.client.Patch(types.ApplyPatchType). + Namespace(c.ns). + Resource("networkpolicies"). + Name(*name). + VersionedParams(&patchOpts, scheme.ParameterCodec). + Body(data). + Do(ctx). + Into(result) + return +} diff --git a/client-go/ironcorenet/typed/core/v1alpha1/networkpolicyrule.go b/client-go/ironcorenet/typed/core/v1alpha1/networkpolicyrule.go new file mode 100644 index 00000000..7200e79b --- /dev/null +++ b/client-go/ironcorenet/typed/core/v1alpha1/networkpolicyrule.go @@ -0,0 +1,195 @@ +// SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and IronCore contributors +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by client-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + "context" + json "encoding/json" + "fmt" + "time" + + v1alpha1 "github.com/ironcore-dev/ironcore-net/api/core/v1alpha1" + corev1alpha1 "github.com/ironcore-dev/ironcore-net/client-go/applyconfigurations/core/v1alpha1" + scheme "github.com/ironcore-dev/ironcore-net/client-go/ironcorenet/scheme" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + rest "k8s.io/client-go/rest" +) + +// NetworkPolicyRulesGetter has a method to return a NetworkPolicyRuleInterface. +// A group's client should implement this interface. +type NetworkPolicyRulesGetter interface { + NetworkPolicyRules(namespace string) NetworkPolicyRuleInterface +} + +// NetworkPolicyRuleInterface has methods to work with NetworkPolicyRule resources. +type NetworkPolicyRuleInterface interface { + Create(ctx context.Context, networkPolicyRule *v1alpha1.NetworkPolicyRule, opts v1.CreateOptions) (*v1alpha1.NetworkPolicyRule, error) + Update(ctx context.Context, networkPolicyRule *v1alpha1.NetworkPolicyRule, opts v1.UpdateOptions) (*v1alpha1.NetworkPolicyRule, error) + Delete(ctx context.Context, name string, opts v1.DeleteOptions) error + DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error + Get(ctx context.Context, name string, opts v1.GetOptions) (*v1alpha1.NetworkPolicyRule, error) + List(ctx context.Context, opts v1.ListOptions) (*v1alpha1.NetworkPolicyRuleList, error) + Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) + Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.NetworkPolicyRule, err error) + Apply(ctx context.Context, networkPolicyRule *corev1alpha1.NetworkPolicyRuleApplyConfiguration, opts v1.ApplyOptions) (result *v1alpha1.NetworkPolicyRule, err error) + NetworkPolicyRuleExpansion +} + +// networkPolicyRules implements NetworkPolicyRuleInterface +type networkPolicyRules struct { + client rest.Interface + ns string +} + +// newNetworkPolicyRules returns a NetworkPolicyRules +func newNetworkPolicyRules(c *CoreV1alpha1Client, namespace string) *networkPolicyRules { + return &networkPolicyRules{ + client: c.RESTClient(), + ns: namespace, + } +} + +// Get takes name of the networkPolicyRule, and returns the corresponding networkPolicyRule object, and an error if there is any. +func (c *networkPolicyRules) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.NetworkPolicyRule, err error) { + result = &v1alpha1.NetworkPolicyRule{} + err = c.client.Get(). + Namespace(c.ns). + Resource("networkpolicyrules"). + Name(name). + VersionedParams(&options, scheme.ParameterCodec). + Do(ctx). + Into(result) + return +} + +// List takes label and field selectors, and returns the list of NetworkPolicyRules that match those selectors. +func (c *networkPolicyRules) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.NetworkPolicyRuleList, err error) { + var timeout time.Duration + if opts.TimeoutSeconds != nil { + timeout = time.Duration(*opts.TimeoutSeconds) * time.Second + } + result = &v1alpha1.NetworkPolicyRuleList{} + err = c.client.Get(). + Namespace(c.ns). + Resource("networkpolicyrules"). + VersionedParams(&opts, scheme.ParameterCodec). + Timeout(timeout). + Do(ctx). + Into(result) + return +} + +// Watch returns a watch.Interface that watches the requested networkPolicyRules. +func (c *networkPolicyRules) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { + var timeout time.Duration + if opts.TimeoutSeconds != nil { + timeout = time.Duration(*opts.TimeoutSeconds) * time.Second + } + opts.Watch = true + return c.client.Get(). + Namespace(c.ns). + Resource("networkpolicyrules"). + VersionedParams(&opts, scheme.ParameterCodec). + Timeout(timeout). + Watch(ctx) +} + +// Create takes the representation of a networkPolicyRule and creates it. Returns the server's representation of the networkPolicyRule, and an error, if there is any. +func (c *networkPolicyRules) Create(ctx context.Context, networkPolicyRule *v1alpha1.NetworkPolicyRule, opts v1.CreateOptions) (result *v1alpha1.NetworkPolicyRule, err error) { + result = &v1alpha1.NetworkPolicyRule{} + err = c.client.Post(). + Namespace(c.ns). + Resource("networkpolicyrules"). + VersionedParams(&opts, scheme.ParameterCodec). + Body(networkPolicyRule). + Do(ctx). + Into(result) + return +} + +// Update takes the representation of a networkPolicyRule and updates it. Returns the server's representation of the networkPolicyRule, and an error, if there is any. +func (c *networkPolicyRules) Update(ctx context.Context, networkPolicyRule *v1alpha1.NetworkPolicyRule, opts v1.UpdateOptions) (result *v1alpha1.NetworkPolicyRule, err error) { + result = &v1alpha1.NetworkPolicyRule{} + err = c.client.Put(). + Namespace(c.ns). + Resource("networkpolicyrules"). + Name(networkPolicyRule.Name). + VersionedParams(&opts, scheme.ParameterCodec). + Body(networkPolicyRule). + Do(ctx). + Into(result) + return +} + +// Delete takes name of the networkPolicyRule and deletes it. Returns an error if one occurs. +func (c *networkPolicyRules) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { + return c.client.Delete(). + Namespace(c.ns). + Resource("networkpolicyrules"). + Name(name). + Body(&opts). + Do(ctx). + Error() +} + +// DeleteCollection deletes a collection of objects. +func (c *networkPolicyRules) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { + var timeout time.Duration + if listOpts.TimeoutSeconds != nil { + timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second + } + return c.client.Delete(). + Namespace(c.ns). + Resource("networkpolicyrules"). + VersionedParams(&listOpts, scheme.ParameterCodec). + Timeout(timeout). + Body(&opts). + Do(ctx). + Error() +} + +// Patch applies the patch and returns the patched networkPolicyRule. +func (c *networkPolicyRules) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.NetworkPolicyRule, err error) { + result = &v1alpha1.NetworkPolicyRule{} + err = c.client.Patch(pt). + Namespace(c.ns). + Resource("networkpolicyrules"). + Name(name). + SubResource(subresources...). + VersionedParams(&opts, scheme.ParameterCodec). + Body(data). + Do(ctx). + Into(result) + return +} + +// Apply takes the given apply declarative configuration, applies it and returns the applied networkPolicyRule. +func (c *networkPolicyRules) Apply(ctx context.Context, networkPolicyRule *corev1alpha1.NetworkPolicyRuleApplyConfiguration, opts v1.ApplyOptions) (result *v1alpha1.NetworkPolicyRule, err error) { + if networkPolicyRule == nil { + return nil, fmt.Errorf("networkPolicyRule provided to Apply must not be nil") + } + patchOpts := opts.ToPatchOptions() + data, err := json.Marshal(networkPolicyRule) + if err != nil { + return nil, err + } + name := networkPolicyRule.Name + if name == nil { + return nil, fmt.Errorf("networkPolicyRule.Name must be provided to Apply") + } + result = &v1alpha1.NetworkPolicyRule{} + err = c.client.Patch(types.ApplyPatchType). + Namespace(c.ns). + Resource("networkpolicyrules"). + Name(*name). + VersionedParams(&patchOpts, scheme.ParameterCodec). + Body(data). + Do(ctx). + Into(result) + return +} diff --git a/client-go/listers/core/v1alpha1/expansion_generated.go b/client-go/listers/core/v1alpha1/expansion_generated.go index 23e5ad4f..63420d15 100644 --- a/client-go/listers/core/v1alpha1/expansion_generated.go +++ b/client-go/listers/core/v1alpha1/expansion_generated.go @@ -93,6 +93,22 @@ type NetworkInterfaceListerExpansion interface{} // NetworkInterfaceNamespaceLister. type NetworkInterfaceNamespaceListerExpansion interface{} +// NetworkPolicyListerExpansion allows custom methods to be added to +// NetworkPolicyLister. +type NetworkPolicyListerExpansion interface{} + +// NetworkPolicyNamespaceListerExpansion allows custom methods to be added to +// NetworkPolicyNamespaceLister. +type NetworkPolicyNamespaceListerExpansion interface{} + +// NetworkPolicyRuleListerExpansion allows custom methods to be added to +// NetworkPolicyRuleLister. +type NetworkPolicyRuleListerExpansion interface{} + +// NetworkPolicyRuleNamespaceListerExpansion allows custom methods to be added to +// NetworkPolicyRuleNamespaceLister. +type NetworkPolicyRuleNamespaceListerExpansion interface{} + // NodeListerExpansion allows custom methods to be added to // NodeLister. type NodeListerExpansion interface{} diff --git a/client-go/listers/core/v1alpha1/networkpolicy.go b/client-go/listers/core/v1alpha1/networkpolicy.go new file mode 100644 index 00000000..87f169b0 --- /dev/null +++ b/client-go/listers/core/v1alpha1/networkpolicy.go @@ -0,0 +1,86 @@ +// SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and IronCore contributors +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by lister-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + v1alpha1 "github.com/ironcore-dev/ironcore-net/api/core/v1alpha1" + "k8s.io/apimachinery/pkg/api/errors" + "k8s.io/apimachinery/pkg/labels" + "k8s.io/client-go/tools/cache" +) + +// NetworkPolicyLister helps list NetworkPolicies. +// All objects returned here must be treated as read-only. +type NetworkPolicyLister interface { + // List lists all NetworkPolicies in the indexer. + // Objects returned here must be treated as read-only. + List(selector labels.Selector) (ret []*v1alpha1.NetworkPolicy, err error) + // NetworkPolicies returns an object that can list and get NetworkPolicies. + NetworkPolicies(namespace string) NetworkPolicyNamespaceLister + NetworkPolicyListerExpansion +} + +// networkPolicyLister implements the NetworkPolicyLister interface. +type networkPolicyLister struct { + indexer cache.Indexer +} + +// NewNetworkPolicyLister returns a new NetworkPolicyLister. +func NewNetworkPolicyLister(indexer cache.Indexer) NetworkPolicyLister { + return &networkPolicyLister{indexer: indexer} +} + +// List lists all NetworkPolicies in the indexer. +func (s *networkPolicyLister) List(selector labels.Selector) (ret []*v1alpha1.NetworkPolicy, err error) { + err = cache.ListAll(s.indexer, selector, func(m interface{}) { + ret = append(ret, m.(*v1alpha1.NetworkPolicy)) + }) + return ret, err +} + +// NetworkPolicies returns an object that can list and get NetworkPolicies. +func (s *networkPolicyLister) NetworkPolicies(namespace string) NetworkPolicyNamespaceLister { + return networkPolicyNamespaceLister{indexer: s.indexer, namespace: namespace} +} + +// NetworkPolicyNamespaceLister helps list and get NetworkPolicies. +// All objects returned here must be treated as read-only. +type NetworkPolicyNamespaceLister interface { + // List lists all NetworkPolicies in the indexer for a given namespace. + // Objects returned here must be treated as read-only. + List(selector labels.Selector) (ret []*v1alpha1.NetworkPolicy, err error) + // Get retrieves the NetworkPolicy from the indexer for a given namespace and name. + // Objects returned here must be treated as read-only. + Get(name string) (*v1alpha1.NetworkPolicy, error) + NetworkPolicyNamespaceListerExpansion +} + +// networkPolicyNamespaceLister implements the NetworkPolicyNamespaceLister +// interface. +type networkPolicyNamespaceLister struct { + indexer cache.Indexer + namespace string +} + +// List lists all NetworkPolicies in the indexer for a given namespace. +func (s networkPolicyNamespaceLister) List(selector labels.Selector) (ret []*v1alpha1.NetworkPolicy, err error) { + err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) { + ret = append(ret, m.(*v1alpha1.NetworkPolicy)) + }) + return ret, err +} + +// Get retrieves the NetworkPolicy from the indexer for a given namespace and name. +func (s networkPolicyNamespaceLister) Get(name string) (*v1alpha1.NetworkPolicy, error) { + obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name) + if err != nil { + return nil, err + } + if !exists { + return nil, errors.NewNotFound(v1alpha1.Resource("networkpolicy"), name) + } + return obj.(*v1alpha1.NetworkPolicy), nil +} diff --git a/client-go/listers/core/v1alpha1/networkpolicyrule.go b/client-go/listers/core/v1alpha1/networkpolicyrule.go new file mode 100644 index 00000000..c58b4808 --- /dev/null +++ b/client-go/listers/core/v1alpha1/networkpolicyrule.go @@ -0,0 +1,86 @@ +// SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and IronCore contributors +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by lister-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + v1alpha1 "github.com/ironcore-dev/ironcore-net/api/core/v1alpha1" + "k8s.io/apimachinery/pkg/api/errors" + "k8s.io/apimachinery/pkg/labels" + "k8s.io/client-go/tools/cache" +) + +// NetworkPolicyRuleLister helps list NetworkPolicyRules. +// All objects returned here must be treated as read-only. +type NetworkPolicyRuleLister interface { + // List lists all NetworkPolicyRules in the indexer. + // Objects returned here must be treated as read-only. + List(selector labels.Selector) (ret []*v1alpha1.NetworkPolicyRule, err error) + // NetworkPolicyRules returns an object that can list and get NetworkPolicyRules. + NetworkPolicyRules(namespace string) NetworkPolicyRuleNamespaceLister + NetworkPolicyRuleListerExpansion +} + +// networkPolicyRuleLister implements the NetworkPolicyRuleLister interface. +type networkPolicyRuleLister struct { + indexer cache.Indexer +} + +// NewNetworkPolicyRuleLister returns a new NetworkPolicyRuleLister. +func NewNetworkPolicyRuleLister(indexer cache.Indexer) NetworkPolicyRuleLister { + return &networkPolicyRuleLister{indexer: indexer} +} + +// List lists all NetworkPolicyRules in the indexer. +func (s *networkPolicyRuleLister) List(selector labels.Selector) (ret []*v1alpha1.NetworkPolicyRule, err error) { + err = cache.ListAll(s.indexer, selector, func(m interface{}) { + ret = append(ret, m.(*v1alpha1.NetworkPolicyRule)) + }) + return ret, err +} + +// NetworkPolicyRules returns an object that can list and get NetworkPolicyRules. +func (s *networkPolicyRuleLister) NetworkPolicyRules(namespace string) NetworkPolicyRuleNamespaceLister { + return networkPolicyRuleNamespaceLister{indexer: s.indexer, namespace: namespace} +} + +// NetworkPolicyRuleNamespaceLister helps list and get NetworkPolicyRules. +// All objects returned here must be treated as read-only. +type NetworkPolicyRuleNamespaceLister interface { + // List lists all NetworkPolicyRules in the indexer for a given namespace. + // Objects returned here must be treated as read-only. + List(selector labels.Selector) (ret []*v1alpha1.NetworkPolicyRule, err error) + // Get retrieves the NetworkPolicyRule from the indexer for a given namespace and name. + // Objects returned here must be treated as read-only. + Get(name string) (*v1alpha1.NetworkPolicyRule, error) + NetworkPolicyRuleNamespaceListerExpansion +} + +// networkPolicyRuleNamespaceLister implements the NetworkPolicyRuleNamespaceLister +// interface. +type networkPolicyRuleNamespaceLister struct { + indexer cache.Indexer + namespace string +} + +// List lists all NetworkPolicyRules in the indexer for a given namespace. +func (s networkPolicyRuleNamespaceLister) List(selector labels.Selector) (ret []*v1alpha1.NetworkPolicyRule, err error) { + err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) { + ret = append(ret, m.(*v1alpha1.NetworkPolicyRule)) + }) + return ret, err +} + +// Get retrieves the NetworkPolicyRule from the indexer for a given namespace and name. +func (s networkPolicyRuleNamespaceLister) Get(name string) (*v1alpha1.NetworkPolicyRule, error) { + obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name) + if err != nil { + return nil, err + } + if !exists { + return nil, errors.NewNotFound(v1alpha1.Resource("networkpolicyrule"), name) + } + return obj.(*v1alpha1.NetworkPolicyRule), nil +} diff --git a/client-go/openapi/api_violations.report b/client-go/openapi/api_violations.report index d538a9ce..824c8e2c 100644 --- a/client-go/openapi/api_violations.report +++ b/client-go/openapi/api_violations.report @@ -1,3 +1,4 @@ +API rule violation: list_type_missing,github.com/ironcore-dev/ironcore-net/api/core/v1alpha1,IPBlock,Except API rule violation: list_type_missing,github.com/ironcore-dev/ironcore-net/api/core/v1alpha1,InstanceAntiAffinity,RequiredDuringSchedulingIgnoredDuringExecution API rule violation: list_type_missing,github.com/ironcore-dev/ironcore-net/api/core/v1alpha1,InstanceSpec,IPs API rule violation: list_type_missing,github.com/ironcore-dev/ironcore-net/api/core/v1alpha1,InstanceSpec,LoadBalancerPorts @@ -16,12 +17,25 @@ API rule violation: list_type_missing,github.com/ironcore-dev/ironcore-net/api/c API rule violation: list_type_missing,github.com/ironcore-dev/ironcore-net/api/core/v1alpha1,NetworkInterfaceStatus,NATIPs API rule violation: list_type_missing,github.com/ironcore-dev/ironcore-net/api/core/v1alpha1,NetworkInterfaceStatus,Prefixes API rule violation: list_type_missing,github.com/ironcore-dev/ironcore-net/api/core/v1alpha1,NetworkInterfaceStatus,PublicIPs +API rule violation: list_type_missing,github.com/ironcore-dev/ironcore-net/api/core/v1alpha1,NetworkPolicyEgressRule,Ports +API rule violation: list_type_missing,github.com/ironcore-dev/ironcore-net/api/core/v1alpha1,NetworkPolicyEgressRule,To +API rule violation: list_type_missing,github.com/ironcore-dev/ironcore-net/api/core/v1alpha1,NetworkPolicyIngressRule,From +API rule violation: list_type_missing,github.com/ironcore-dev/ironcore-net/api/core/v1alpha1,NetworkPolicyIngressRule,Ports +API rule violation: list_type_missing,github.com/ironcore-dev/ironcore-net/api/core/v1alpha1,NetworkPolicyRule,EgressRules +API rule violation: list_type_missing,github.com/ironcore-dev/ironcore-net/api/core/v1alpha1,NetworkPolicyRule,IngressRules +API rule violation: list_type_missing,github.com/ironcore-dev/ironcore-net/api/core/v1alpha1,NetworkPolicyRule,Targets +API rule violation: list_type_missing,github.com/ironcore-dev/ironcore-net/api/core/v1alpha1,NetworkPolicySpec,Egress +API rule violation: list_type_missing,github.com/ironcore-dev/ironcore-net/api/core/v1alpha1,NetworkPolicySpec,Ingress +API rule violation: list_type_missing,github.com/ironcore-dev/ironcore-net/api/core/v1alpha1,NetworkPolicySpec,PolicyTypes API rule violation: list_type_missing,github.com/ironcore-dev/ironcore-net/api/core/v1alpha1,NetworkSpec,Peerings API rule violation: list_type_missing,github.com/ironcore-dev/ironcore-net/api/core/v1alpha1,NetworkStatus,Peerings API rule violation: list_type_missing,github.com/ironcore-dev/ironcore-net/api/core/v1alpha1,NodeSelector,NodeSelectorTerms API rule violation: list_type_missing,github.com/ironcore-dev/ironcore-net/api/core/v1alpha1,NodeSelectorRequirement,Values API rule violation: list_type_missing,github.com/ironcore-dev/ironcore-net/api/core/v1alpha1,NodeSelectorTerm,MatchExpressions API rule violation: list_type_missing,github.com/ironcore-dev/ironcore-net/api/core/v1alpha1,NodeSelectorTerm,MatchFields +API rule violation: list_type_missing,github.com/ironcore-dev/ironcore-net/api/core/v1alpha1,Rule,CIDRBlock +API rule violation: list_type_missing,github.com/ironcore-dev/ironcore-net/api/core/v1alpha1,Rule,NetworkPolicyPorts +API rule violation: list_type_missing,github.com/ironcore-dev/ironcore-net/api/core/v1alpha1,Rule,ObjectIPs API rule violation: list_type_missing,k8s.io/api/core/v1,AvoidPods,PreferAvoidPods API rule violation: list_type_missing,k8s.io/api/core/v1,Capabilities,Add API rule violation: list_type_missing,k8s.io/api/core/v1,Capabilities,Drop @@ -153,6 +167,10 @@ API rule violation: names_match,github.com/ironcore-dev/ironcore-net/api/core/v1 API rule violation: names_match,github.com/ironcore-dev/ironcore-net/api/core/v1alpha1,NATTable,IPs API rule violation: names_match,github.com/ironcore-dev/ironcore-net/api/core/v1alpha1,NetworkInterfaceSpec,IPs API rule violation: names_match,github.com/ironcore-dev/ironcore-net/api/core/v1alpha1,NetworkInterfaceSpec,NATs +API rule violation: names_match,github.com/ironcore-dev/ironcore-net/api/core/v1alpha1,NetworkPolicyRule,EgressRules +API rule violation: names_match,github.com/ironcore-dev/ironcore-net/api/core/v1alpha1,NetworkPolicyRule,IngressRules +API rule violation: names_match,github.com/ironcore-dev/ironcore-net/api/core/v1alpha1,Rule,CIDRBlock +API rule violation: names_match,github.com/ironcore-dev/ironcore-net/api/core/v1alpha1,Rule,ObjectIPs API rule violation: names_match,k8s.io/api/core/v1,AzureDiskVolumeSource,DataDiskURI API rule violation: names_match,k8s.io/api/core/v1,ContainerStatus,LastTerminationState API rule violation: names_match,k8s.io/api/core/v1,DaemonEndpoint,Port diff --git a/client-go/openapi/zz_generated.openapi.go b/client-go/openapi/zz_generated.openapi.go index f7b84e7d..de874ecd 100644 --- a/client-go/openapi/zz_generated.openapi.go +++ b/client-go/openapi/zz_generated.openapi.go @@ -30,6 +30,7 @@ func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenA "github.com/ironcore-dev/ironcore-net/api/core/v1alpha1.IPAddressClaimRef": schema_ironcore_net_api_core_v1alpha1_IPAddressClaimRef(ref), "github.com/ironcore-dev/ironcore-net/api/core/v1alpha1.IPAddressList": schema_ironcore_net_api_core_v1alpha1_IPAddressList(ref), "github.com/ironcore-dev/ironcore-net/api/core/v1alpha1.IPAddressSpec": schema_ironcore_net_api_core_v1alpha1_IPAddressSpec(ref), + "github.com/ironcore-dev/ironcore-net/api/core/v1alpha1.IPBlock": schema_ironcore_net_api_core_v1alpha1_IPBlock(ref), "github.com/ironcore-dev/ironcore-net/api/core/v1alpha1.IPClaimRef": schema_ironcore_net_api_core_v1alpha1_IPClaimRef(ref), "github.com/ironcore-dev/ironcore-net/api/core/v1alpha1.IPList": schema_ironcore_net_api_core_v1alpha1_IPList(ref), "github.com/ironcore-dev/ironcore-net/api/core/v1alpha1.IPSpec": schema_ironcore_net_api_core_v1alpha1_IPSpec(ref), @@ -51,6 +52,7 @@ func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenA "github.com/ironcore-dev/ironcore-net/api/core/v1alpha1.LoadBalancerSpec": schema_ironcore_net_api_core_v1alpha1_LoadBalancerSpec(ref), "github.com/ironcore-dev/ironcore-net/api/core/v1alpha1.LoadBalancerStatus": schema_ironcore_net_api_core_v1alpha1_LoadBalancerStatus(ref), "github.com/ironcore-dev/ironcore-net/api/core/v1alpha1.LoadBalancerTargetRef": schema_ironcore_net_api_core_v1alpha1_LoadBalancerTargetRef(ref), + "github.com/ironcore-dev/ironcore-net/api/core/v1alpha1.LocalUIDReference": schema_ironcore_net_api_core_v1alpha1_LocalUIDReference(ref), "github.com/ironcore-dev/ironcore-net/api/core/v1alpha1.NATGateway": schema_ironcore_net_api_core_v1alpha1_NATGateway(ref), "github.com/ironcore-dev/ironcore-net/api/core/v1alpha1.NATGatewayAutoscaler": schema_ironcore_net_api_core_v1alpha1_NATGatewayAutoscaler(ref), "github.com/ironcore-dev/ironcore-net/api/core/v1alpha1.NATGatewayAutoscalerList": schema_ironcore_net_api_core_v1alpha1_NATGatewayAutoscalerList(ref), @@ -80,6 +82,15 @@ func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenA "github.com/ironcore-dev/ironcore-net/api/core/v1alpha1.NetworkList": schema_ironcore_net_api_core_v1alpha1_NetworkList(ref), "github.com/ironcore-dev/ironcore-net/api/core/v1alpha1.NetworkPeering": schema_ironcore_net_api_core_v1alpha1_NetworkPeering(ref), "github.com/ironcore-dev/ironcore-net/api/core/v1alpha1.NetworkPeeringStatus": schema_ironcore_net_api_core_v1alpha1_NetworkPeeringStatus(ref), + "github.com/ironcore-dev/ironcore-net/api/core/v1alpha1.NetworkPolicy": schema_ironcore_net_api_core_v1alpha1_NetworkPolicy(ref), + "github.com/ironcore-dev/ironcore-net/api/core/v1alpha1.NetworkPolicyEgressRule": schema_ironcore_net_api_core_v1alpha1_NetworkPolicyEgressRule(ref), + "github.com/ironcore-dev/ironcore-net/api/core/v1alpha1.NetworkPolicyIngressRule": schema_ironcore_net_api_core_v1alpha1_NetworkPolicyIngressRule(ref), + "github.com/ironcore-dev/ironcore-net/api/core/v1alpha1.NetworkPolicyList": schema_ironcore_net_api_core_v1alpha1_NetworkPolicyList(ref), + "github.com/ironcore-dev/ironcore-net/api/core/v1alpha1.NetworkPolicyPeer": schema_ironcore_net_api_core_v1alpha1_NetworkPolicyPeer(ref), + "github.com/ironcore-dev/ironcore-net/api/core/v1alpha1.NetworkPolicyPort": schema_ironcore_net_api_core_v1alpha1_NetworkPolicyPort(ref), + "github.com/ironcore-dev/ironcore-net/api/core/v1alpha1.NetworkPolicyRule": schema_ironcore_net_api_core_v1alpha1_NetworkPolicyRule(ref), + "github.com/ironcore-dev/ironcore-net/api/core/v1alpha1.NetworkPolicyRuleList": schema_ironcore_net_api_core_v1alpha1_NetworkPolicyRuleList(ref), + "github.com/ironcore-dev/ironcore-net/api/core/v1alpha1.NetworkPolicySpec": schema_ironcore_net_api_core_v1alpha1_NetworkPolicySpec(ref), "github.com/ironcore-dev/ironcore-net/api/core/v1alpha1.NetworkSpec": schema_ironcore_net_api_core_v1alpha1_NetworkSpec(ref), "github.com/ironcore-dev/ironcore-net/api/core/v1alpha1.NetworkStatus": schema_ironcore_net_api_core_v1alpha1_NetworkStatus(ref), "github.com/ironcore-dev/ironcore-net/api/core/v1alpha1.Node": schema_ironcore_net_api_core_v1alpha1_Node(ref), @@ -90,7 +101,11 @@ func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenA "github.com/ironcore-dev/ironcore-net/api/core/v1alpha1.NodeSelectorTerm": schema_ironcore_net_api_core_v1alpha1_NodeSelectorTerm(ref), "github.com/ironcore-dev/ironcore-net/api/core/v1alpha1.NodeSpec": schema_ironcore_net_api_core_v1alpha1_NodeSpec(ref), "github.com/ironcore-dev/ironcore-net/api/core/v1alpha1.NodeStatus": schema_ironcore_net_api_core_v1alpha1_NodeStatus(ref), + "github.com/ironcore-dev/ironcore-net/api/core/v1alpha1.ObjectIP": schema_ironcore_net_api_core_v1alpha1_ObjectIP(ref), + "github.com/ironcore-dev/ironcore-net/api/core/v1alpha1.ObjectSelector": schema_ironcore_net_api_core_v1alpha1_ObjectSelector(ref), "github.com/ironcore-dev/ironcore-net/api/core/v1alpha1.PCIAddress": schema_ironcore_net_api_core_v1alpha1_PCIAddress(ref), + "github.com/ironcore-dev/ironcore-net/api/core/v1alpha1.Rule": schema_ironcore_net_api_core_v1alpha1_Rule(ref), + "github.com/ironcore-dev/ironcore-net/api/core/v1alpha1.TargetNetworkInterface": schema_ironcore_net_api_core_v1alpha1_TargetNetworkInterface(ref), "github.com/ironcore-dev/ironcore-net/api/core/v1alpha1.TopologySpreadConstraint": schema_ironcore_net_api_core_v1alpha1_TopologySpreadConstraint(ref), "github.com/ironcore-dev/ironcore-net/apimachinery/api/net.IP": schema_ironcore_net_apimachinery_api_net_IP(ref), "github.com/ironcore-dev/ironcore-net/apimachinery/api/net.IPPrefix": schema_ironcore_net_apimachinery_api_net_IPPrefix(ref), @@ -742,6 +757,41 @@ func schema_ironcore_net_api_core_v1alpha1_IPAddressSpec(ref common.ReferenceCal } } +func schema_ironcore_net_api_core_v1alpha1_IPBlock(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "IPBlock specifies an ip block with optional exceptions.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "cidr": { + SchemaProps: spec.SchemaProps{ + Description: "CIDR is a string representing the ip block.", + Ref: ref("github.com/ironcore-dev/ironcore-net/apimachinery/api/net.IPPrefix"), + }, + }, + "except": { + SchemaProps: spec.SchemaProps{ + Description: "Except is a slice of CIDRs that should not be included within the specified CIDR. Values will be rejected if they are outside CIDR.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Ref: ref("github.com/ironcore-dev/ironcore-net/apimachinery/api/net.IPPrefix"), + }, + }, + }, + }, + }, + }, + Required: []string{"cidr"}, + }, + }, + Dependencies: []string{ + "github.com/ironcore-dev/ironcore-net/apimachinery/api/net.IPPrefix"}, + } +} + func schema_ironcore_net_api_core_v1alpha1_IPClaimRef(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ @@ -1609,6 +1659,41 @@ func schema_ironcore_net_api_core_v1alpha1_LoadBalancerTargetRef(ref common.Refe } } +func schema_ironcore_net_api_core_v1alpha1_LocalUIDReference(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "LocalUIDReference is a reference to another entity including its UID", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "name": { + SchemaProps: spec.SchemaProps{ + Description: "Name is the name of the referenced entity.", + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + "uid": { + SchemaProps: spec.SchemaProps{ + Description: "UID is the UID of the referenced entity.", + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, + Required: []string{"name", "uid"}, + }, + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-map-type": "atomic", + }, + }, + }, + } +} + func schema_ironcore_net_api_core_v1alpha1_NATGateway(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ @@ -2826,28 +2911,77 @@ func schema_ironcore_net_api_core_v1alpha1_NetworkPeeringStatus(ref common.Refer } } -func schema_ironcore_net_api_core_v1alpha1_NetworkSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_ironcore_net_api_core_v1alpha1_NetworkPolicy(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Type: []string{"object"}, + Description: "NetworkPolicy is the Schema for the networkpolicies API.", + Type: []string{"object"}, Properties: map[string]spec.Schema{ - "id": { + "kind": { SchemaProps: spec.SchemaProps{ - Description: "ID is the ID of the network.", + Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", Type: []string{"string"}, Format: "", }, }, - "peerings": { + "apiVersion": { SchemaProps: spec.SchemaProps{ - Description: "Peerings are the network peerings with this network", + Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + Type: []string{"string"}, + Format: "", + }, + }, + "metadata": { + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + }, + }, + "spec": { + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/ironcore-dev/ironcore-net/api/core/v1alpha1.NetworkPolicySpec"), + }, + }, + }, + }, + }, + Dependencies: []string{ + "github.com/ironcore-dev/ironcore-net/api/core/v1alpha1.NetworkPolicySpec", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + } +} + +func schema_ironcore_net_api_core_v1alpha1_NetworkPolicyEgressRule(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "NetworkPolicyEgressRule describes a rule to regulate egress traffic with.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "ports": { + SchemaProps: spec.SchemaProps{ + Description: "Ports specifies the list of destination ports that can be called with this rule. Each item in this list is combined using a logical OR. Empty matches all ports. As soon as a single item is present, only these ports are allowed.", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("github.com/ironcore-dev/ironcore-net/api/core/v1alpha1.NetworkPeering"), + Ref: ref("github.com/ironcore-dev/ironcore-net/api/core/v1alpha1.NetworkPolicyPort"), + }, + }, + }, + }, + }, + "to": { + SchemaProps: spec.SchemaProps{ + Description: "To specifies the list of destinations which the selected network interfaces should be able to send traffic to. Fields are combined using a logical OR. Empty matches all destinations. As soon as a single item is present, only these peers are allowed.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/ironcore-dev/ironcore-net/api/core/v1alpha1.NetworkPolicyPeer"), }, }, }, @@ -2857,25 +2991,40 @@ func schema_ironcore_net_api_core_v1alpha1_NetworkSpec(ref common.ReferenceCallb }, }, Dependencies: []string{ - "github.com/ironcore-dev/ironcore-net/api/core/v1alpha1.NetworkPeering"}, + "github.com/ironcore-dev/ironcore-net/api/core/v1alpha1.NetworkPolicyPeer", "github.com/ironcore-dev/ironcore-net/api/core/v1alpha1.NetworkPolicyPort"}, } } -func schema_ironcore_net_api_core_v1alpha1_NetworkStatus(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_ironcore_net_api_core_v1alpha1_NetworkPolicyIngressRule(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Type: []string{"object"}, + Description: "NetworkPolicyIngressRule describes a rule to regulate ingress traffic with.", + Type: []string{"object"}, Properties: map[string]spec.Schema{ - "peerings": { + "from": { SchemaProps: spec.SchemaProps{ - Description: "Peerings contains the states of the network peerings for the network.", + Description: "From specifies the list of sources which should be able to send traffic to the selected network interfaces. Fields are combined using a logical OR. Empty matches all sources. As soon as a single item is present, only these peers are allowed.", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("github.com/ironcore-dev/ironcore-net/api/core/v1alpha1.NetworkPeeringStatus"), + Ref: ref("github.com/ironcore-dev/ironcore-net/api/core/v1alpha1.NetworkPolicyPeer"), + }, + }, + }, + }, + }, + "ports": { + SchemaProps: spec.SchemaProps{ + Description: "Ports specifies the list of ports which should be made accessible for this rule. Each item in this list is combined using a logical OR. Empty matches all ports. As soon as a single item is present, only these ports are allowed.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/ironcore-dev/ironcore-net/api/core/v1alpha1.NetworkPolicyPort"), }, }, }, @@ -2885,15 +3034,15 @@ func schema_ironcore_net_api_core_v1alpha1_NetworkStatus(ref common.ReferenceCal }, }, Dependencies: []string{ - "github.com/ironcore-dev/ironcore-net/api/core/v1alpha1.NetworkPeeringStatus"}, + "github.com/ironcore-dev/ironcore-net/api/core/v1alpha1.NetworkPolicyPeer", "github.com/ironcore-dev/ironcore-net/api/core/v1alpha1.NetworkPolicyPort"}, } } -func schema_ironcore_net_api_core_v1alpha1_Node(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_ironcore_net_api_core_v1alpha1_NetworkPolicyList(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "Node is the schema for the nodes API.", + Description: "NetworkPolicyList contains a list of NetworkPolicy.", Type: []string{"object"}, Properties: map[string]spec.Schema{ "kind": { @@ -2913,53 +3062,98 @@ func schema_ironcore_net_api_core_v1alpha1_Node(ref common.ReferenceCallback) co "metadata": { SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, - "spec": { + "items": { SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("github.com/ironcore-dev/ironcore-net/api/core/v1alpha1.NodeSpec"), + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/ironcore-dev/ironcore-net/api/core/v1alpha1.NetworkPolicy"), + }, + }, + }, }, }, - "status": { + }, + Required: []string{"items"}, + }, + }, + Dependencies: []string{ + "github.com/ironcore-dev/ironcore-net/api/core/v1alpha1.NetworkPolicy", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + } +} + +func schema_ironcore_net_api_core_v1alpha1_NetworkPolicyPeer(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "NetworkPolicyPeer describes a peer to allow traffic to / from.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "objectSelector": { SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("github.com/ironcore-dev/ironcore-net/api/core/v1alpha1.NodeStatus"), + Description: "ObjectSelector selects peers with the given kind matching the label selector. Exclusive with other peer specifiers.", + Ref: ref("github.com/ironcore-dev/ironcore-net/api/core/v1alpha1.ObjectSelector"), + }, + }, + "ipBlock": { + SchemaProps: spec.SchemaProps{ + Description: "IPBlock specifies the ip block from or to which network traffic may come.", + Ref: ref("github.com/ironcore-dev/ironcore-net/api/core/v1alpha1.IPBlock"), }, }, }, }, }, Dependencies: []string{ - "github.com/ironcore-dev/ironcore-net/api/core/v1alpha1.NodeSpec", "github.com/ironcore-dev/ironcore-net/api/core/v1alpha1.NodeStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + "github.com/ironcore-dev/ironcore-net/api/core/v1alpha1.IPBlock", "github.com/ironcore-dev/ironcore-net/api/core/v1alpha1.ObjectSelector"}, } } -func schema_ironcore_net_api_core_v1alpha1_NodeAffinity(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_ironcore_net_api_core_v1alpha1_NetworkPolicyPort(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Type: []string{"object"}, + Description: "NetworkPolicyPort describes a port to allow traffic on", + Type: []string{"object"}, Properties: map[string]spec.Schema{ - "requiredDuringSchedulingIgnoredDuringExecution": { + "protocol": { SchemaProps: spec.SchemaProps{ - Ref: ref("github.com/ironcore-dev/ironcore-net/api/core/v1alpha1.NodeSelector"), + Description: "Protocol (TCP, UDP, or SCTP) which traffic must match. If not specified, this field defaults to TCP.\n\nPossible enum values:\n - `\"SCTP\"` is the SCTP protocol.\n - `\"TCP\"` is the TCP protocol.\n - `\"UDP\"` is the UDP protocol.", + Type: []string{"string"}, + Format: "", + Enum: []interface{}{"SCTP", "TCP", "UDP"}, + }, + }, + "port": { + SchemaProps: spec.SchemaProps{ + Description: "The port on the given protocol. If this field is not provided, this matches all port names and numbers. If present, only traffic on the specified protocol AND port will be matched.", + Type: []string{"integer"}, + Format: "int32", + }, + }, + "endPort": { + SchemaProps: spec.SchemaProps{ + Description: "EndPort indicates that the range of ports from Port to EndPort, inclusive, should be allowed by the policy. This field cannot be defined if the port field is not defined. The endPort must be equal or greater than port.", + Type: []string{"integer"}, + Format: "int32", }, }, }, }, }, - Dependencies: []string{ - "github.com/ironcore-dev/ironcore-net/api/core/v1alpha1.NodeSelector"}, } } -func schema_ironcore_net_api_core_v1alpha1_NodeList(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_ironcore_net_api_core_v1alpha1_NetworkPolicyRule(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "NodeList contains a list of Node.", + Description: "NetworkPolicyRule is the schema for the networkpolicyrules API.", Type: []string{"object"}, Properties: map[string]spec.Schema{ "kind": { @@ -2979,89 +3173,438 @@ func schema_ironcore_net_api_core_v1alpha1_NodeList(ref common.ReferenceCallback "metadata": { SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, - "items": { + "networkRef": { SchemaProps: spec.SchemaProps{ - Type: []string{"array"}, + Description: "NetworkRef is the network the load balancer is assigned to.", + Default: map[string]interface{}{}, + Ref: ref("github.com/ironcore-dev/ironcore-net/api/core/v1alpha1.LocalUIDReference"), + }, + }, + "targets": { + SchemaProps: spec.SchemaProps{ + Description: "Targets are the targets of the network policy.", + Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("github.com/ironcore-dev/ironcore-net/api/core/v1alpha1.Node"), + Ref: ref("github.com/ironcore-dev/ironcore-net/api/core/v1alpha1.TargetNetworkInterface"), }, }, }, }, }, - }, - Required: []string{"items"}, - }, - }, - Dependencies: []string{ - "github.com/ironcore-dev/ironcore-net/api/core/v1alpha1.Node", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, - } -} - -func schema_ironcore_net_api_core_v1alpha1_NodeSelector(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "NodeSelector represents the union of the results of one or more queries over a set of nodes; that is, it represents the OR of the selectors represented by the node selector terms.", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "nodeSelectorTerms": { + "priority": { SchemaProps: spec.SchemaProps{ - Description: "Required. A list of node selector terms. The terms are ORed.", + Description: "Priority is an optional field that specifies the order in which the policy is applied.", + Type: []string{"integer"}, + Format: "int32", + }, + }, + "ingressRule": { + SchemaProps: spec.SchemaProps{ + Description: "IngressRules are the ingress rules.", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("github.com/ironcore-dev/ironcore-net/api/core/v1alpha1.NodeSelectorTerm"), + Ref: ref("github.com/ironcore-dev/ironcore-net/api/core/v1alpha1.Rule"), + }, + }, + }, + }, + }, + "egressRule": { + SchemaProps: spec.SchemaProps{ + Description: "EgressRules are the egress rules.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/ironcore-dev/ironcore-net/api/core/v1alpha1.Rule"), }, }, }, }, }, }, - Required: []string{"nodeSelectorTerms"}, + Required: []string{"networkRef"}, }, }, Dependencies: []string{ - "github.com/ironcore-dev/ironcore-net/api/core/v1alpha1.NodeSelectorTerm"}, + "github.com/ironcore-dev/ironcore-net/api/core/v1alpha1.LocalUIDReference", "github.com/ironcore-dev/ironcore-net/api/core/v1alpha1.Rule", "github.com/ironcore-dev/ironcore-net/api/core/v1alpha1.TargetNetworkInterface", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } -func schema_ironcore_net_api_core_v1alpha1_NodeSelectorRequirement(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_ironcore_net_api_core_v1alpha1_NetworkPolicyRuleList(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "NodeSelectorRequirement is a requirement for a selector. It's a combination of the key to match, the operator to match with, and zero to n values, depending on the operator.", + Description: "NetworkPolicyRulesList contains a list of NetworkPolicyRule.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "key": { + "kind": { SchemaProps: spec.SchemaProps{ - Description: "Key is the key the selector applies to.", - Default: "", + Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", Type: []string{"string"}, Format: "", }, }, - "operator": { + "apiVersion": { SchemaProps: spec.SchemaProps{ - Description: "Operator represents the key's relationship to the values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - Default: "", + Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", Type: []string{"string"}, Format: "", }, }, - "values": { + "metadata": { SchemaProps: spec.SchemaProps{ - Description: "Values are the values to relate the key to via the operator.", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ + Default: map[string]interface{}{}, + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + }, + }, + "items": { + SchemaProps: spec.SchemaProps{ + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/ironcore-dev/ironcore-net/api/core/v1alpha1.NetworkPolicyRule"), + }, + }, + }, + }, + }, + }, + Required: []string{"items"}, + }, + }, + Dependencies: []string{ + "github.com/ironcore-dev/ironcore-net/api/core/v1alpha1.NetworkPolicyRule", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + } +} + +func schema_ironcore_net_api_core_v1alpha1_NetworkPolicySpec(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "networkRef": { + SchemaProps: spec.SchemaProps{ + Description: "NetworkRef is the network to regulate using this policy.", + Default: map[string]interface{}{}, + Ref: ref("k8s.io/api/core/v1.LocalObjectReference"), + }, + }, + "networkInterfaceSelector": { + SchemaProps: spec.SchemaProps{ + Description: "NetworkInterfaceSelector selects the network interfaces that are subject to this policy.", + Default: map[string]interface{}{}, + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector"), + }, + }, + "priority": { + SchemaProps: spec.SchemaProps{ + Description: "Priority is an optional field that specifies the order in which the policy is applied. Policies with higher \"order\" are applied after those with lower order. If the order is omitted, it may be considered to be \"infinite\" - i.e. the policy will be applied last. Policies with identical order will be applied in alphanumerical order based on the Policy \"Name\".", + Type: []string{"integer"}, + Format: "int32", + }, + }, + "ingress": { + SchemaProps: spec.SchemaProps{ + Description: "Ingress specifies rules for ingress traffic.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/ironcore-dev/ironcore-net/api/core/v1alpha1.NetworkPolicyIngressRule"), + }, + }, + }, + }, + }, + "egress": { + SchemaProps: spec.SchemaProps{ + Description: "Egress specifies rules for egress traffic.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/ironcore-dev/ironcore-net/api/core/v1alpha1.NetworkPolicyEgressRule"), + }, + }, + }, + }, + }, + "policyTypes": { + SchemaProps: spec.SchemaProps{ + Description: "PolicyTypes specifies the types of policies this network policy contains.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, + }, + Required: []string{"networkRef", "networkInterfaceSelector"}, + }, + }, + Dependencies: []string{ + "github.com/ironcore-dev/ironcore-net/api/core/v1alpha1.NetworkPolicyEgressRule", "github.com/ironcore-dev/ironcore-net/api/core/v1alpha1.NetworkPolicyIngressRule", "k8s.io/api/core/v1.LocalObjectReference", "k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector"}, + } +} + +func schema_ironcore_net_api_core_v1alpha1_NetworkSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "id": { + SchemaProps: spec.SchemaProps{ + Description: "ID is the ID of the network.", + Type: []string{"string"}, + Format: "", + }, + }, + "peerings": { + SchemaProps: spec.SchemaProps{ + Description: "Peerings are the network peerings with this network", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/ironcore-dev/ironcore-net/api/core/v1alpha1.NetworkPeering"), + }, + }, + }, + }, + }, + }, + }, + }, + Dependencies: []string{ + "github.com/ironcore-dev/ironcore-net/api/core/v1alpha1.NetworkPeering"}, + } +} + +func schema_ironcore_net_api_core_v1alpha1_NetworkStatus(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "peerings": { + SchemaProps: spec.SchemaProps{ + Description: "Peerings contains the states of the network peerings for the network.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/ironcore-dev/ironcore-net/api/core/v1alpha1.NetworkPeeringStatus"), + }, + }, + }, + }, + }, + }, + }, + }, + Dependencies: []string{ + "github.com/ironcore-dev/ironcore-net/api/core/v1alpha1.NetworkPeeringStatus"}, + } +} + +func schema_ironcore_net_api_core_v1alpha1_Node(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "Node is the schema for the nodes API.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "kind": { + SchemaProps: spec.SchemaProps{ + Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + Type: []string{"string"}, + Format: "", + }, + }, + "apiVersion": { + SchemaProps: spec.SchemaProps{ + Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + Type: []string{"string"}, + Format: "", + }, + }, + "metadata": { + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + }, + }, + "spec": { + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/ironcore-dev/ironcore-net/api/core/v1alpha1.NodeSpec"), + }, + }, + "status": { + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/ironcore-dev/ironcore-net/api/core/v1alpha1.NodeStatus"), + }, + }, + }, + }, + }, + Dependencies: []string{ + "github.com/ironcore-dev/ironcore-net/api/core/v1alpha1.NodeSpec", "github.com/ironcore-dev/ironcore-net/api/core/v1alpha1.NodeStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + } +} + +func schema_ironcore_net_api_core_v1alpha1_NodeAffinity(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "requiredDuringSchedulingIgnoredDuringExecution": { + SchemaProps: spec.SchemaProps{ + Ref: ref("github.com/ironcore-dev/ironcore-net/api/core/v1alpha1.NodeSelector"), + }, + }, + }, + }, + }, + Dependencies: []string{ + "github.com/ironcore-dev/ironcore-net/api/core/v1alpha1.NodeSelector"}, + } +} + +func schema_ironcore_net_api_core_v1alpha1_NodeList(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "NodeList contains a list of Node.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "kind": { + SchemaProps: spec.SchemaProps{ + Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + Type: []string{"string"}, + Format: "", + }, + }, + "apiVersion": { + SchemaProps: spec.SchemaProps{ + Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + Type: []string{"string"}, + Format: "", + }, + }, + "metadata": { + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + }, + }, + "items": { + SchemaProps: spec.SchemaProps{ + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/ironcore-dev/ironcore-net/api/core/v1alpha1.Node"), + }, + }, + }, + }, + }, + }, + Required: []string{"items"}, + }, + }, + Dependencies: []string{ + "github.com/ironcore-dev/ironcore-net/api/core/v1alpha1.Node", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + } +} + +func schema_ironcore_net_api_core_v1alpha1_NodeSelector(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "NodeSelector represents the union of the results of one or more queries over a set of nodes; that is, it represents the OR of the selectors represented by the node selector terms.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "nodeSelectorTerms": { + SchemaProps: spec.SchemaProps{ + Description: "Required. A list of node selector terms. The terms are ORed.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/ironcore-dev/ironcore-net/api/core/v1alpha1.NodeSelectorTerm"), + }, + }, + }, + }, + }, + }, + Required: []string{"nodeSelectorTerms"}, + }, + }, + Dependencies: []string{ + "github.com/ironcore-dev/ironcore-net/api/core/v1alpha1.NodeSelectorTerm"}, + } +} + +func schema_ironcore_net_api_core_v1alpha1_NodeSelectorRequirement(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "NodeSelectorRequirement is a requirement for a selector. It's a combination of the key to match, the operator to match with, and zero to n values, depending on the operator.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "key": { + SchemaProps: spec.SchemaProps{ + Description: "Key is the key the selector applies to.", + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + "operator": { + SchemaProps: spec.SchemaProps{ + Description: "Operator represents the key's relationship to the values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + "values": { + SchemaProps: spec.SchemaProps{ + Description: "Values are the values to relate the key to via the operator.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: "", @@ -3142,6 +3685,88 @@ func schema_ironcore_net_api_core_v1alpha1_NodeStatus(ref common.ReferenceCallba } } +func schema_ironcore_net_api_core_v1alpha1_ObjectIP(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "ipFamily": { + SchemaProps: spec.SchemaProps{ + Description: "IPFamily is the IPFamily of the prefix. If unset but Prefix is set, this can be inferred.\n\nPossible enum values:\n - `\"\"` indicates that this IP is unknown protocol\n - `\"IPv4\"` indicates that this IP is IPv4 protocol\n - `\"IPv6\"` indicates that this IP is IPv6 protocol", + Type: []string{"string"}, + Format: "", + Enum: []interface{}{"", "IPv4", "IPv6"}, + }, + }, + "prefix": { + SchemaProps: spec.SchemaProps{ + Description: "Prefix is the prefix of the IP.", + Ref: ref("github.com/ironcore-dev/ironcore-net/apimachinery/api/net.IPPrefix"), + }, + }, + }, + }, + }, + Dependencies: []string{ + "github.com/ironcore-dev/ironcore-net/apimachinery/api/net.IPPrefix"}, + } +} + +func schema_ironcore_net_api_core_v1alpha1_ObjectSelector(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "ObjectSelector specifies how to select objects of a certain kind.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "kind": { + SchemaProps: spec.SchemaProps{ + Description: "Kind is the kind of object to select.", + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + "matchLabels": { + SchemaProps: spec.SchemaProps{ + Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + Type: []string{"object"}, + AdditionalProperties: &spec.SchemaOrBool{ + Allows: true, + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, + "matchExpressions": { + SchemaProps: spec.SchemaProps{ + Description: "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelectorRequirement"), + }, + }, + }, + }, + }, + }, + Required: []string{"kind"}, + }, + }, + Dependencies: []string{ + "k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelectorRequirement"}, + } +} + func schema_ironcore_net_api_core_v1alpha1_PCIAddress(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ @@ -3179,6 +3804,90 @@ func schema_ironcore_net_api_core_v1alpha1_PCIAddress(ref common.ReferenceCallba } } +func schema_ironcore_net_api_core_v1alpha1_Rule(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "ipBlock": { + SchemaProps: spec.SchemaProps{ + Description: "CIDRBlock specifies the CIDR block from which network traffic may come or go.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/ironcore-dev/ironcore-net/api/core/v1alpha1.IPBlock"), + }, + }, + }, + }, + }, + "ips": { + SchemaProps: spec.SchemaProps{ + Description: "ObjectIPs are the object IPs the rule applies to.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/ironcore-dev/ironcore-net/api/core/v1alpha1.ObjectIP"), + }, + }, + }, + }, + }, + "networkPolicyPorts": { + SchemaProps: spec.SchemaProps{ + Description: "NetworkPolicyPorts are the protocol type and ports.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/ironcore-dev/ironcore-net/api/core/v1alpha1.NetworkPolicyPort"), + }, + }, + }, + }, + }, + }, + }, + }, + Dependencies: []string{ + "github.com/ironcore-dev/ironcore-net/api/core/v1alpha1.IPBlock", "github.com/ironcore-dev/ironcore-net/api/core/v1alpha1.NetworkPolicyPort", "github.com/ironcore-dev/ironcore-net/api/core/v1alpha1.ObjectIP"}, + } +} + +func schema_ironcore_net_api_core_v1alpha1_TargetNetworkInterface(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "TargetNetworkInterface is the target of the network policy.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "ip": { + SchemaProps: spec.SchemaProps{ + Description: "IP is the IP address of the target network interface.", + Ref: ref("github.com/ironcore-dev/ironcore-net/apimachinery/api/net.IP"), + }, + }, + "targetRef": { + SchemaProps: spec.SchemaProps{ + Description: "TargetRef is the target providing the destination.", + Ref: ref("github.com/ironcore-dev/ironcore-net/api/core/v1alpha1.LocalUIDReference"), + }, + }, + }, + Required: []string{"ip"}, + }, + }, + Dependencies: []string{ + "github.com/ironcore-dev/ironcore-net/api/core/v1alpha1.LocalUIDReference", "github.com/ironcore-dev/ironcore-net/apimachinery/api/net.IP"}, + } +} + func schema_ironcore_net_api_core_v1alpha1_TopologySpreadConstraint(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ diff --git a/cmd/apinetlet/main.go b/cmd/apinetlet/main.go index 4c96bf5b..1262700f 100644 --- a/cmd/apinetlet/main.go +++ b/cmd/apinetlet/main.go @@ -210,6 +210,17 @@ func main() { os.Exit(1) } + if err = (&controllers.NetworkPolicyReconciler{ + Client: mgr.GetClient(), + APINetClient: apiNetCluster.GetClient(), + APINetInterface: apiNetIface, + APINetNamespace: apiNetNamespace, + WatchFilterValue: watchFilterValue, + }).SetupWithManager(mgr, apiNetCluster.GetCache()); err != nil { + setupLog.Error(err, "unable to create controller", "controller", "NetworkPolicy") + os.Exit(1) + } + if err = (&controllers.VirtualIPReconciler{ Client: mgr.GetClient(), APINetClient: apiNetCluster.GetClient(), diff --git a/cmd/controller-manager/main.go b/cmd/controller-manager/main.go index c1af5a08..fa4813e0 100644 --- a/cmd/controller-manager/main.go +++ b/cmd/controller-manager/main.go @@ -9,7 +9,9 @@ import ( "github.com/ironcore-dev/controller-utils/configutils" ironcorenetv1alpha1 "github.com/ironcore-dev/ironcore-net/api/core/v1alpha1" + apinetletclient "github.com/ironcore-dev/ironcore-net/apinetlet/client" apinetclient "github.com/ironcore-dev/ironcore-net/internal/client" + "github.com/ironcore-dev/ironcore-net/internal/controllers" ironcorenet "github.com/ironcore-dev/ironcore-net/internal/controllers/certificate/ironcore-net" "github.com/ironcore-dev/ironcore-net/internal/controllers/scheduler" @@ -117,6 +119,13 @@ func main() { os.Exit(1) } + if err = (&controllers.NetworkPolicyReconciler{ + Client: mgr.GetClient(), + }).SetupWithManager(mgr); err != nil { + setupLog.Error(err, "unable to create controller", "controller", "NetworkPolicy") + os.Exit(1) + } + if err = (&controllers.NATGatewayReconciler{ Client: mgr.GetClient(), EventRecorder: mgr.GetEventRecorderFor("natgateways"), @@ -172,6 +181,11 @@ func main() { os.Exit(1) } + if err := apinetletclient.SetupNetworkPolicyNetworkNameFieldIndexer(ctx, mgr.GetFieldIndexer()); err != nil { + setupLog.Error(err, "unable to setup field indexer", "field", apinetletclient.NetworkPolicyNetworkNameField) + os.Exit(1) + } + if err := mgr.AddHealthzCheck("healthz", healthz.Ping); err != nil { setupLog.Error(err, "unable to set up health check") os.Exit(1) diff --git a/config/apinetlet/apinet-rbac/role.yaml b/config/apinetlet/apinet-rbac/role.yaml index 4e95c338..0ee5289c 100644 --- a/config/apinetlet/apinet-rbac/role.yaml +++ b/config/apinetlet/apinet-rbac/role.yaml @@ -106,6 +106,32 @@ rules: - patch - update - watch +- apiGroups: + - core.apinet.ironcore.dev + resources: + - networkpolicies + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch +- apiGroups: + - core.apinet.ironcore.dev + resources: + - networkpolicyrules + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch - apiGroups: - core.apinet.ironcore.dev resources: diff --git a/config/apinetlet/rbac/role.yaml b/config/apinetlet/rbac/role.yaml index 7fc2bd65..5882c7d2 100644 --- a/config/apinetlet/rbac/role.yaml +++ b/config/apinetlet/rbac/role.yaml @@ -22,6 +22,22 @@ rules: - patch - update - watch +- apiGroups: + - core.apinet.ironcore.dev + resources: + - networkinterfaces + verbs: + - get + - list + - watch +- apiGroups: + - core.apinet.ironcore.dev + resources: + - networks + verbs: + - get + - list + - watch - apiGroups: - ipam.ironcore.dev resources: @@ -113,6 +129,23 @@ rules: - get - patch - update +- apiGroups: + - networking.ironcore.dev + resources: + - networkpolicies + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - networking.ironcore.dev + resources: + - networkpolicies/finalizers + verbs: + - patch + - update - apiGroups: - networking.ironcore.dev resources: diff --git a/config/apiserver/rbac/apinetlet_role.yaml b/config/apiserver/rbac/apinetlet_role.yaml index ad04c8da..d3f202c7 100644 --- a/config/apiserver/rbac/apinetlet_role.yaml +++ b/config/apiserver/rbac/apinetlet_role.yaml @@ -106,6 +106,32 @@ rules: - patch - update - watch +- apiGroups: + - core.apinet.ironcore.dev + resources: + - networkpolicies + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch +- apiGroups: + - core.apinet.ironcore.dev + resources: + - networkpolicyrules + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch - apiGroups: - core.apinet.ironcore.dev resources: diff --git a/config/apiserver/rbac/metalnetlet_role.yaml b/config/apiserver/rbac/metalnetlet_role.yaml index 02654ca5..e078cffb 100644 --- a/config/apiserver/rbac/metalnetlet_role.yaml +++ b/config/apiserver/rbac/metalnetlet_role.yaml @@ -120,6 +120,22 @@ rules: - get - patch - update +- apiGroups: + - core.apinet.ironcore.dev + resources: + - networkpolicies + verbs: + - get + - list + - watch +- apiGroups: + - core.apinet.ironcore.dev + resources: + - networkpolicyrules + verbs: + - get + - list + - watch - apiGroups: - core.apinet.ironcore.dev resources: diff --git a/config/controller/rbac/role.yaml b/config/controller/rbac/role.yaml index 307e29cf..8d7ebdb0 100644 --- a/config/controller/rbac/role.yaml +++ b/config/controller/rbac/role.yaml @@ -176,6 +176,26 @@ rules: - patch - update - watch +- apiGroups: + - core.apinet.ironcore.dev + resources: + - networkpolicies + verbs: + - get + - list + - watch +- apiGroups: + - core.apinet.ironcore.dev + resources: + - networkpolicyrules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - core.apinet.ironcore.dev resources: diff --git a/config/metalnetlet/apinet-rbac/role.yaml b/config/metalnetlet/apinet-rbac/role.yaml index 2d4a821d..21e20486 100644 --- a/config/metalnetlet/apinet-rbac/role.yaml +++ b/config/metalnetlet/apinet-rbac/role.yaml @@ -120,6 +120,22 @@ rules: - get - patch - update +- apiGroups: + - core.apinet.ironcore.dev + resources: + - networkpolicies + verbs: + - get + - list + - watch +- apiGroups: + - core.apinet.ironcore.dev + resources: + - networkpolicyrules + verbs: + - get + - list + - watch - apiGroups: - core.apinet.ironcore.dev resources: diff --git a/docs/api-reference/core.md b/docs/api-reference/core.md index 718f12bd..1c89e016 100644 --- a/docs/api-reference/core.md +++ b/docs/api-reference/core.md @@ -34,6 +34,10 @@ Resource Types:
  • NetworkInterface
  • +NetworkPolicy +
  • +NetworkPolicyRule +
  • Node

    • DaemonSet @@ -1354,6 +1358,257 @@ NetworkInterfaceStatus +

    NetworkPolicy +

    +
    +

    NetworkPolicy is the Schema for the networkpolicies API.

    +
    + + + + + + + + + + + + + + + + + + + + + + + + + +
    FieldDescription
    +apiVersion
    +string    		 + +core.apinet.ironcore.dev/v1alpha1 + +
    +kind
    +string +    		NetworkPolicy
    +metadata
    + + +Kubernetes meta/v1.ObjectMeta + + +    		 +Refer to the Kubernetes API documentation for the fields of the +metadata field. +
    +spec
    + + +NetworkPolicySpec + + +    		 +
    +
    + + + + + + + + + + + + + + + + + + + + + + + + + +
    +networkRef
    + + +Kubernetes core/v1.LocalObjectReference + + +    		 +

    NetworkRef is the network to regulate using this policy.

    +
    +networkInterfaceSelector
    + + +Kubernetes meta/v1.LabelSelector + + +    		 +

    NetworkInterfaceSelector selects the network interfaces that are subject to this policy.

    +
    +priority
    + +int32 + +    		 +

    Priority is an optional field that specifies the order in which the policy is applied. +Policies with higher “order” are applied after those with lower +order. If the order is omitted, it may be considered to be “infinite” - i.e. the +policy will be applied last. Policies with identical order will be applied in +alphanumerical order based on the Policy “Name”.

    +
    +ingress
    + + +[]NetworkPolicyIngressRule + + +    		 +

    Ingress specifies rules for ingress traffic.

    +
    +egress
    + + +[]NetworkPolicyEgressRule + + +    		 +

    Egress specifies rules for egress traffic.

    +
    +policyTypes
    + + +[]PolicyType + + +    		 +

    PolicyTypes specifies the types of policies this network policy contains.

    +
    +
    +

    NetworkPolicyRule +

    +
    +

    NetworkPolicyRule is the schema for the networkpolicyrules API.

    +
    + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    FieldDescription
    +apiVersion
    +string    		 + +core.apinet.ironcore.dev/v1alpha1 + +
    +kind
    +string +    		NetworkPolicyRule
    +metadata
    + + +Kubernetes meta/v1.ObjectMeta + + +    		 +Refer to the Kubernetes API documentation for the fields of the +metadata field. +
    +networkRef
    + + +LocalUIDReference + + +    		 +

    NetworkRef is the network the load balancer is assigned to.

    +
    +targets
    + + +[]TargetNetworkInterface + + +    		 +

    Targets are the targets of the network policy.

    +
    +priority
    + +int32 + +    		 +

    Priority is an optional field that specifies the order in which the policy is applied.

    +
    +ingressRule
    + + +[]Rule + + +    		 +

    IngressRules are the ingress rules.

    +
    +egressRule
    + + +[]Rule + + +    		 +

    EgressRules are the egress rules.

    +

    Node

    @@ -1649,6 +1904,51 @@ IPAddressClaimRef +

    IPBlock +

    +

    +(Appears on:NetworkPolicyPeer, Rule) +

    +
    +

    IPBlock specifies an ip block with optional exceptions.

    +
    + + + + + + + + + + + + + + + + + +
    FieldDescription
    +cidr
    + + +github.com/ironcore-dev/ironcore-net/apimachinery/api/net.IPPrefix + + +    		 +

    CIDR is a string representing the ip block.

    +
    +except
    + + +[]github.com/ironcore-dev/ironcore-net/apimachinery/api/net.IPPrefix + + +    		 +

    Except is a slice of CIDRs that should not be included within the specified CIDR. +Values will be rejected if they are outside CIDR.

    +

    IPClaimRef

    @@ -2568,12 +2868,13 @@ Kubernetes core/v1.LocalObjectReference -

    NATGatewayAutoscalerSpec +

    LocalUIDReference

    -(Appears on:NATGatewayAutoscaler) +(Appears on:NetworkPolicyRule)

    +

    LocalUIDReference is a reference to another entity including its UID

    @@ -2585,23 +2886,64 @@ Kubernetes core/v1.LocalObjectReference + + + +
    -natGatewayRef
    +name
    - -Kubernetes core/v1.LocalObjectReference - +string     		-

    NATGatewayRef points to the target NATGateway to scale.

    +

    Name is the name of the referenced entity.
    -minPublicIPs
    +uid
    -int32 - + +k8s.io/apimachinery/pkg/types.UID + + +    		 +

    UID is the UID of the referenced entity.

    +
    +

    NATGatewayAutoscalerSpec +

    +

    +(Appears on:NATGatewayAutoscaler) +

    +
    +
    + + + + + + + + + + + + + +
    FieldDescription
    +natGatewayRef
    + + +Kubernetes core/v1.LocalObjectReference + + +    		 +

    NATGatewayRef points to the target NATGateway to scale.

    +
    +minPublicIPs
    + +int32 +

    MinPublicIPs is the minimum number of public IPs to allocate for a NAT Gateway.

    @@ -3453,6 +3795,343 @@ NetworkPeeringState
    +

    NetworkPolicyEgressRule +

    +

    +(Appears on:NetworkPolicySpec) +

    +
    +

    NetworkPolicyEgressRule describes a rule to regulate egress traffic with.

    +
    + + + + + + + + + + + + + + + + + +
    FieldDescription
    +ports
    + + +[]NetworkPolicyPort + + +    		 +

    Ports specifies the list of destination ports that can be called with +this rule. Each item in this list is combined using a logical OR. Empty matches all ports. +As soon as a single item is present, only these ports are allowed.

    +
    +to
    + + +[]NetworkPolicyPeer + + +    		 +

    To specifies the list of destinations which the selected network interfaces should be +able to send traffic to. Fields are combined using a logical OR. Empty matches all destinations. +As soon as a single item is present, only these peers are allowed.

    +
    +

    NetworkPolicyIngressRule +

    +

    +(Appears on:NetworkPolicySpec) +

    +
    +

    NetworkPolicyIngressRule describes a rule to regulate ingress traffic with.

    +
    + + + + + + + + + + + + + + + + + +
    FieldDescription
    +from
    + + +[]NetworkPolicyPeer + + +    		 +

    From specifies the list of sources which should be able to send traffic to the +selected network interfaces. Fields are combined using a logical OR. Empty matches all sources. +As soon as a single item is present, only these peers are allowed.

    +
    +ports
    + + +[]NetworkPolicyPort + + +    		 +

    Ports specifies the list of ports which should be made accessible for +this rule. Each item in this list is combined using a logical OR. Empty matches all ports. +As soon as a single item is present, only these ports are allowed.

    +
    +

    NetworkPolicyPeer +

    +

    +(Appears on:NetworkPolicyEgressRule, NetworkPolicyIngressRule) +

    +
    +

    NetworkPolicyPeer describes a peer to allow traffic to / from.

    +
    + + + + + + + + + + + + + + + + + +
    FieldDescription
    +objectSelector
    + + +ObjectSelector + + +    		 +

    ObjectSelector selects peers with the given kind matching the label selector. +Exclusive with other peer specifiers.

    +
    +ipBlock
    + + +IPBlock + + +    		 +

    IPBlock specifies the ip block from or to which network traffic may come.

    +
    +

    NetworkPolicyPort +

    +

    +(Appears on:NetworkPolicyEgressRule, NetworkPolicyIngressRule, Rule) +

    +
    +

    NetworkPolicyPort describes a port to allow traffic on

    +
    + + + + + + + + + + + + + + + + + + + + + +
    FieldDescription
    +protocol
    + + +Kubernetes core/v1.Protocol + + +    		 +

    Protocol (TCP, UDP, or SCTP) which traffic must match. If not specified, this +field defaults to TCP.

    +
    +port
    + +int32 + +    		 +

    The port on the given protocol. If this field is not provided, this matches +all port names and numbers. +If present, only traffic on the specified protocol AND port will be matched.

    +
    +endPort
    + +int32 + +    		 +

    EndPort indicates that the range of ports from Port to EndPort, inclusive, +should be allowed by the policy. This field cannot be defined if the port field +is not defined. The endPort must be equal or greater than port.

    +
    +

    NetworkPolicySpec +

    +

    +(Appears on:NetworkPolicy) +

    +
    +
    + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    FieldDescription
    +networkRef
    + + +Kubernetes core/v1.LocalObjectReference + + +    		 +

    NetworkRef is the network to regulate using this policy.

    +
    +networkInterfaceSelector
    + + +Kubernetes meta/v1.LabelSelector + + +    		 +

    NetworkInterfaceSelector selects the network interfaces that are subject to this policy.

    +
    +priority
    + +int32 + +    		 +

    Priority is an optional field that specifies the order in which the policy is applied. +Policies with higher “order” are applied after those with lower +order. If the order is omitted, it may be considered to be “infinite” - i.e. the +policy will be applied last. Policies with identical order will be applied in +alphanumerical order based on the Policy “Name”.

    +
    +ingress
    + + +[]NetworkPolicyIngressRule + + +    		 +

    Ingress specifies rules for ingress traffic.

    +
    +egress
    + + +[]NetworkPolicyEgressRule + + +    		 +

    Egress specifies rules for egress traffic.

    +
    +policyTypes
    + + +[]PolicyType + + +    		 +

    PolicyTypes specifies the types of policies this network policy contains.

    +
    +

    NetworkPolicyTargetRef +

    +

    +(Appears on:TargetNetworkInterface) +

    +
    +
    + + + + + + + + + + + + + + + + + +
    FieldDescription
    +uid
    + + +k8s.io/apimachinery/pkg/types.UID + + +    		 +

    UID is the UID of the target.

    +
    +name
    + +string + +    		 +

    Name is the name of the target.

    +

    NetworkSpec

    @@ -3732,6 +4411,95 @@ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.

    +

    ObjectIP +

    +

    +(Appears on:Rule) +

    +
    +
    + + + + + + + + + + + + + + + + + +
    FieldDescription
    +ipFamily
    + + +Kubernetes core/v1.IPFamily + + +    		 +

    IPFamily is the IPFamily of the prefix. +If unset but Prefix is set, this can be inferred.

    +
    +prefix
    + + +github.com/ironcore-dev/ironcore-net/apimachinery/api/net.IPPrefix + + +    		 +

    Prefix is the prefix of the IP.

    +
    +

    ObjectSelector +

    +

    +(Appears on:NetworkPolicyPeer) +

    +
    +

    ObjectSelector specifies how to select objects of a certain kind.

    +
    + + + + + + + + + + + + + + + + + +
    FieldDescription
    +kind
    + +string + +    		 +

    Kind is the kind of object to select.

    +
    +LabelSelector
    + + +Kubernetes meta/v1.LabelSelector + + +    		 +

    +(Members of LabelSelector are embedded into this type.) +

    +

    LabelSelector is the label selector to select objects of the specified Kind by.

    +

    PCIAddress

    @@ -3790,6 +4558,129 @@ string +

    PolicyType +(string alias)

    +

    +(Appears on:NetworkPolicySpec) +

    +
    +

    PolicyType is a type of policy.

    +
    + + + + + + + + + + + + +
    ValueDescription

    "Egress"

    PolicyTypeEgress is a policy that describes egress traffic.

    +

    "Ingress"

    PolicyTypeIngress is a policy that describes ingress traffic.

    +
    +

    Rule +

    +

    +(Appears on:NetworkPolicyRule) +

    +
    +
    + + + + + + + + + + + + + + + + + + + + + +
    FieldDescription
    +ipBlock
    + + +[]IPBlock + + +    		 +

    CIDRBlock specifies the CIDR block from which network traffic may come or go.

    +
    +ips
    + + +[]ObjectIP + + +    		 +

    ObjectIPs are the object IPs the rule applies to.

    +
    +networkPolicyPorts
    + + +[]NetworkPolicyPort + + +    		 +

    NetworkPolicyPorts are the protocol type and ports.

    +
    +

    TargetNetworkInterface +

    +

    +(Appears on:NetworkPolicyRule) +

    +
    +

    TargetNetworkInterface is the target of the network policy.

    +
    + + + + + + + + + + + + + + + + + +
    FieldDescription
    +ip
    + + +github.com/ironcore-dev/ironcore-net/apimachinery/api/net.IP + + +    		 +

    IP is the IP address of the target network interface.

    +
    +targetRef
    + + +NetworkPolicyTargetRef + + +    		 +

    TargetRef is the target providing the destination.

    +

    TopologySpreadConstraint

    diff --git a/gen/swagger.json b/gen/swagger.json index ce628301..85b3cec8 100644 --- a/gen/swagger.json +++ b/gen/swagger.json @@ -37262,9 +37262,9 @@ } ] }, - "/apis/core.apinet.ironcore.dev/v1alpha1/namespaces/{namespace}/networks": { + "/apis/core.apinet.ironcore.dev/v1alpha1/namespaces/{namespace}/networkpolicies": { "get": { - "description": "list or watch objects of kind Network", + "description": "list or watch objects of kind NetworkPolicy", "consumes": [ "*/*" ], @@ -37279,7 +37279,7 @@ "tags": [ "coreApinetIroncoreDev_v1alpha1" ], - "operationId": "listCoreApinetIroncoreDevV1alpha1NamespacedNetwork", + "operationId": "listCoreApinetIroncoreDevV1alpha1NamespacedNetworkPolicy", "parameters": [ { "$ref": "#/parameters/allowWatchBookmarks-HC2hJt-J" @@ -37316,7 +37316,7 @@ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkList" + "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkPolicyList" } }, "401": { @@ -37326,12 +37326,12 @@ "x-kubernetes-action": "list", "x-kubernetes-group-version-kind": { "group": "core.apinet.ironcore.dev", - "kind": "Network", + "kind": "NetworkPolicy", "version": "v1alpha1" } }, "post": { - "description": "create a Network", + "description": "create a NetworkPolicy", "consumes": [ "*/*" ], @@ -37345,14 +37345,14 @@ "tags": [ "coreApinetIroncoreDev_v1alpha1" ], - "operationId": "createCoreApinetIroncoreDevV1alpha1NamespacedNetwork", + "operationId": "createCoreApinetIroncoreDevV1alpha1NamespacedNetworkPolicy", "parameters": [ { "name": "body", "in": "body", "required": true, "schema": { - "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Network" + "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkPolicy" } }, { @@ -37377,19 +37377,19 @@ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Network" + "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkPolicy" } }, "201": { "description": "Created", "schema": { - "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Network" + "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkPolicy" } }, "202": { "description": "Accepted", "schema": { - "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Network" + "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkPolicy" } }, "401": { @@ -37399,12 +37399,12 @@ "x-kubernetes-action": "post", "x-kubernetes-group-version-kind": { "group": "core.apinet.ironcore.dev", - "kind": "Network", + "kind": "NetworkPolicy", "version": "v1alpha1" } }, "delete": { - "description": "delete collection of Network", + "description": "delete collection of NetworkPolicy", "consumes": [ "*/*" ], @@ -37418,7 +37418,7 @@ "tags": [ "coreApinetIroncoreDev_v1alpha1" ], - "operationId": "deleteCoreApinetIroncoreDevV1alpha1CollectionNamespacedNetwork", + "operationId": "deleteCoreApinetIroncoreDevV1alpha1CollectionNamespacedNetworkPolicy", "parameters": [ { "$ref": "#/parameters/body-2Y1dVQaQ" @@ -37478,7 +37478,7 @@ "x-kubernetes-action": "deletecollection", "x-kubernetes-group-version-kind": { "group": "core.apinet.ironcore.dev", - "kind": "Network", + "kind": "NetworkPolicy", "version": "v1alpha1" } }, @@ -37491,9 +37491,9 @@ } ] }, - "/apis/core.apinet.ironcore.dev/v1alpha1/namespaces/{namespace}/networks/{name}": { + "/apis/core.apinet.ironcore.dev/v1alpha1/namespaces/{namespace}/networkpolicies/{name}": { "get": { - "description": "read the specified Network", + "description": "read the specified NetworkPolicy", "consumes": [ "*/*" ], @@ -37507,12 +37507,12 @@ "tags": [ "coreApinetIroncoreDev_v1alpha1" ], - "operationId": "readCoreApinetIroncoreDevV1alpha1NamespacedNetwork", + "operationId": "readCoreApinetIroncoreDevV1alpha1NamespacedNetworkPolicy", "responses": { "200": { "description": "OK", "schema": { - "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Network" + "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkPolicy" } }, "401": { @@ -37522,12 +37522,12 @@ "x-kubernetes-action": "get", "x-kubernetes-group-version-kind": { "group": "core.apinet.ironcore.dev", - "kind": "Network", + "kind": "NetworkPolicy", "version": "v1alpha1" } }, "put": { - "description": "replace the specified Network", + "description": "replace the specified NetworkPolicy", "consumes": [ "*/*" ], @@ -37541,14 +37541,14 @@ "tags": [ "coreApinetIroncoreDev_v1alpha1" ], - "operationId": "replaceCoreApinetIroncoreDevV1alpha1NamespacedNetwork", + "operationId": "replaceCoreApinetIroncoreDevV1alpha1NamespacedNetworkPolicy", "parameters": [ { "name": "body", "in": "body", "required": true, "schema": { - "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Network" + "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkPolicy" } }, { @@ -37573,13 +37573,13 @@ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Network" + "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkPolicy" } }, "201": { "description": "Created", "schema": { - "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Network" + "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkPolicy" } }, "401": { @@ -37589,12 +37589,12 @@ "x-kubernetes-action": "put", "x-kubernetes-group-version-kind": { "group": "core.apinet.ironcore.dev", - "kind": "Network", + "kind": "NetworkPolicy", "version": "v1alpha1" } }, "delete": { - "description": "delete a Network", + "description": "delete a NetworkPolicy", "consumes": [ "*/*" ], @@ -37608,7 +37608,7 @@ "tags": [ "coreApinetIroncoreDev_v1alpha1" ], - "operationId": "deleteCoreApinetIroncoreDevV1alpha1NamespacedNetwork", + "operationId": "deleteCoreApinetIroncoreDevV1alpha1NamespacedNetworkPolicy", "parameters": [ { "$ref": "#/parameters/body-2Y1dVQaQ" @@ -37650,12 +37650,12 @@ "x-kubernetes-action": "delete", "x-kubernetes-group-version-kind": { "group": "core.apinet.ironcore.dev", - "kind": "Network", + "kind": "NetworkPolicy", "version": "v1alpha1" } }, "patch": { - "description": "partially update the specified Network", + "description": "partially update the specified NetworkPolicy", "consumes": [ "application/json-patch+json", "application/merge-patch+json", @@ -37672,7 +37672,7 @@ "tags": [ "coreApinetIroncoreDev_v1alpha1" ], - "operationId": "patchCoreApinetIroncoreDevV1alpha1NamespacedNetwork", + "operationId": "patchCoreApinetIroncoreDevV1alpha1NamespacedNetworkPolicy", "parameters": [ { "$ref": "#/parameters/body-78PwaGsr" @@ -37702,13 +37702,13 @@ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Network" + "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkPolicy" } }, "201": { "description": "Created", "schema": { - "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Network" + "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkPolicy" } }, "401": { @@ -37718,7 +37718,7 @@ "x-kubernetes-action": "patch", "x-kubernetes-group-version-kind": { "group": "core.apinet.ironcore.dev", - "kind": "Network", + "kind": "NetworkPolicy", "version": "v1alpha1" } }, @@ -37726,7 +37726,7 @@ { "uniqueItems": true, "type": "string", - "description": "name of the Network", + "description": "name of the NetworkPolicy", "name": "name", "in": "path", "required": true @@ -37739,15 +37739,16 @@ } ] }, - "/apis/core.apinet.ironcore.dev/v1alpha1/namespaces/{namespace}/networks/{name}/status": { + "/apis/core.apinet.ironcore.dev/v1alpha1/namespaces/{namespace}/networkpolicyrules": { "get": { - "description": "read status of the specified Network", + "description": "list or watch objects of kind NetworkPolicyRule", "consumes": [ "*/*" ], "produces": [ "application/json", - "application/yaml" + "application/yaml", + "application/json;stream=watch" ], "schemes": [ "https" @@ -37755,27 +37756,59 @@ "tags": [ "coreApinetIroncoreDev_v1alpha1" ], - "operationId": "readCoreApinetIroncoreDevV1alpha1NamespacedNetworkStatus", + "operationId": "listCoreApinetIroncoreDevV1alpha1NamespacedNetworkPolicyRule", + "parameters": [ + { + "$ref": "#/parameters/allowWatchBookmarks-HC2hJt-J" + }, + { + "$ref": "#/parameters/continue-QfD61s0i" + }, + { + "$ref": "#/parameters/fieldSelector-xIcQKXFG" + }, + { + "$ref": "#/parameters/labelSelector-5Zw57w4C" + }, + { + "$ref": "#/parameters/limit-1NfNmdNH" + }, + { + "$ref": "#/parameters/resourceVersion-5WAnf1kx" + }, + { + "$ref": "#/parameters/resourceVersionMatch-t8XhRHeC" + }, + { + "$ref": "#/parameters/sendInitialEvents-rLXlEK_k" + }, + { + "$ref": "#/parameters/timeoutSeconds-yvYezaOC" + }, + { + "$ref": "#/parameters/watch-XNNPZGbK" + } + ], "responses": { "200": { "description": "OK", "schema": { - "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Network" + "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkPolicyRuleList" } }, "401": { "description": "Unauthorized" } }, - "x-kubernetes-action": "get", + "x-kubernetes-action": "list", "x-kubernetes-group-version-kind": { "group": "core.apinet.ironcore.dev", - "kind": "Network", + "kind": "NetworkPolicyRule", "version": "v1alpha1" } }, - "put": { - "description": "replace status of the specified Network", + "post": { + "description": "create a NetworkPolicyRule", "consumes": [ "*/*" ], @@ -37789,14 +37822,14 @@ "tags": [ "coreApinetIroncoreDev_v1alpha1" ], - "operationId": "replaceCoreApinetIroncoreDevV1alpha1NamespacedNetworkStatus", + "operationId": "createCoreApinetIroncoreDevV1alpha1NamespacedNetworkPolicyRule", "parameters": [ { "name": "body", "in": "body", "required": true, "schema": { - "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Network" + "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkPolicyRule" } }, { @@ -37821,33 +37854,36 @@ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Network" + "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkPolicyRule" } }, "201": { "description": "Created", "schema": { - "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Network" + "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkPolicyRule" + } + }, + "202": { + "description": "Accepted", + "schema": { + "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkPolicyRule" } }, "401": { "description": "Unauthorized" } }, - "x-kubernetes-action": "put", + "x-kubernetes-action": "post", "x-kubernetes-group-version-kind": { "group": "core.apinet.ironcore.dev", - "kind": "Network", + "kind": "NetworkPolicyRule", "version": "v1alpha1" } }, - "patch": { - "description": "partially update status of the specified Network", + "delete": { + "description": "delete collection of NetworkPolicyRule", "consumes": [ - "application/json-patch+json", - "application/merge-patch+json", - "application/strategic-merge-patch+json", - "application/apply-patch+yaml" + "*/*" ], "produces": [ "application/json", @@ -37859,10 +37895,13 @@ "tags": [ "coreApinetIroncoreDev_v1alpha1" ], - "operationId": "patchCoreApinetIroncoreDevV1alpha1NamespacedNetworkStatus", + "operationId": "deleteCoreApinetIroncoreDevV1alpha1CollectionNamespacedNetworkPolicyRule", "parameters": [ { - "$ref": "#/parameters/body-78PwaGsr" + "$ref": "#/parameters/body-2Y1dVQaQ" + }, + { + "$ref": "#/parameters/continue-QfD61s0i" }, { "uniqueItems": true, @@ -37872,52 +37911,55 @@ "in": "query" }, { - "$ref": "#/parameters/fieldManager-7c6nTn1T" + "$ref": "#/parameters/fieldSelector-xIcQKXFG" }, { - "uniqueItems": true, - "type": "string", - "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", - "name": "fieldValidation", - "in": "query" + "$ref": "#/parameters/gracePeriodSeconds--K5HaBOS" }, { - "$ref": "#/parameters/force-tOGGb0Yi" + "$ref": "#/parameters/labelSelector-5Zw57w4C" + }, + { + "$ref": "#/parameters/limit-1NfNmdNH" + }, + { + "$ref": "#/parameters/orphanDependents-uRB25kX5" + }, + { + "$ref": "#/parameters/propagationPolicy-6jk3prlO" + }, + { + "$ref": "#/parameters/resourceVersion-5WAnf1kx" + }, + { + "$ref": "#/parameters/resourceVersionMatch-t8XhRHeC" + }, + { + "$ref": "#/parameters/sendInitialEvents-rLXlEK_k" + }, + { + "$ref": "#/parameters/timeoutSeconds-yvYezaOC" } ], "responses": { "200": { "description": "OK", "schema": { - "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Network" - } - }, - "201": { - "description": "Created", - "schema": { - "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Network" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Status" } }, "401": { "description": "Unauthorized" } }, - "x-kubernetes-action": "patch", + "x-kubernetes-action": "deletecollection", "x-kubernetes-group-version-kind": { "group": "core.apinet.ironcore.dev", - "kind": "Network", + "kind": "NetworkPolicyRule", "version": "v1alpha1" } }, "parameters": [ - { - "uniqueItems": true, - "type": "string", - "description": "name of the Network", - "name": "name", - "in": "path", - "required": true - }, { "$ref": "#/parameters/namespace-vgWSWtn3" }, @@ -37926,16 +37968,15 @@ } ] }, - "/apis/core.apinet.ironcore.dev/v1alpha1/natgatewayautoscalers": { + "/apis/core.apinet.ironcore.dev/v1alpha1/namespaces/{namespace}/networkpolicyrules/{name}": { "get": { - "description": "list or watch objects of kind NATGatewayAutoscaler", + "description": "read the specified NetworkPolicyRule", "consumes": [ "*/*" ], "produces": [ "application/json", - "application/yaml", - "application/json;stream=watch" + "application/yaml" ], "schemes": [ "https" @@ -37943,71 +37984,33 @@ "tags": [ "coreApinetIroncoreDev_v1alpha1" ], - "operationId": "listCoreApinetIroncoreDevV1alpha1NATGatewayAutoscalerForAllNamespaces", + "operationId": "readCoreApinetIroncoreDevV1alpha1NamespacedNetworkPolicyRule", "responses": { "200": { "description": "OK", "schema": { - "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NATGatewayAutoscalerList" + "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkPolicyRule" } }, "401": { "description": "Unauthorized" } }, - "x-kubernetes-action": "list", + "x-kubernetes-action": "get", "x-kubernetes-group-version-kind": { "group": "core.apinet.ironcore.dev", - "kind": "NATGatewayAutoscaler", + "kind": "NetworkPolicyRule", "version": "v1alpha1" } }, - "parameters": [ - { - "$ref": "#/parameters/allowWatchBookmarks-HC2hJt-J" - }, - { - "$ref": "#/parameters/continue-QfD61s0i" - }, - { - "$ref": "#/parameters/fieldSelector-xIcQKXFG" - }, - { - "$ref": "#/parameters/labelSelector-5Zw57w4C" - }, - { - "$ref": "#/parameters/limit-1NfNmdNH" - }, - { - "$ref": "#/parameters/pretty-tJGM1-ng" - }, - { - "$ref": "#/parameters/resourceVersion-5WAnf1kx" - }, - { - "$ref": "#/parameters/resourceVersionMatch-t8XhRHeC" - }, - { - "$ref": "#/parameters/sendInitialEvents-rLXlEK_k" - }, - { - "$ref": "#/parameters/timeoutSeconds-yvYezaOC" - }, - { - "$ref": "#/parameters/watch-XNNPZGbK" - } - ] - }, - "/apis/core.apinet.ironcore.dev/v1alpha1/natgateways": { - "get": { - "description": "list or watch objects of kind NATGateway", + "put": { + "description": "replace the specified NetworkPolicyRule", "consumes": [ "*/*" ], "produces": [ "application/json", - "application/yaml", - "application/json;stream=watch" + "application/yaml" ], "schemes": [ "https" @@ -38015,71 +38018,130 @@ "tags": [ "coreApinetIroncoreDev_v1alpha1" ], - "operationId": "listCoreApinetIroncoreDevV1alpha1NATGatewayForAllNamespaces", + "operationId": "replaceCoreApinetIroncoreDevV1alpha1NamespacedNetworkPolicyRule", + "parameters": [ + { + "name": "body", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkPolicyRule" + } + }, + { + "uniqueItems": true, + "type": "string", + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "name": "dryRun", + "in": "query" + }, + { + "$ref": "#/parameters/fieldManager-Qy4HdaTW" + }, + { + "uniqueItems": true, + "type": "string", + "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", + "name": "fieldValidation", + "in": "query" + } + ], "responses": { "200": { "description": "OK", "schema": { - "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NATGatewayList" + "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkPolicyRule" } }, - "401": { - "description": "Unauthorized" - } - }, - "x-kubernetes-action": "list", + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkPolicyRule" + } + }, + "401": { + "description": "Unauthorized" + } + }, + "x-kubernetes-action": "put", "x-kubernetes-group-version-kind": { "group": "core.apinet.ironcore.dev", - "kind": "NATGateway", + "kind": "NetworkPolicyRule", "version": "v1alpha1" } }, - "parameters": [ - { - "$ref": "#/parameters/allowWatchBookmarks-HC2hJt-J" - }, - { - "$ref": "#/parameters/continue-QfD61s0i" - }, - { - "$ref": "#/parameters/fieldSelector-xIcQKXFG" - }, - { - "$ref": "#/parameters/labelSelector-5Zw57w4C" - }, - { - "$ref": "#/parameters/limit-1NfNmdNH" - }, - { - "$ref": "#/parameters/pretty-tJGM1-ng" - }, - { - "$ref": "#/parameters/resourceVersion-5WAnf1kx" - }, - { - "$ref": "#/parameters/resourceVersionMatch-t8XhRHeC" - }, - { - "$ref": "#/parameters/sendInitialEvents-rLXlEK_k" - }, - { - "$ref": "#/parameters/timeoutSeconds-yvYezaOC" + "delete": { + "description": "delete a NetworkPolicyRule", + "consumes": [ + "*/*" + ], + "produces": [ + "application/json", + "application/yaml" + ], + "schemes": [ + "https" + ], + "tags": [ + "coreApinetIroncoreDev_v1alpha1" + ], + "operationId": "deleteCoreApinetIroncoreDevV1alpha1NamespacedNetworkPolicyRule", + "parameters": [ + { + "$ref": "#/parameters/body-2Y1dVQaQ" + }, + { + "uniqueItems": true, + "type": "string", + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "name": "dryRun", + "in": "query" + }, + { + "$ref": "#/parameters/gracePeriodSeconds--K5HaBOS" + }, + { + "$ref": "#/parameters/orphanDependents-uRB25kX5" + }, + { + "$ref": "#/parameters/propagationPolicy-6jk3prlO" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + } + }, + "202": { + "description": "Accepted", + "schema": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + } + }, + "401": { + "description": "Unauthorized" + } }, - { - "$ref": "#/parameters/watch-XNNPZGbK" + "x-kubernetes-action": "delete", + "x-kubernetes-group-version-kind": { + "group": "core.apinet.ironcore.dev", + "kind": "NetworkPolicyRule", + "version": "v1alpha1" } - ] - }, - "/apis/core.apinet.ironcore.dev/v1alpha1/nattables": { - "get": { - "description": "list or watch objects of kind NATTable", + }, + "patch": { + "description": "partially update the specified NetworkPolicyRule", "consumes": [ - "*/*" + "application/json-patch+json", + "application/merge-patch+json", + "application/strategic-merge-patch+json", + "application/apply-patch+yaml" ], "produces": [ "application/json", - "application/yaml", - "application/json;stream=watch" + "application/yaml" ], "schemes": [ "https" @@ -38087,64 +38149,76 @@ "tags": [ "coreApinetIroncoreDev_v1alpha1" ], - "operationId": "listCoreApinetIroncoreDevV1alpha1NATTableForAllNamespaces", + "operationId": "patchCoreApinetIroncoreDevV1alpha1NamespacedNetworkPolicyRule", + "parameters": [ + { + "$ref": "#/parameters/body-78PwaGsr" + }, + { + "uniqueItems": true, + "type": "string", + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "name": "dryRun", + "in": "query" + }, + { + "$ref": "#/parameters/fieldManager-7c6nTn1T" + }, + { + "uniqueItems": true, + "type": "string", + "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", + "name": "fieldValidation", + "in": "query" + }, + { + "$ref": "#/parameters/force-tOGGb0Yi" + } + ], "responses": { "200": { "description": "OK", "schema": { - "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NATTableList" + "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkPolicyRule" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkPolicyRule" } }, "401": { "description": "Unauthorized" } }, - "x-kubernetes-action": "list", + "x-kubernetes-action": "patch", "x-kubernetes-group-version-kind": { "group": "core.apinet.ironcore.dev", - "kind": "NATTable", + "kind": "NetworkPolicyRule", "version": "v1alpha1" } }, "parameters": [ { - "$ref": "#/parameters/allowWatchBookmarks-HC2hJt-J" - }, - { - "$ref": "#/parameters/continue-QfD61s0i" - }, - { - "$ref": "#/parameters/fieldSelector-xIcQKXFG" - }, - { - "$ref": "#/parameters/labelSelector-5Zw57w4C" + "uniqueItems": true, + "type": "string", + "description": "name of the NetworkPolicyRule", + "name": "name", + "in": "path", + "required": true }, { - "$ref": "#/parameters/limit-1NfNmdNH" + "$ref": "#/parameters/namespace-vgWSWtn3" }, { "$ref": "#/parameters/pretty-tJGM1-ng" - }, - { - "$ref": "#/parameters/resourceVersion-5WAnf1kx" - }, - { - "$ref": "#/parameters/resourceVersionMatch-t8XhRHeC" - }, - { - "$ref": "#/parameters/sendInitialEvents-rLXlEK_k" - }, - { - "$ref": "#/parameters/timeoutSeconds-yvYezaOC" - }, - { - "$ref": "#/parameters/watch-XNNPZGbK" } ] }, - "/apis/core.apinet.ironcore.dev/v1alpha1/networkids": { + "/apis/core.apinet.ironcore.dev/v1alpha1/namespaces/{namespace}/networks": { "get": { - "description": "list or watch objects of kind NetworkID", + "description": "list or watch objects of kind Network", "consumes": [ "*/*" ], @@ -38159,7 +38233,7 @@ "tags": [ "coreApinetIroncoreDev_v1alpha1" ], - "operationId": "listCoreApinetIroncoreDevV1alpha1NetworkID", + "operationId": "listCoreApinetIroncoreDevV1alpha1NamespacedNetwork", "parameters": [ { "$ref": "#/parameters/allowWatchBookmarks-HC2hJt-J" @@ -38196,7 +38270,7 @@ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkIDList" + "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkList" } }, "401": { @@ -38206,12 +38280,12 @@ "x-kubernetes-action": "list", "x-kubernetes-group-version-kind": { "group": "core.apinet.ironcore.dev", - "kind": "NetworkID", + "kind": "Network", "version": "v1alpha1" } }, "post": { - "description": "create a NetworkID", + "description": "create a Network", "consumes": [ "*/*" ], @@ -38225,14 +38299,14 @@ "tags": [ "coreApinetIroncoreDev_v1alpha1" ], - "operationId": "createCoreApinetIroncoreDevV1alpha1NetworkID", + "operationId": "createCoreApinetIroncoreDevV1alpha1NamespacedNetwork", "parameters": [ { "name": "body", "in": "body", "required": true, "schema": { - "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkID" + "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Network" } }, { @@ -38257,19 +38331,19 @@ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkID" + "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Network" } }, "201": { "description": "Created", "schema": { - "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkID" + "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Network" } }, "202": { "description": "Accepted", "schema": { - "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkID" + "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Network" } }, "401": { @@ -38279,12 +38353,12 @@ "x-kubernetes-action": "post", "x-kubernetes-group-version-kind": { "group": "core.apinet.ironcore.dev", - "kind": "NetworkID", + "kind": "Network", "version": "v1alpha1" } }, "delete": { - "description": "delete collection of NetworkID", + "description": "delete collection of Network", "consumes": [ "*/*" ], @@ -38298,7 +38372,7 @@ "tags": [ "coreApinetIroncoreDev_v1alpha1" ], - "operationId": "deleteCoreApinetIroncoreDevV1alpha1CollectionNetworkID", + "operationId": "deleteCoreApinetIroncoreDevV1alpha1CollectionNamespacedNetwork", "parameters": [ { "$ref": "#/parameters/body-2Y1dVQaQ" @@ -38358,19 +38432,22 @@ "x-kubernetes-action": "deletecollection", "x-kubernetes-group-version-kind": { "group": "core.apinet.ironcore.dev", - "kind": "NetworkID", + "kind": "Network", "version": "v1alpha1" } }, "parameters": [ + { + "$ref": "#/parameters/namespace-vgWSWtn3" + }, { "$ref": "#/parameters/pretty-tJGM1-ng" } ] }, - "/apis/core.apinet.ironcore.dev/v1alpha1/networkids/{name}": { + "/apis/core.apinet.ironcore.dev/v1alpha1/namespaces/{namespace}/networks/{name}": { "get": { - "description": "read the specified NetworkID", + "description": "read the specified Network", "consumes": [ "*/*" ], @@ -38384,12 +38461,12 @@ "tags": [ "coreApinetIroncoreDev_v1alpha1" ], - "operationId": "readCoreApinetIroncoreDevV1alpha1NetworkID", + "operationId": "readCoreApinetIroncoreDevV1alpha1NamespacedNetwork", "responses": { "200": { "description": "OK", "schema": { - "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkID" + "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Network" } }, "401": { @@ -38399,12 +38476,12 @@ "x-kubernetes-action": "get", "x-kubernetes-group-version-kind": { "group": "core.apinet.ironcore.dev", - "kind": "NetworkID", + "kind": "Network", "version": "v1alpha1" } }, "put": { - "description": "replace the specified NetworkID", + "description": "replace the specified Network", "consumes": [ "*/*" ], @@ -38418,14 +38495,14 @@ "tags": [ "coreApinetIroncoreDev_v1alpha1" ], - "operationId": "replaceCoreApinetIroncoreDevV1alpha1NetworkID", + "operationId": "replaceCoreApinetIroncoreDevV1alpha1NamespacedNetwork", "parameters": [ { "name": "body", "in": "body", "required": true, "schema": { - "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkID" + "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Network" } }, { @@ -38450,13 +38527,13 @@ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkID" + "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Network" } }, "201": { "description": "Created", "schema": { - "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkID" + "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Network" } }, "401": { @@ -38466,12 +38543,12 @@ "x-kubernetes-action": "put", "x-kubernetes-group-version-kind": { "group": "core.apinet.ironcore.dev", - "kind": "NetworkID", + "kind": "Network", "version": "v1alpha1" } }, "delete": { - "description": "delete a NetworkID", + "description": "delete a Network", "consumes": [ "*/*" ], @@ -38485,7 +38562,7 @@ "tags": [ "coreApinetIroncoreDev_v1alpha1" ], - "operationId": "deleteCoreApinetIroncoreDevV1alpha1NetworkID", + "operationId": "deleteCoreApinetIroncoreDevV1alpha1NamespacedNetwork", "parameters": [ { "$ref": "#/parameters/body-2Y1dVQaQ" @@ -38527,12 +38604,12 @@ "x-kubernetes-action": "delete", "x-kubernetes-group-version-kind": { "group": "core.apinet.ironcore.dev", - "kind": "NetworkID", + "kind": "Network", "version": "v1alpha1" } }, "patch": { - "description": "partially update the specified NetworkID", + "description": "partially update the specified Network", "consumes": [ "application/json-patch+json", "application/merge-patch+json", @@ -38549,7 +38626,7 @@ "tags": [ "coreApinetIroncoreDev_v1alpha1" ], - "operationId": "patchCoreApinetIroncoreDevV1alpha1NetworkID", + "operationId": "patchCoreApinetIroncoreDevV1alpha1NamespacedNetwork", "parameters": [ { "$ref": "#/parameters/body-78PwaGsr" @@ -38579,13 +38656,13 @@ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkID" + "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Network" } }, "201": { "description": "Created", "schema": { - "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkID" + "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Network" } }, "401": { @@ -38595,7 +38672,7 @@ "x-kubernetes-action": "patch", "x-kubernetes-group-version-kind": { "group": "core.apinet.ironcore.dev", - "kind": "NetworkID", + "kind": "Network", "version": "v1alpha1" } }, @@ -38603,19 +38680,209 @@ { "uniqueItems": true, "type": "string", - "description": "name of the NetworkID", + "description": "name of the Network", "name": "name", "in": "path", "required": true }, { - "$ref": "#/parameters/pretty-tJGM1-ng" - } + "$ref": "#/parameters/namespace-vgWSWtn3" + }, + { + "$ref": "#/parameters/pretty-tJGM1-ng" + } ] }, - "/apis/core.apinet.ironcore.dev/v1alpha1/networkinterfaces": { + "/apis/core.apinet.ironcore.dev/v1alpha1/namespaces/{namespace}/networks/{name}/status": { "get": { - "description": "list or watch objects of kind NetworkInterface", + "description": "read status of the specified Network", + "consumes": [ + "*/*" + ], + "produces": [ + "application/json", + "application/yaml" + ], + "schemes": [ + "https" + ], + "tags": [ + "coreApinetIroncoreDev_v1alpha1" + ], + "operationId": "readCoreApinetIroncoreDevV1alpha1NamespacedNetworkStatus", + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Network" + } + }, + "401": { + "description": "Unauthorized" + } + }, + "x-kubernetes-action": "get", + "x-kubernetes-group-version-kind": { + "group": "core.apinet.ironcore.dev", + "kind": "Network", + "version": "v1alpha1" + } + }, + "put": { + "description": "replace status of the specified Network", + "consumes": [ + "*/*" + ], + "produces": [ + "application/json", + "application/yaml" + ], + "schemes": [ + "https" + ], + "tags": [ + "coreApinetIroncoreDev_v1alpha1" + ], + "operationId": "replaceCoreApinetIroncoreDevV1alpha1NamespacedNetworkStatus", + "parameters": [ + { + "name": "body", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Network" + } + }, + { + "uniqueItems": true, + "type": "string", + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "name": "dryRun", + "in": "query" + }, + { + "$ref": "#/parameters/fieldManager-Qy4HdaTW" + }, + { + "uniqueItems": true, + "type": "string", + "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", + "name": "fieldValidation", + "in": "query" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Network" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Network" + } + }, + "401": { + "description": "Unauthorized" + } + }, + "x-kubernetes-action": "put", + "x-kubernetes-group-version-kind": { + "group": "core.apinet.ironcore.dev", + "kind": "Network", + "version": "v1alpha1" + } + }, + "patch": { + "description": "partially update status of the specified Network", + "consumes": [ + "application/json-patch+json", + "application/merge-patch+json", + "application/strategic-merge-patch+json", + "application/apply-patch+yaml" + ], + "produces": [ + "application/json", + "application/yaml" + ], + "schemes": [ + "https" + ], + "tags": [ + "coreApinetIroncoreDev_v1alpha1" + ], + "operationId": "patchCoreApinetIroncoreDevV1alpha1NamespacedNetworkStatus", + "parameters": [ + { + "$ref": "#/parameters/body-78PwaGsr" + }, + { + "uniqueItems": true, + "type": "string", + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "name": "dryRun", + "in": "query" + }, + { + "$ref": "#/parameters/fieldManager-7c6nTn1T" + }, + { + "uniqueItems": true, + "type": "string", + "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", + "name": "fieldValidation", + "in": "query" + }, + { + "$ref": "#/parameters/force-tOGGb0Yi" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Network" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Network" + } + }, + "401": { + "description": "Unauthorized" + } + }, + "x-kubernetes-action": "patch", + "x-kubernetes-group-version-kind": { + "group": "core.apinet.ironcore.dev", + "kind": "Network", + "version": "v1alpha1" + } + }, + "parameters": [ + { + "uniqueItems": true, + "type": "string", + "description": "name of the Network", + "name": "name", + "in": "path", + "required": true + }, + { + "$ref": "#/parameters/namespace-vgWSWtn3" + }, + { + "$ref": "#/parameters/pretty-tJGM1-ng" + } + ] + }, + "/apis/core.apinet.ironcore.dev/v1alpha1/natgatewayautoscalers": { + "get": { + "description": "list or watch objects of kind NATGatewayAutoscaler", "consumes": [ "*/*" ], @@ -38630,12 +38897,12 @@ "tags": [ "coreApinetIroncoreDev_v1alpha1" ], - "operationId": "listCoreApinetIroncoreDevV1alpha1NetworkInterfaceForAllNamespaces", + "operationId": "listCoreApinetIroncoreDevV1alpha1NATGatewayAutoscalerForAllNamespaces", "responses": { "200": { "description": "OK", "schema": { - "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkInterfaceList" + "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NATGatewayAutoscalerList" } }, "401": { @@ -38645,7 +38912,7 @@ "x-kubernetes-action": "list", "x-kubernetes-group-version-kind": { "group": "core.apinet.ironcore.dev", - "kind": "NetworkInterface", + "kind": "NATGatewayAutoscaler", "version": "v1alpha1" } }, @@ -38685,9 +38952,9 @@ } ] }, - "/apis/core.apinet.ironcore.dev/v1alpha1/networks": { + "/apis/core.apinet.ironcore.dev/v1alpha1/natgateways": { "get": { - "description": "list or watch objects of kind Network", + "description": "list or watch objects of kind NATGateway", "consumes": [ "*/*" ], @@ -38702,12 +38969,12 @@ "tags": [ "coreApinetIroncoreDev_v1alpha1" ], - "operationId": "listCoreApinetIroncoreDevV1alpha1NetworkForAllNamespaces", + "operationId": "listCoreApinetIroncoreDevV1alpha1NATGatewayForAllNamespaces", "responses": { "200": { "description": "OK", "schema": { - "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkList" + "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NATGatewayList" } }, "401": { @@ -38717,7 +38984,7 @@ "x-kubernetes-action": "list", "x-kubernetes-group-version-kind": { "group": "core.apinet.ironcore.dev", - "kind": "Network", + "kind": "NATGateway", "version": "v1alpha1" } }, @@ -38757,9 +39024,9 @@ } ] }, - "/apis/core.apinet.ironcore.dev/v1alpha1/nodes": { + "/apis/core.apinet.ironcore.dev/v1alpha1/nattables": { "get": { - "description": "list or watch objects of kind Node", + "description": "list or watch objects of kind NATTable", "consumes": [ "*/*" ], @@ -38774,44 +39041,12 @@ "tags": [ "coreApinetIroncoreDev_v1alpha1" ], - "operationId": "listCoreApinetIroncoreDevV1alpha1Node", - "parameters": [ - { - "$ref": "#/parameters/allowWatchBookmarks-HC2hJt-J" - }, - { - "$ref": "#/parameters/continue-QfD61s0i" - }, - { - "$ref": "#/parameters/fieldSelector-xIcQKXFG" - }, - { - "$ref": "#/parameters/labelSelector-5Zw57w4C" - }, - { - "$ref": "#/parameters/limit-1NfNmdNH" - }, - { - "$ref": "#/parameters/resourceVersion-5WAnf1kx" - }, - { - "$ref": "#/parameters/resourceVersionMatch-t8XhRHeC" - }, - { - "$ref": "#/parameters/sendInitialEvents-rLXlEK_k" - }, - { - "$ref": "#/parameters/timeoutSeconds-yvYezaOC" - }, - { - "$ref": "#/parameters/watch-XNNPZGbK" - } - ], + "operationId": "listCoreApinetIroncoreDevV1alpha1NATTableForAllNamespaces", "responses": { "200": { "description": "OK", "schema": { - "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NodeList" + "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NATTableList" } }, "401": { @@ -38821,12 +39056,116 @@ "x-kubernetes-action": "list", "x-kubernetes-group-version-kind": { "group": "core.apinet.ironcore.dev", - "kind": "Node", + "kind": "NATTable", "version": "v1alpha1" } }, - "post": { - "description": "create a Node", + "parameters": [ + { + "$ref": "#/parameters/allowWatchBookmarks-HC2hJt-J" + }, + { + "$ref": "#/parameters/continue-QfD61s0i" + }, + { + "$ref": "#/parameters/fieldSelector-xIcQKXFG" + }, + { + "$ref": "#/parameters/labelSelector-5Zw57w4C" + }, + { + "$ref": "#/parameters/limit-1NfNmdNH" + }, + { + "$ref": "#/parameters/pretty-tJGM1-ng" + }, + { + "$ref": "#/parameters/resourceVersion-5WAnf1kx" + }, + { + "$ref": "#/parameters/resourceVersionMatch-t8XhRHeC" + }, + { + "$ref": "#/parameters/sendInitialEvents-rLXlEK_k" + }, + { + "$ref": "#/parameters/timeoutSeconds-yvYezaOC" + }, + { + "$ref": "#/parameters/watch-XNNPZGbK" + } + ] + }, + "/apis/core.apinet.ironcore.dev/v1alpha1/networkids": { + "get": { + "description": "list or watch objects of kind NetworkID", + "consumes": [ + "*/*" + ], + "produces": [ + "application/json", + "application/yaml", + "application/json;stream=watch" + ], + "schemes": [ + "https" + ], + "tags": [ + "coreApinetIroncoreDev_v1alpha1" + ], + "operationId": "listCoreApinetIroncoreDevV1alpha1NetworkID", + "parameters": [ + { + "$ref": "#/parameters/allowWatchBookmarks-HC2hJt-J" + }, + { + "$ref": "#/parameters/continue-QfD61s0i" + }, + { + "$ref": "#/parameters/fieldSelector-xIcQKXFG" + }, + { + "$ref": "#/parameters/labelSelector-5Zw57w4C" + }, + { + "$ref": "#/parameters/limit-1NfNmdNH" + }, + { + "$ref": "#/parameters/resourceVersion-5WAnf1kx" + }, + { + "$ref": "#/parameters/resourceVersionMatch-t8XhRHeC" + }, + { + "$ref": "#/parameters/sendInitialEvents-rLXlEK_k" + }, + { + "$ref": "#/parameters/timeoutSeconds-yvYezaOC" + }, + { + "$ref": "#/parameters/watch-XNNPZGbK" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkIDList" + } + }, + "401": { + "description": "Unauthorized" + } + }, + "x-kubernetes-action": "list", + "x-kubernetes-group-version-kind": { + "group": "core.apinet.ironcore.dev", + "kind": "NetworkID", + "version": "v1alpha1" + } + }, + "post": { + "description": "create a NetworkID", "consumes": [ "*/*" ], @@ -38840,14 +39179,14 @@ "tags": [ "coreApinetIroncoreDev_v1alpha1" ], - "operationId": "createCoreApinetIroncoreDevV1alpha1Node", + "operationId": "createCoreApinetIroncoreDevV1alpha1NetworkID", "parameters": [ { "name": "body", "in": "body", "required": true, "schema": { - "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Node" + "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkID" } }, { @@ -38872,19 +39211,19 @@ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Node" + "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkID" } }, "201": { "description": "Created", "schema": { - "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Node" + "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkID" } }, "202": { "description": "Accepted", "schema": { - "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Node" + "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkID" } }, "401": { @@ -38894,12 +39233,12 @@ "x-kubernetes-action": "post", "x-kubernetes-group-version-kind": { "group": "core.apinet.ironcore.dev", - "kind": "Node", + "kind": "NetworkID", "version": "v1alpha1" } }, "delete": { - "description": "delete collection of Node", + "description": "delete collection of NetworkID", "consumes": [ "*/*" ], @@ -38913,7 +39252,7 @@ "tags": [ "coreApinetIroncoreDev_v1alpha1" ], - "operationId": "deleteCoreApinetIroncoreDevV1alpha1CollectionNode", + "operationId": "deleteCoreApinetIroncoreDevV1alpha1CollectionNetworkID", "parameters": [ { "$ref": "#/parameters/body-2Y1dVQaQ" @@ -38973,7 +39312,7 @@ "x-kubernetes-action": "deletecollection", "x-kubernetes-group-version-kind": { "group": "core.apinet.ironcore.dev", - "kind": "Node", + "kind": "NetworkID", "version": "v1alpha1" } }, @@ -38983,9 +39322,9 @@ } ] }, - "/apis/core.apinet.ironcore.dev/v1alpha1/nodes/{name}": { + "/apis/core.apinet.ironcore.dev/v1alpha1/networkids/{name}": { "get": { - "description": "read the specified Node", + "description": "read the specified NetworkID", "consumes": [ "*/*" ], @@ -38999,12 +39338,12 @@ "tags": [ "coreApinetIroncoreDev_v1alpha1" ], - "operationId": "readCoreApinetIroncoreDevV1alpha1Node", + "operationId": "readCoreApinetIroncoreDevV1alpha1NetworkID", "responses": { "200": { "description": "OK", "schema": { - "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Node" + "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkID" } }, "401": { @@ -39014,12 +39353,12 @@ "x-kubernetes-action": "get", "x-kubernetes-group-version-kind": { "group": "core.apinet.ironcore.dev", - "kind": "Node", + "kind": "NetworkID", "version": "v1alpha1" } }, "put": { - "description": "replace the specified Node", + "description": "replace the specified NetworkID", "consumes": [ "*/*" ], @@ -39033,14 +39372,14 @@ "tags": [ "coreApinetIroncoreDev_v1alpha1" ], - "operationId": "replaceCoreApinetIroncoreDevV1alpha1Node", + "operationId": "replaceCoreApinetIroncoreDevV1alpha1NetworkID", "parameters": [ { "name": "body", "in": "body", "required": true, "schema": { - "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Node" + "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkID" } }, { @@ -39065,13 +39404,13 @@ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Node" + "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkID" } }, "201": { "description": "Created", "schema": { - "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Node" + "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkID" } }, "401": { @@ -39081,12 +39420,12 @@ "x-kubernetes-action": "put", "x-kubernetes-group-version-kind": { "group": "core.apinet.ironcore.dev", - "kind": "Node", + "kind": "NetworkID", "version": "v1alpha1" } }, "delete": { - "description": "delete a Node", + "description": "delete a NetworkID", "consumes": [ "*/*" ], @@ -39100,7 +39439,7 @@ "tags": [ "coreApinetIroncoreDev_v1alpha1" ], - "operationId": "deleteCoreApinetIroncoreDevV1alpha1Node", + "operationId": "deleteCoreApinetIroncoreDevV1alpha1NetworkID", "parameters": [ { "$ref": "#/parameters/body-2Y1dVQaQ" @@ -39142,12 +39481,12 @@ "x-kubernetes-action": "delete", "x-kubernetes-group-version-kind": { "group": "core.apinet.ironcore.dev", - "kind": "Node", + "kind": "NetworkID", "version": "v1alpha1" } }, "patch": { - "description": "partially update the specified Node", + "description": "partially update the specified NetworkID", "consumes": [ "application/json-patch+json", "application/merge-patch+json", @@ -39164,7 +39503,7 @@ "tags": [ "coreApinetIroncoreDev_v1alpha1" ], - "operationId": "patchCoreApinetIroncoreDevV1alpha1Node", + "operationId": "patchCoreApinetIroncoreDevV1alpha1NetworkID", "parameters": [ { "$ref": "#/parameters/body-78PwaGsr" @@ -39194,13 +39533,13 @@ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Node" + "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkID" } }, "201": { "description": "Created", "schema": { - "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Node" + "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkID" } }, "401": { @@ -39210,7 +39549,7 @@ "x-kubernetes-action": "patch", "x-kubernetes-group-version-kind": { "group": "core.apinet.ironcore.dev", - "kind": "Node", + "kind": "NetworkID", "version": "v1alpha1" } }, @@ -39218,7 +39557,7 @@ { "uniqueItems": true, "type": "string", - "description": "name of the Node", + "description": "name of the NetworkID", "name": "name", "in": "path", "required": true @@ -39228,15 +39567,16 @@ } ] }, - "/apis/core.apinet.ironcore.dev/v1alpha1/nodes/{name}/status": { + "/apis/core.apinet.ironcore.dev/v1alpha1/networkinterfaces": { "get": { - "description": "read status of the specified Node", + "description": "list or watch objects of kind NetworkInterface", "consumes": [ "*/*" ], "produces": [ "application/json", - "application/yaml" + "application/yaml", + "application/json;stream=watch" ], "schemes": [ "https" @@ -39244,33 +39584,71 @@ "tags": [ "coreApinetIroncoreDev_v1alpha1" ], - "operationId": "readCoreApinetIroncoreDevV1alpha1NodeStatus", + "operationId": "listCoreApinetIroncoreDevV1alpha1NetworkInterfaceForAllNamespaces", "responses": { "200": { "description": "OK", "schema": { - "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Node" + "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkInterfaceList" } }, "401": { "description": "Unauthorized" } }, - "x-kubernetes-action": "get", + "x-kubernetes-action": "list", "x-kubernetes-group-version-kind": { "group": "core.apinet.ironcore.dev", - "kind": "Node", + "kind": "NetworkInterface", "version": "v1alpha1" } }, - "put": { - "description": "replace status of the specified Node", + "parameters": [ + { + "$ref": "#/parameters/allowWatchBookmarks-HC2hJt-J" + }, + { + "$ref": "#/parameters/continue-QfD61s0i" + }, + { + "$ref": "#/parameters/fieldSelector-xIcQKXFG" + }, + { + "$ref": "#/parameters/labelSelector-5Zw57w4C" + }, + { + "$ref": "#/parameters/limit-1NfNmdNH" + }, + { + "$ref": "#/parameters/pretty-tJGM1-ng" + }, + { + "$ref": "#/parameters/resourceVersion-5WAnf1kx" + }, + { + "$ref": "#/parameters/resourceVersionMatch-t8XhRHeC" + }, + { + "$ref": "#/parameters/sendInitialEvents-rLXlEK_k" + }, + { + "$ref": "#/parameters/timeoutSeconds-yvYezaOC" + }, + { + "$ref": "#/parameters/watch-XNNPZGbK" + } + ] + }, + "/apis/core.apinet.ironcore.dev/v1alpha1/networkpolicies": { + "get": { + "description": "list or watch objects of kind NetworkPolicy", "consumes": [ "*/*" ], "produces": [ "application/json", - "application/yaml" + "application/yaml", + "application/json;stream=watch" ], "schemes": [ "https" @@ -39278,173 +39656,22 @@ "tags": [ "coreApinetIroncoreDev_v1alpha1" ], - "operationId": "replaceCoreApinetIroncoreDevV1alpha1NodeStatus", - "parameters": [ - { - "name": "body", - "in": "body", - "required": true, - "schema": { - "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Node" - } - }, - { - "uniqueItems": true, - "type": "string", - "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", - "name": "dryRun", - "in": "query" - }, - { - "$ref": "#/parameters/fieldManager-Qy4HdaTW" - }, - { - "uniqueItems": true, - "type": "string", - "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", - "name": "fieldValidation", - "in": "query" - } - ], + "operationId": "listCoreApinetIroncoreDevV1alpha1NetworkPolicyForAllNamespaces", "responses": { "200": { "description": "OK", "schema": { - "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Node" - } - }, - "201": { - "description": "Created", - "schema": { - "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Node" - } - }, - "401": { - "description": "Unauthorized" - } - }, - "x-kubernetes-action": "put", - "x-kubernetes-group-version-kind": { - "group": "core.apinet.ironcore.dev", - "kind": "Node", - "version": "v1alpha1" - } - }, - "patch": { - "description": "partially update status of the specified Node", - "consumes": [ - "application/json-patch+json", - "application/merge-patch+json", - "application/strategic-merge-patch+json", - "application/apply-patch+yaml" - ], - "produces": [ - "application/json", - "application/yaml" - ], - "schemes": [ - "https" - ], - "tags": [ - "coreApinetIroncoreDev_v1alpha1" - ], - "operationId": "patchCoreApinetIroncoreDevV1alpha1NodeStatus", - "parameters": [ - { - "$ref": "#/parameters/body-78PwaGsr" - }, - { - "uniqueItems": true, - "type": "string", - "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", - "name": "dryRun", - "in": "query" - }, - { - "$ref": "#/parameters/fieldManager-7c6nTn1T" - }, - { - "uniqueItems": true, - "type": "string", - "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", - "name": "fieldValidation", - "in": "query" - }, - { - "$ref": "#/parameters/force-tOGGb0Yi" - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Node" - } - }, - "201": { - "description": "Created", - "schema": { - "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Node" - } - }, - "401": { - "description": "Unauthorized" - } - }, - "x-kubernetes-action": "patch", - "x-kubernetes-group-version-kind": { - "group": "core.apinet.ironcore.dev", - "kind": "Node", - "version": "v1alpha1" - } - }, - "parameters": [ - { - "uniqueItems": true, - "type": "string", - "description": "name of the Node", - "name": "name", - "in": "path", - "required": true - }, - { - "$ref": "#/parameters/pretty-tJGM1-ng" - } - ] - }, - "/apis/core.apinet.ironcore.dev/v1alpha1/watch/daemonsets": { - "get": { - "description": "watch individual changes to a list of DaemonSet. deprecated: use the 'watch' parameter with a list operation instead.", - "consumes": [ - "*/*" - ], - "produces": [ - "application/json", - "application/yaml", - "application/json;stream=watch" - ], - "schemes": [ - "https" - ], - "tags": [ - "coreApinetIroncoreDev_v1alpha1" - ], - "operationId": "watchCoreApinetIroncoreDevV1alpha1DaemonSetListForAllNamespaces", - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkPolicyList" } }, "401": { "description": "Unauthorized" } }, - "x-kubernetes-action": "watchlist", + "x-kubernetes-action": "list", "x-kubernetes-group-version-kind": { "group": "core.apinet.ironcore.dev", - "kind": "DaemonSet", + "kind": "NetworkPolicy", "version": "v1alpha1" } }, @@ -39484,9 +39711,9 @@ } ] }, - "/apis/core.apinet.ironcore.dev/v1alpha1/watch/instances": { + "/apis/core.apinet.ironcore.dev/v1alpha1/networkpolicyrules": { "get": { - "description": "watch individual changes to a list of Instance. deprecated: use the 'watch' parameter with a list operation instead.", + "description": "list or watch objects of kind NetworkPolicyRule", "consumes": [ "*/*" ], @@ -39501,22 +39728,22 @@ "tags": [ "coreApinetIroncoreDev_v1alpha1" ], - "operationId": "watchCoreApinetIroncoreDevV1alpha1InstanceListForAllNamespaces", + "operationId": "listCoreApinetIroncoreDevV1alpha1NetworkPolicyRuleForAllNamespaces", "responses": { "200": { "description": "OK", "schema": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkPolicyRuleList" } }, "401": { "description": "Unauthorized" } }, - "x-kubernetes-action": "watchlist", + "x-kubernetes-action": "list", "x-kubernetes-group-version-kind": { "group": "core.apinet.ironcore.dev", - "kind": "Instance", + "kind": "NetworkPolicyRule", "version": "v1alpha1" } }, @@ -39556,9 +39783,9 @@ } ] }, - "/apis/core.apinet.ironcore.dev/v1alpha1/watch/ipaddresses": { + "/apis/core.apinet.ironcore.dev/v1alpha1/networks": { "get": { - "description": "watch individual changes to a list of IPAddress. deprecated: use the 'watch' parameter with a list operation instead.", + "description": "list or watch objects of kind Network", "consumes": [ "*/*" ], @@ -39573,22 +39800,22 @@ "tags": [ "coreApinetIroncoreDev_v1alpha1" ], - "operationId": "watchCoreApinetIroncoreDevV1alpha1IPAddressList", + "operationId": "listCoreApinetIroncoreDevV1alpha1NetworkForAllNamespaces", "responses": { "200": { "description": "OK", "schema": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkList" } }, "401": { "description": "Unauthorized" } }, - "x-kubernetes-action": "watchlist", + "x-kubernetes-action": "list", "x-kubernetes-group-version-kind": { "group": "core.apinet.ironcore.dev", - "kind": "IPAddress", + "kind": "Network", "version": "v1alpha1" } }, @@ -39628,9 +39855,9 @@ } ] }, - "/apis/core.apinet.ironcore.dev/v1alpha1/watch/ipaddresses/{name}": { + "/apis/core.apinet.ironcore.dev/v1alpha1/nodes": { "get": { - "description": "watch changes to an object of kind IPAddress. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.", + "description": "list or watch objects of kind Node", "consumes": [ "*/*" ], @@ -39645,79 +39872,65 @@ "tags": [ "coreApinetIroncoreDev_v1alpha1" ], - "operationId": "watchCoreApinetIroncoreDevV1alpha1IPAddress", + "operationId": "listCoreApinetIroncoreDevV1alpha1Node", + "parameters": [ + { + "$ref": "#/parameters/allowWatchBookmarks-HC2hJt-J" + }, + { + "$ref": "#/parameters/continue-QfD61s0i" + }, + { + "$ref": "#/parameters/fieldSelector-xIcQKXFG" + }, + { + "$ref": "#/parameters/labelSelector-5Zw57w4C" + }, + { + "$ref": "#/parameters/limit-1NfNmdNH" + }, + { + "$ref": "#/parameters/resourceVersion-5WAnf1kx" + }, + { + "$ref": "#/parameters/resourceVersionMatch-t8XhRHeC" + }, + { + "$ref": "#/parameters/sendInitialEvents-rLXlEK_k" + }, + { + "$ref": "#/parameters/timeoutSeconds-yvYezaOC" + }, + { + "$ref": "#/parameters/watch-XNNPZGbK" + } + ], "responses": { "200": { "description": "OK", "schema": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NodeList" } }, "401": { "description": "Unauthorized" } }, - "x-kubernetes-action": "watch", + "x-kubernetes-action": "list", "x-kubernetes-group-version-kind": { "group": "core.apinet.ironcore.dev", - "kind": "IPAddress", + "kind": "Node", "version": "v1alpha1" } }, - "parameters": [ - { - "$ref": "#/parameters/allowWatchBookmarks-HC2hJt-J" - }, - { - "$ref": "#/parameters/continue-QfD61s0i" - }, - { - "$ref": "#/parameters/fieldSelector-xIcQKXFG" - }, - { - "$ref": "#/parameters/labelSelector-5Zw57w4C" - }, - { - "$ref": "#/parameters/limit-1NfNmdNH" - }, - { - "uniqueItems": true, - "type": "string", - "description": "name of the IPAddress", - "name": "name", - "in": "path", - "required": true - }, - { - "$ref": "#/parameters/pretty-tJGM1-ng" - }, - { - "$ref": "#/parameters/resourceVersion-5WAnf1kx" - }, - { - "$ref": "#/parameters/resourceVersionMatch-t8XhRHeC" - }, - { - "$ref": "#/parameters/sendInitialEvents-rLXlEK_k" - }, - { - "$ref": "#/parameters/timeoutSeconds-yvYezaOC" - }, - { - "$ref": "#/parameters/watch-XNNPZGbK" - } - ] - }, - "/apis/core.apinet.ironcore.dev/v1alpha1/watch/ips": { - "get": { - "description": "watch individual changes to a list of IP. deprecated: use the 'watch' parameter with a list operation instead.", + "post": { + "description": "create a Node", "consumes": [ "*/*" ], "produces": [ "application/json", - "application/yaml", - "application/json;stream=watch" + "application/yaml" ], "schemes": [ "https" @@ -39725,22 +39938,1281 @@ "tags": [ "coreApinetIroncoreDev_v1alpha1" ], - "operationId": "watchCoreApinetIroncoreDevV1alpha1IPListForAllNamespaces", - "responses": { - "200": { - "description": "OK", + "operationId": "createCoreApinetIroncoreDevV1alpha1Node", + "parameters": [ + { + "name": "body", + "in": "body", + "required": true, "schema": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Node" } }, - "401": { - "description": "Unauthorized" - } - }, - "x-kubernetes-action": "watchlist", - "x-kubernetes-group-version-kind": { + { + "uniqueItems": true, + "type": "string", + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "name": "dryRun", + "in": "query" + }, + { + "$ref": "#/parameters/fieldManager-Qy4HdaTW" + }, + { + "uniqueItems": true, + "type": "string", + "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", + "name": "fieldValidation", + "in": "query" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Node" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Node" + } + }, + "202": { + "description": "Accepted", + "schema": { + "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Node" + } + }, + "401": { + "description": "Unauthorized" + } + }, + "x-kubernetes-action": "post", + "x-kubernetes-group-version-kind": { + "group": "core.apinet.ironcore.dev", + "kind": "Node", + "version": "v1alpha1" + } + }, + "delete": { + "description": "delete collection of Node", + "consumes": [ + "*/*" + ], + "produces": [ + "application/json", + "application/yaml" + ], + "schemes": [ + "https" + ], + "tags": [ + "coreApinetIroncoreDev_v1alpha1" + ], + "operationId": "deleteCoreApinetIroncoreDevV1alpha1CollectionNode", + "parameters": [ + { + "$ref": "#/parameters/body-2Y1dVQaQ" + }, + { + "$ref": "#/parameters/continue-QfD61s0i" + }, + { + "uniqueItems": true, + "type": "string", + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "name": "dryRun", + "in": "query" + }, + { + "$ref": "#/parameters/fieldSelector-xIcQKXFG" + }, + { + "$ref": "#/parameters/gracePeriodSeconds--K5HaBOS" + }, + { + "$ref": "#/parameters/labelSelector-5Zw57w4C" + }, + { + "$ref": "#/parameters/limit-1NfNmdNH" + }, + { + "$ref": "#/parameters/orphanDependents-uRB25kX5" + }, + { + "$ref": "#/parameters/propagationPolicy-6jk3prlO" + }, + { + "$ref": "#/parameters/resourceVersion-5WAnf1kx" + }, + { + "$ref": "#/parameters/resourceVersionMatch-t8XhRHeC" + }, + { + "$ref": "#/parameters/sendInitialEvents-rLXlEK_k" + }, + { + "$ref": "#/parameters/timeoutSeconds-yvYezaOC" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + } + }, + "401": { + "description": "Unauthorized" + } + }, + "x-kubernetes-action": "deletecollection", + "x-kubernetes-group-version-kind": { + "group": "core.apinet.ironcore.dev", + "kind": "Node", + "version": "v1alpha1" + } + }, + "parameters": [ + { + "$ref": "#/parameters/pretty-tJGM1-ng" + } + ] + }, + "/apis/core.apinet.ironcore.dev/v1alpha1/nodes/{name}": { + "get": { + "description": "read the specified Node", + "consumes": [ + "*/*" + ], + "produces": [ + "application/json", + "application/yaml" + ], + "schemes": [ + "https" + ], + "tags": [ + "coreApinetIroncoreDev_v1alpha1" + ], + "operationId": "readCoreApinetIroncoreDevV1alpha1Node", + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Node" + } + }, + "401": { + "description": "Unauthorized" + } + }, + "x-kubernetes-action": "get", + "x-kubernetes-group-version-kind": { + "group": "core.apinet.ironcore.dev", + "kind": "Node", + "version": "v1alpha1" + } + }, + "put": { + "description": "replace the specified Node", + "consumes": [ + "*/*" + ], + "produces": [ + "application/json", + "application/yaml" + ], + "schemes": [ + "https" + ], + "tags": [ + "coreApinetIroncoreDev_v1alpha1" + ], + "operationId": "replaceCoreApinetIroncoreDevV1alpha1Node", + "parameters": [ + { + "name": "body", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Node" + } + }, + { + "uniqueItems": true, + "type": "string", + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "name": "dryRun", + "in": "query" + }, + { + "$ref": "#/parameters/fieldManager-Qy4HdaTW" + }, + { + "uniqueItems": true, + "type": "string", + "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", + "name": "fieldValidation", + "in": "query" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Node" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Node" + } + }, + "401": { + "description": "Unauthorized" + } + }, + "x-kubernetes-action": "put", + "x-kubernetes-group-version-kind": { + "group": "core.apinet.ironcore.dev", + "kind": "Node", + "version": "v1alpha1" + } + }, + "delete": { + "description": "delete a Node", + "consumes": [ + "*/*" + ], + "produces": [ + "application/json", + "application/yaml" + ], + "schemes": [ + "https" + ], + "tags": [ + "coreApinetIroncoreDev_v1alpha1" + ], + "operationId": "deleteCoreApinetIroncoreDevV1alpha1Node", + "parameters": [ + { + "$ref": "#/parameters/body-2Y1dVQaQ" + }, + { + "uniqueItems": true, + "type": "string", + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "name": "dryRun", + "in": "query" + }, + { + "$ref": "#/parameters/gracePeriodSeconds--K5HaBOS" + }, + { + "$ref": "#/parameters/orphanDependents-uRB25kX5" + }, + { + "$ref": "#/parameters/propagationPolicy-6jk3prlO" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + } + }, + "202": { + "description": "Accepted", + "schema": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + } + }, + "401": { + "description": "Unauthorized" + } + }, + "x-kubernetes-action": "delete", + "x-kubernetes-group-version-kind": { + "group": "core.apinet.ironcore.dev", + "kind": "Node", + "version": "v1alpha1" + } + }, + "patch": { + "description": "partially update the specified Node", + "consumes": [ + "application/json-patch+json", + "application/merge-patch+json", + "application/strategic-merge-patch+json", + "application/apply-patch+yaml" + ], + "produces": [ + "application/json", + "application/yaml" + ], + "schemes": [ + "https" + ], + "tags": [ + "coreApinetIroncoreDev_v1alpha1" + ], + "operationId": "patchCoreApinetIroncoreDevV1alpha1Node", + "parameters": [ + { + "$ref": "#/parameters/body-78PwaGsr" + }, + { + "uniqueItems": true, + "type": "string", + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "name": "dryRun", + "in": "query" + }, + { + "$ref": "#/parameters/fieldManager-7c6nTn1T" + }, + { + "uniqueItems": true, + "type": "string", + "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", + "name": "fieldValidation", + "in": "query" + }, + { + "$ref": "#/parameters/force-tOGGb0Yi" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Node" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Node" + } + }, + "401": { + "description": "Unauthorized" + } + }, + "x-kubernetes-action": "patch", + "x-kubernetes-group-version-kind": { + "group": "core.apinet.ironcore.dev", + "kind": "Node", + "version": "v1alpha1" + } + }, + "parameters": [ + { + "uniqueItems": true, + "type": "string", + "description": "name of the Node", + "name": "name", + "in": "path", + "required": true + }, + { + "$ref": "#/parameters/pretty-tJGM1-ng" + } + ] + }, + "/apis/core.apinet.ironcore.dev/v1alpha1/nodes/{name}/status": { + "get": { + "description": "read status of the specified Node", + "consumes": [ + "*/*" + ], + "produces": [ + "application/json", + "application/yaml" + ], + "schemes": [ + "https" + ], + "tags": [ + "coreApinetIroncoreDev_v1alpha1" + ], + "operationId": "readCoreApinetIroncoreDevV1alpha1NodeStatus", + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Node" + } + }, + "401": { + "description": "Unauthorized" + } + }, + "x-kubernetes-action": "get", + "x-kubernetes-group-version-kind": { + "group": "core.apinet.ironcore.dev", + "kind": "Node", + "version": "v1alpha1" + } + }, + "put": { + "description": "replace status of the specified Node", + "consumes": [ + "*/*" + ], + "produces": [ + "application/json", + "application/yaml" + ], + "schemes": [ + "https" + ], + "tags": [ + "coreApinetIroncoreDev_v1alpha1" + ], + "operationId": "replaceCoreApinetIroncoreDevV1alpha1NodeStatus", + "parameters": [ + { + "name": "body", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Node" + } + }, + { + "uniqueItems": true, + "type": "string", + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "name": "dryRun", + "in": "query" + }, + { + "$ref": "#/parameters/fieldManager-Qy4HdaTW" + }, + { + "uniqueItems": true, + "type": "string", + "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", + "name": "fieldValidation", + "in": "query" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Node" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Node" + } + }, + "401": { + "description": "Unauthorized" + } + }, + "x-kubernetes-action": "put", + "x-kubernetes-group-version-kind": { + "group": "core.apinet.ironcore.dev", + "kind": "Node", + "version": "v1alpha1" + } + }, + "patch": { + "description": "partially update status of the specified Node", + "consumes": [ + "application/json-patch+json", + "application/merge-patch+json", + "application/strategic-merge-patch+json", + "application/apply-patch+yaml" + ], + "produces": [ + "application/json", + "application/yaml" + ], + "schemes": [ + "https" + ], + "tags": [ + "coreApinetIroncoreDev_v1alpha1" + ], + "operationId": "patchCoreApinetIroncoreDevV1alpha1NodeStatus", + "parameters": [ + { + "$ref": "#/parameters/body-78PwaGsr" + }, + { + "uniqueItems": true, + "type": "string", + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "name": "dryRun", + "in": "query" + }, + { + "$ref": "#/parameters/fieldManager-7c6nTn1T" + }, + { + "uniqueItems": true, + "type": "string", + "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", + "name": "fieldValidation", + "in": "query" + }, + { + "$ref": "#/parameters/force-tOGGb0Yi" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Node" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Node" + } + }, + "401": { + "description": "Unauthorized" + } + }, + "x-kubernetes-action": "patch", + "x-kubernetes-group-version-kind": { + "group": "core.apinet.ironcore.dev", + "kind": "Node", + "version": "v1alpha1" + } + }, + "parameters": [ + { + "uniqueItems": true, + "type": "string", + "description": "name of the Node", + "name": "name", + "in": "path", + "required": true + }, + { + "$ref": "#/parameters/pretty-tJGM1-ng" + } + ] + }, + "/apis/core.apinet.ironcore.dev/v1alpha1/watch/daemonsets": { + "get": { + "description": "watch individual changes to a list of DaemonSet. deprecated: use the 'watch' parameter with a list operation instead.", + "consumes": [ + "*/*" + ], + "produces": [ + "application/json", + "application/yaml", + "application/json;stream=watch" + ], + "schemes": [ + "https" + ], + "tags": [ + "coreApinetIroncoreDev_v1alpha1" + ], + "operationId": "watchCoreApinetIroncoreDevV1alpha1DaemonSetListForAllNamespaces", + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "401": { + "description": "Unauthorized" + } + }, + "x-kubernetes-action": "watchlist", + "x-kubernetes-group-version-kind": { + "group": "core.apinet.ironcore.dev", + "kind": "DaemonSet", + "version": "v1alpha1" + } + }, + "parameters": [ + { + "$ref": "#/parameters/allowWatchBookmarks-HC2hJt-J" + }, + { + "$ref": "#/parameters/continue-QfD61s0i" + }, + { + "$ref": "#/parameters/fieldSelector-xIcQKXFG" + }, + { + "$ref": "#/parameters/labelSelector-5Zw57w4C" + }, + { + "$ref": "#/parameters/limit-1NfNmdNH" + }, + { + "$ref": "#/parameters/pretty-tJGM1-ng" + }, + { + "$ref": "#/parameters/resourceVersion-5WAnf1kx" + }, + { + "$ref": "#/parameters/resourceVersionMatch-t8XhRHeC" + }, + { + "$ref": "#/parameters/sendInitialEvents-rLXlEK_k" + }, + { + "$ref": "#/parameters/timeoutSeconds-yvYezaOC" + }, + { + "$ref": "#/parameters/watch-XNNPZGbK" + } + ] + }, + "/apis/core.apinet.ironcore.dev/v1alpha1/watch/instances": { + "get": { + "description": "watch individual changes to a list of Instance. deprecated: use the 'watch' parameter with a list operation instead.", + "consumes": [ + "*/*" + ], + "produces": [ + "application/json", + "application/yaml", + "application/json;stream=watch" + ], + "schemes": [ + "https" + ], + "tags": [ + "coreApinetIroncoreDev_v1alpha1" + ], + "operationId": "watchCoreApinetIroncoreDevV1alpha1InstanceListForAllNamespaces", + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "401": { + "description": "Unauthorized" + } + }, + "x-kubernetes-action": "watchlist", + "x-kubernetes-group-version-kind": { + "group": "core.apinet.ironcore.dev", + "kind": "Instance", + "version": "v1alpha1" + } + }, + "parameters": [ + { + "$ref": "#/parameters/allowWatchBookmarks-HC2hJt-J" + }, + { + "$ref": "#/parameters/continue-QfD61s0i" + }, + { + "$ref": "#/parameters/fieldSelector-xIcQKXFG" + }, + { + "$ref": "#/parameters/labelSelector-5Zw57w4C" + }, + { + "$ref": "#/parameters/limit-1NfNmdNH" + }, + { + "$ref": "#/parameters/pretty-tJGM1-ng" + }, + { + "$ref": "#/parameters/resourceVersion-5WAnf1kx" + }, + { + "$ref": "#/parameters/resourceVersionMatch-t8XhRHeC" + }, + { + "$ref": "#/parameters/sendInitialEvents-rLXlEK_k" + }, + { + "$ref": "#/parameters/timeoutSeconds-yvYezaOC" + }, + { + "$ref": "#/parameters/watch-XNNPZGbK" + } + ] + }, + "/apis/core.apinet.ironcore.dev/v1alpha1/watch/ipaddresses": { + "get": { + "description": "watch individual changes to a list of IPAddress. deprecated: use the 'watch' parameter with a list operation instead.", + "consumes": [ + "*/*" + ], + "produces": [ + "application/json", + "application/yaml", + "application/json;stream=watch" + ], + "schemes": [ + "https" + ], + "tags": [ + "coreApinetIroncoreDev_v1alpha1" + ], + "operationId": "watchCoreApinetIroncoreDevV1alpha1IPAddressList", + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "401": { + "description": "Unauthorized" + } + }, + "x-kubernetes-action": "watchlist", + "x-kubernetes-group-version-kind": { + "group": "core.apinet.ironcore.dev", + "kind": "IPAddress", + "version": "v1alpha1" + } + }, + "parameters": [ + { + "$ref": "#/parameters/allowWatchBookmarks-HC2hJt-J" + }, + { + "$ref": "#/parameters/continue-QfD61s0i" + }, + { + "$ref": "#/parameters/fieldSelector-xIcQKXFG" + }, + { + "$ref": "#/parameters/labelSelector-5Zw57w4C" + }, + { + "$ref": "#/parameters/limit-1NfNmdNH" + }, + { + "$ref": "#/parameters/pretty-tJGM1-ng" + }, + { + "$ref": "#/parameters/resourceVersion-5WAnf1kx" + }, + { + "$ref": "#/parameters/resourceVersionMatch-t8XhRHeC" + }, + { + "$ref": "#/parameters/sendInitialEvents-rLXlEK_k" + }, + { + "$ref": "#/parameters/timeoutSeconds-yvYezaOC" + }, + { + "$ref": "#/parameters/watch-XNNPZGbK" + } + ] + }, + "/apis/core.apinet.ironcore.dev/v1alpha1/watch/ipaddresses/{name}": { + "get": { + "description": "watch changes to an object of kind IPAddress. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.", + "consumes": [ + "*/*" + ], + "produces": [ + "application/json", + "application/yaml", + "application/json;stream=watch" + ], + "schemes": [ + "https" + ], + "tags": [ + "coreApinetIroncoreDev_v1alpha1" + ], + "operationId": "watchCoreApinetIroncoreDevV1alpha1IPAddress", + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "401": { + "description": "Unauthorized" + } + }, + "x-kubernetes-action": "watch", + "x-kubernetes-group-version-kind": { + "group": "core.apinet.ironcore.dev", + "kind": "IPAddress", + "version": "v1alpha1" + } + }, + "parameters": [ + { + "$ref": "#/parameters/allowWatchBookmarks-HC2hJt-J" + }, + { + "$ref": "#/parameters/continue-QfD61s0i" + }, + { + "$ref": "#/parameters/fieldSelector-xIcQKXFG" + }, + { + "$ref": "#/parameters/labelSelector-5Zw57w4C" + }, + { + "$ref": "#/parameters/limit-1NfNmdNH" + }, + { + "uniqueItems": true, + "type": "string", + "description": "name of the IPAddress", + "name": "name", + "in": "path", + "required": true + }, + { + "$ref": "#/parameters/pretty-tJGM1-ng" + }, + { + "$ref": "#/parameters/resourceVersion-5WAnf1kx" + }, + { + "$ref": "#/parameters/resourceVersionMatch-t8XhRHeC" + }, + { + "$ref": "#/parameters/sendInitialEvents-rLXlEK_k" + }, + { + "$ref": "#/parameters/timeoutSeconds-yvYezaOC" + }, + { + "$ref": "#/parameters/watch-XNNPZGbK" + } + ] + }, + "/apis/core.apinet.ironcore.dev/v1alpha1/watch/ips": { + "get": { + "description": "watch individual changes to a list of IP. deprecated: use the 'watch' parameter with a list operation instead.", + "consumes": [ + "*/*" + ], + "produces": [ + "application/json", + "application/yaml", + "application/json;stream=watch" + ], + "schemes": [ + "https" + ], + "tags": [ + "coreApinetIroncoreDev_v1alpha1" + ], + "operationId": "watchCoreApinetIroncoreDevV1alpha1IPListForAllNamespaces", + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "401": { + "description": "Unauthorized" + } + }, + "x-kubernetes-action": "watchlist", + "x-kubernetes-group-version-kind": { + "group": "core.apinet.ironcore.dev", + "kind": "IP", + "version": "v1alpha1" + } + }, + "parameters": [ + { + "$ref": "#/parameters/allowWatchBookmarks-HC2hJt-J" + }, + { + "$ref": "#/parameters/continue-QfD61s0i" + }, + { + "$ref": "#/parameters/fieldSelector-xIcQKXFG" + }, + { + "$ref": "#/parameters/labelSelector-5Zw57w4C" + }, + { + "$ref": "#/parameters/limit-1NfNmdNH" + }, + { + "$ref": "#/parameters/pretty-tJGM1-ng" + }, + { + "$ref": "#/parameters/resourceVersion-5WAnf1kx" + }, + { + "$ref": "#/parameters/resourceVersionMatch-t8XhRHeC" + }, + { + "$ref": "#/parameters/sendInitialEvents-rLXlEK_k" + }, + { + "$ref": "#/parameters/timeoutSeconds-yvYezaOC" + }, + { + "$ref": "#/parameters/watch-XNNPZGbK" + } + ] + }, + "/apis/core.apinet.ironcore.dev/v1alpha1/watch/loadbalancerroutings": { + "get": { + "description": "watch individual changes to a list of LoadBalancerRouting. deprecated: use the 'watch' parameter with a list operation instead.", + "consumes": [ + "*/*" + ], + "produces": [ + "application/json", + "application/yaml", + "application/json;stream=watch" + ], + "schemes": [ + "https" + ], + "tags": [ + "coreApinetIroncoreDev_v1alpha1" + ], + "operationId": "watchCoreApinetIroncoreDevV1alpha1LoadBalancerRoutingListForAllNamespaces", + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "401": { + "description": "Unauthorized" + } + }, + "x-kubernetes-action": "watchlist", + "x-kubernetes-group-version-kind": { + "group": "core.apinet.ironcore.dev", + "kind": "LoadBalancerRouting", + "version": "v1alpha1" + } + }, + "parameters": [ + { + "$ref": "#/parameters/allowWatchBookmarks-HC2hJt-J" + }, + { + "$ref": "#/parameters/continue-QfD61s0i" + }, + { + "$ref": "#/parameters/fieldSelector-xIcQKXFG" + }, + { + "$ref": "#/parameters/labelSelector-5Zw57w4C" + }, + { + "$ref": "#/parameters/limit-1NfNmdNH" + }, + { + "$ref": "#/parameters/pretty-tJGM1-ng" + }, + { + "$ref": "#/parameters/resourceVersion-5WAnf1kx" + }, + { + "$ref": "#/parameters/resourceVersionMatch-t8XhRHeC" + }, + { + "$ref": "#/parameters/sendInitialEvents-rLXlEK_k" + }, + { + "$ref": "#/parameters/timeoutSeconds-yvYezaOC" + }, + { + "$ref": "#/parameters/watch-XNNPZGbK" + } + ] + }, + "/apis/core.apinet.ironcore.dev/v1alpha1/watch/loadbalancers": { + "get": { + "description": "watch individual changes to a list of LoadBalancer. deprecated: use the 'watch' parameter with a list operation instead.", + "consumes": [ + "*/*" + ], + "produces": [ + "application/json", + "application/yaml", + "application/json;stream=watch" + ], + "schemes": [ + "https" + ], + "tags": [ + "coreApinetIroncoreDev_v1alpha1" + ], + "operationId": "watchCoreApinetIroncoreDevV1alpha1LoadBalancerListForAllNamespaces", + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "401": { + "description": "Unauthorized" + } + }, + "x-kubernetes-action": "watchlist", + "x-kubernetes-group-version-kind": { + "group": "core.apinet.ironcore.dev", + "kind": "LoadBalancer", + "version": "v1alpha1" + } + }, + "parameters": [ + { + "$ref": "#/parameters/allowWatchBookmarks-HC2hJt-J" + }, + { + "$ref": "#/parameters/continue-QfD61s0i" + }, + { + "$ref": "#/parameters/fieldSelector-xIcQKXFG" + }, + { + "$ref": "#/parameters/labelSelector-5Zw57w4C" + }, + { + "$ref": "#/parameters/limit-1NfNmdNH" + }, + { + "$ref": "#/parameters/pretty-tJGM1-ng" + }, + { + "$ref": "#/parameters/resourceVersion-5WAnf1kx" + }, + { + "$ref": "#/parameters/resourceVersionMatch-t8XhRHeC" + }, + { + "$ref": "#/parameters/sendInitialEvents-rLXlEK_k" + }, + { + "$ref": "#/parameters/timeoutSeconds-yvYezaOC" + }, + { + "$ref": "#/parameters/watch-XNNPZGbK" + } + ] + }, + "/apis/core.apinet.ironcore.dev/v1alpha1/watch/namespaces/{namespace}/daemonsets": { + "get": { + "description": "watch individual changes to a list of DaemonSet. deprecated: use the 'watch' parameter with a list operation instead.", + "consumes": [ + "*/*" + ], + "produces": [ + "application/json", + "application/yaml", + "application/json;stream=watch" + ], + "schemes": [ + "https" + ], + "tags": [ + "coreApinetIroncoreDev_v1alpha1" + ], + "operationId": "watchCoreApinetIroncoreDevV1alpha1NamespacedDaemonSetList", + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "401": { + "description": "Unauthorized" + } + }, + "x-kubernetes-action": "watchlist", + "x-kubernetes-group-version-kind": { + "group": "core.apinet.ironcore.dev", + "kind": "DaemonSet", + "version": "v1alpha1" + } + }, + "parameters": [ + { + "$ref": "#/parameters/allowWatchBookmarks-HC2hJt-J" + }, + { + "$ref": "#/parameters/continue-QfD61s0i" + }, + { + "$ref": "#/parameters/fieldSelector-xIcQKXFG" + }, + { + "$ref": "#/parameters/labelSelector-5Zw57w4C" + }, + { + "$ref": "#/parameters/limit-1NfNmdNH" + }, + { + "$ref": "#/parameters/namespace-vgWSWtn3" + }, + { + "$ref": "#/parameters/pretty-tJGM1-ng" + }, + { + "$ref": "#/parameters/resourceVersion-5WAnf1kx" + }, + { + "$ref": "#/parameters/resourceVersionMatch-t8XhRHeC" + }, + { + "$ref": "#/parameters/sendInitialEvents-rLXlEK_k" + }, + { + "$ref": "#/parameters/timeoutSeconds-yvYezaOC" + }, + { + "$ref": "#/parameters/watch-XNNPZGbK" + } + ] + }, + "/apis/core.apinet.ironcore.dev/v1alpha1/watch/namespaces/{namespace}/daemonsets/{name}": { + "get": { + "description": "watch changes to an object of kind DaemonSet. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.", + "consumes": [ + "*/*" + ], + "produces": [ + "application/json", + "application/yaml", + "application/json;stream=watch" + ], + "schemes": [ + "https" + ], + "tags": [ + "coreApinetIroncoreDev_v1alpha1" + ], + "operationId": "watchCoreApinetIroncoreDevV1alpha1NamespacedDaemonSet", + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "401": { + "description": "Unauthorized" + } + }, + "x-kubernetes-action": "watch", + "x-kubernetes-group-version-kind": { + "group": "core.apinet.ironcore.dev", + "kind": "DaemonSet", + "version": "v1alpha1" + } + }, + "parameters": [ + { + "$ref": "#/parameters/allowWatchBookmarks-HC2hJt-J" + }, + { + "$ref": "#/parameters/continue-QfD61s0i" + }, + { + "$ref": "#/parameters/fieldSelector-xIcQKXFG" + }, + { + "$ref": "#/parameters/labelSelector-5Zw57w4C" + }, + { + "$ref": "#/parameters/limit-1NfNmdNH" + }, + { + "uniqueItems": true, + "type": "string", + "description": "name of the DaemonSet", + "name": "name", + "in": "path", + "required": true + }, + { + "$ref": "#/parameters/namespace-vgWSWtn3" + }, + { + "$ref": "#/parameters/pretty-tJGM1-ng" + }, + { + "$ref": "#/parameters/resourceVersion-5WAnf1kx" + }, + { + "$ref": "#/parameters/resourceVersionMatch-t8XhRHeC" + }, + { + "$ref": "#/parameters/sendInitialEvents-rLXlEK_k" + }, + { + "$ref": "#/parameters/timeoutSeconds-yvYezaOC" + }, + { + "$ref": "#/parameters/watch-XNNPZGbK" + } + ] + }, + "/apis/core.apinet.ironcore.dev/v1alpha1/watch/namespaces/{namespace}/instances": { + "get": { + "description": "watch individual changes to a list of Instance. deprecated: use the 'watch' parameter with a list operation instead.", + "consumes": [ + "*/*" + ], + "produces": [ + "application/json", + "application/yaml", + "application/json;stream=watch" + ], + "schemes": [ + "https" + ], + "tags": [ + "coreApinetIroncoreDev_v1alpha1" + ], + "operationId": "watchCoreApinetIroncoreDevV1alpha1NamespacedInstanceList", + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "401": { + "description": "Unauthorized" + } + }, + "x-kubernetes-action": "watchlist", + "x-kubernetes-group-version-kind": { "group": "core.apinet.ironcore.dev", - "kind": "IP", + "kind": "Instance", "version": "v1alpha1" } }, @@ -39760,6 +41232,9 @@ { "$ref": "#/parameters/limit-1NfNmdNH" }, + { + "$ref": "#/parameters/namespace-vgWSWtn3" + }, { "$ref": "#/parameters/pretty-tJGM1-ng" }, @@ -39780,9 +41255,9 @@ } ] }, - "/apis/core.apinet.ironcore.dev/v1alpha1/watch/loadbalancerroutings": { + "/apis/core.apinet.ironcore.dev/v1alpha1/watch/namespaces/{namespace}/instances/{name}": { "get": { - "description": "watch individual changes to a list of LoadBalancerRouting. deprecated: use the 'watch' parameter with a list operation instead.", + "description": "watch changes to an object of kind Instance. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.", "consumes": [ "*/*" ], @@ -39797,7 +41272,7 @@ "tags": [ "coreApinetIroncoreDev_v1alpha1" ], - "operationId": "watchCoreApinetIroncoreDevV1alpha1LoadBalancerRoutingListForAllNamespaces", + "operationId": "watchCoreApinetIroncoreDevV1alpha1NamespacedInstance", "responses": { "200": { "description": "OK", @@ -39809,10 +41284,10 @@ "description": "Unauthorized" } }, - "x-kubernetes-action": "watchlist", + "x-kubernetes-action": "watch", "x-kubernetes-group-version-kind": { "group": "core.apinet.ironcore.dev", - "kind": "LoadBalancerRouting", + "kind": "Instance", "version": "v1alpha1" } }, @@ -39832,6 +41307,17 @@ { "$ref": "#/parameters/limit-1NfNmdNH" }, + { + "uniqueItems": true, + "type": "string", + "description": "name of the Instance", + "name": "name", + "in": "path", + "required": true + }, + { + "$ref": "#/parameters/namespace-vgWSWtn3" + }, { "$ref": "#/parameters/pretty-tJGM1-ng" }, @@ -39852,9 +41338,9 @@ } ] }, - "/apis/core.apinet.ironcore.dev/v1alpha1/watch/loadbalancers": { + "/apis/core.apinet.ironcore.dev/v1alpha1/watch/namespaces/{namespace}/ips": { "get": { - "description": "watch individual changes to a list of LoadBalancer. deprecated: use the 'watch' parameter with a list operation instead.", + "description": "watch individual changes to a list of IP. deprecated: use the 'watch' parameter with a list operation instead.", "consumes": [ "*/*" ], @@ -39869,7 +41355,7 @@ "tags": [ "coreApinetIroncoreDev_v1alpha1" ], - "operationId": "watchCoreApinetIroncoreDevV1alpha1LoadBalancerListForAllNamespaces", + "operationId": "watchCoreApinetIroncoreDevV1alpha1NamespacedIPList", "responses": { "200": { "description": "OK", @@ -39884,7 +41370,7 @@ "x-kubernetes-action": "watchlist", "x-kubernetes-group-version-kind": { "group": "core.apinet.ironcore.dev", - "kind": "LoadBalancer", + "kind": "IP", "version": "v1alpha1" } }, @@ -39904,6 +41390,9 @@ { "$ref": "#/parameters/limit-1NfNmdNH" }, + { + "$ref": "#/parameters/namespace-vgWSWtn3" + }, { "$ref": "#/parameters/pretty-tJGM1-ng" }, @@ -39924,9 +41413,9 @@ } ] }, - "/apis/core.apinet.ironcore.dev/v1alpha1/watch/namespaces/{namespace}/daemonsets": { + "/apis/core.apinet.ironcore.dev/v1alpha1/watch/namespaces/{namespace}/ips/{name}": { "get": { - "description": "watch individual changes to a list of DaemonSet. deprecated: use the 'watch' parameter with a list operation instead.", + "description": "watch changes to an object of kind IP. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.", "consumes": [ "*/*" ], @@ -39941,7 +41430,90 @@ "tags": [ "coreApinetIroncoreDev_v1alpha1" ], - "operationId": "watchCoreApinetIroncoreDevV1alpha1NamespacedDaemonSetList", + "operationId": "watchCoreApinetIroncoreDevV1alpha1NamespacedIP", + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "401": { + "description": "Unauthorized" + } + }, + "x-kubernetes-action": "watch", + "x-kubernetes-group-version-kind": { + "group": "core.apinet.ironcore.dev", + "kind": "IP", + "version": "v1alpha1" + } + }, + "parameters": [ + { + "$ref": "#/parameters/allowWatchBookmarks-HC2hJt-J" + }, + { + "$ref": "#/parameters/continue-QfD61s0i" + }, + { + "$ref": "#/parameters/fieldSelector-xIcQKXFG" + }, + { + "$ref": "#/parameters/labelSelector-5Zw57w4C" + }, + { + "$ref": "#/parameters/limit-1NfNmdNH" + }, + { + "uniqueItems": true, + "type": "string", + "description": "name of the IP", + "name": "name", + "in": "path", + "required": true + }, + { + "$ref": "#/parameters/namespace-vgWSWtn3" + }, + { + "$ref": "#/parameters/pretty-tJGM1-ng" + }, + { + "$ref": "#/parameters/resourceVersion-5WAnf1kx" + }, + { + "$ref": "#/parameters/resourceVersionMatch-t8XhRHeC" + }, + { + "$ref": "#/parameters/sendInitialEvents-rLXlEK_k" + }, + { + "$ref": "#/parameters/timeoutSeconds-yvYezaOC" + }, + { + "$ref": "#/parameters/watch-XNNPZGbK" + } + ] + }, + "/apis/core.apinet.ironcore.dev/v1alpha1/watch/namespaces/{namespace}/loadbalancerroutings": { + "get": { + "description": "watch individual changes to a list of LoadBalancerRouting. deprecated: use the 'watch' parameter with a list operation instead.", + "consumes": [ + "*/*" + ], + "produces": [ + "application/json", + "application/yaml", + "application/json;stream=watch" + ], + "schemes": [ + "https" + ], + "tags": [ + "coreApinetIroncoreDev_v1alpha1" + ], + "operationId": "watchCoreApinetIroncoreDevV1alpha1NamespacedLoadBalancerRoutingList", "responses": { "200": { "description": "OK", @@ -39956,7 +41528,7 @@ "x-kubernetes-action": "watchlist", "x-kubernetes-group-version-kind": { "group": "core.apinet.ironcore.dev", - "kind": "DaemonSet", + "kind": "LoadBalancerRouting", "version": "v1alpha1" } }, @@ -39999,9 +41571,9 @@ } ] }, - "/apis/core.apinet.ironcore.dev/v1alpha1/watch/namespaces/{namespace}/daemonsets/{name}": { + "/apis/core.apinet.ironcore.dev/v1alpha1/watch/namespaces/{namespace}/loadbalancerroutings/{name}": { "get": { - "description": "watch changes to an object of kind DaemonSet. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.", + "description": "watch changes to an object of kind LoadBalancerRouting. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.", "consumes": [ "*/*" ], @@ -40016,7 +41588,7 @@ "tags": [ "coreApinetIroncoreDev_v1alpha1" ], - "operationId": "watchCoreApinetIroncoreDevV1alpha1NamespacedDaemonSet", + "operationId": "watchCoreApinetIroncoreDevV1alpha1NamespacedLoadBalancerRouting", "responses": { "200": { "description": "OK", @@ -40031,7 +41603,7 @@ "x-kubernetes-action": "watch", "x-kubernetes-group-version-kind": { "group": "core.apinet.ironcore.dev", - "kind": "DaemonSet", + "kind": "LoadBalancerRouting", "version": "v1alpha1" } }, @@ -40054,7 +41626,7 @@ { "uniqueItems": true, "type": "string", - "description": "name of the DaemonSet", + "description": "name of the LoadBalancerRouting", "name": "name", "in": "path", "required": true @@ -40082,9 +41654,9 @@ } ] }, - "/apis/core.apinet.ironcore.dev/v1alpha1/watch/namespaces/{namespace}/instances": { + "/apis/core.apinet.ironcore.dev/v1alpha1/watch/namespaces/{namespace}/loadbalancers": { "get": { - "description": "watch individual changes to a list of Instance. deprecated: use the 'watch' parameter with a list operation instead.", + "description": "watch individual changes to a list of LoadBalancer. deprecated: use the 'watch' parameter with a list operation instead.", "consumes": [ "*/*" ], @@ -40099,7 +41671,7 @@ "tags": [ "coreApinetIroncoreDev_v1alpha1" ], - "operationId": "watchCoreApinetIroncoreDevV1alpha1NamespacedInstanceList", + "operationId": "watchCoreApinetIroncoreDevV1alpha1NamespacedLoadBalancerList", "responses": { "200": { "description": "OK", @@ -40114,7 +41686,7 @@ "x-kubernetes-action": "watchlist", "x-kubernetes-group-version-kind": { "group": "core.apinet.ironcore.dev", - "kind": "Instance", + "kind": "LoadBalancer", "version": "v1alpha1" } }, @@ -40157,9 +41729,9 @@ } ] }, - "/apis/core.apinet.ironcore.dev/v1alpha1/watch/namespaces/{namespace}/instances/{name}": { + "/apis/core.apinet.ironcore.dev/v1alpha1/watch/namespaces/{namespace}/loadbalancers/{name}": { "get": { - "description": "watch changes to an object of kind Instance. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.", + "description": "watch changes to an object of kind LoadBalancer. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.", "consumes": [ "*/*" ], @@ -40174,7 +41746,7 @@ "tags": [ "coreApinetIroncoreDev_v1alpha1" ], - "operationId": "watchCoreApinetIroncoreDevV1alpha1NamespacedInstance", + "operationId": "watchCoreApinetIroncoreDevV1alpha1NamespacedLoadBalancer", "responses": { "200": { "description": "OK", @@ -40189,7 +41761,7 @@ "x-kubernetes-action": "watch", "x-kubernetes-group-version-kind": { "group": "core.apinet.ironcore.dev", - "kind": "Instance", + "kind": "LoadBalancer", "version": "v1alpha1" } }, @@ -40212,7 +41784,7 @@ { "uniqueItems": true, "type": "string", - "description": "name of the Instance", + "description": "name of the LoadBalancer", "name": "name", "in": "path", "required": true @@ -40240,9 +41812,9 @@ } ] }, - "/apis/core.apinet.ironcore.dev/v1alpha1/watch/namespaces/{namespace}/ips": { + "/apis/core.apinet.ironcore.dev/v1alpha1/watch/namespaces/{namespace}/natgatewayautoscalers": { "get": { - "description": "watch individual changes to a list of IP. deprecated: use the 'watch' parameter with a list operation instead.", + "description": "watch individual changes to a list of NATGatewayAutoscaler. deprecated: use the 'watch' parameter with a list operation instead.", "consumes": [ "*/*" ], @@ -40257,7 +41829,7 @@ "tags": [ "coreApinetIroncoreDev_v1alpha1" ], - "operationId": "watchCoreApinetIroncoreDevV1alpha1NamespacedIPList", + "operationId": "watchCoreApinetIroncoreDevV1alpha1NamespacedNATGatewayAutoscalerList", "responses": { "200": { "description": "OK", @@ -40272,7 +41844,7 @@ "x-kubernetes-action": "watchlist", "x-kubernetes-group-version-kind": { "group": "core.apinet.ironcore.dev", - "kind": "IP", + "kind": "NATGatewayAutoscaler", "version": "v1alpha1" } }, @@ -40315,9 +41887,9 @@ } ] }, - "/apis/core.apinet.ironcore.dev/v1alpha1/watch/namespaces/{namespace}/ips/{name}": { + "/apis/core.apinet.ironcore.dev/v1alpha1/watch/namespaces/{namespace}/natgatewayautoscalers/{name}": { "get": { - "description": "watch changes to an object of kind IP. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.", + "description": "watch changes to an object of kind NATGatewayAutoscaler. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.", "consumes": [ "*/*" ], @@ -40332,7 +41904,7 @@ "tags": [ "coreApinetIroncoreDev_v1alpha1" ], - "operationId": "watchCoreApinetIroncoreDevV1alpha1NamespacedIP", + "operationId": "watchCoreApinetIroncoreDevV1alpha1NamespacedNATGatewayAutoscaler", "responses": { "200": { "description": "OK", @@ -40347,7 +41919,7 @@ "x-kubernetes-action": "watch", "x-kubernetes-group-version-kind": { "group": "core.apinet.ironcore.dev", - "kind": "IP", + "kind": "NATGatewayAutoscaler", "version": "v1alpha1" } }, @@ -40370,7 +41942,7 @@ { "uniqueItems": true, "type": "string", - "description": "name of the IP", + "description": "name of the NATGatewayAutoscaler", "name": "name", "in": "path", "required": true @@ -40398,9 +41970,9 @@ } ] }, - "/apis/core.apinet.ironcore.dev/v1alpha1/watch/namespaces/{namespace}/loadbalancerroutings": { + "/apis/core.apinet.ironcore.dev/v1alpha1/watch/namespaces/{namespace}/natgateways": { "get": { - "description": "watch individual changes to a list of LoadBalancerRouting. deprecated: use the 'watch' parameter with a list operation instead.", + "description": "watch individual changes to a list of NATGateway. deprecated: use the 'watch' parameter with a list operation instead.", "consumes": [ "*/*" ], @@ -40415,7 +41987,7 @@ "tags": [ "coreApinetIroncoreDev_v1alpha1" ], - "operationId": "watchCoreApinetIroncoreDevV1alpha1NamespacedLoadBalancerRoutingList", + "operationId": "watchCoreApinetIroncoreDevV1alpha1NamespacedNATGatewayList", "responses": { "200": { "description": "OK", @@ -40430,7 +42002,7 @@ "x-kubernetes-action": "watchlist", "x-kubernetes-group-version-kind": { "group": "core.apinet.ironcore.dev", - "kind": "LoadBalancerRouting", + "kind": "NATGateway", "version": "v1alpha1" } }, @@ -40473,9 +42045,9 @@ } ] }, - "/apis/core.apinet.ironcore.dev/v1alpha1/watch/namespaces/{namespace}/loadbalancerroutings/{name}": { + "/apis/core.apinet.ironcore.dev/v1alpha1/watch/namespaces/{namespace}/natgateways/{name}": { "get": { - "description": "watch changes to an object of kind LoadBalancerRouting. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.", + "description": "watch changes to an object of kind NATGateway. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.", "consumes": [ "*/*" ], @@ -40490,7 +42062,7 @@ "tags": [ "coreApinetIroncoreDev_v1alpha1" ], - "operationId": "watchCoreApinetIroncoreDevV1alpha1NamespacedLoadBalancerRouting", + "operationId": "watchCoreApinetIroncoreDevV1alpha1NamespacedNATGateway", "responses": { "200": { "description": "OK", @@ -40505,7 +42077,7 @@ "x-kubernetes-action": "watch", "x-kubernetes-group-version-kind": { "group": "core.apinet.ironcore.dev", - "kind": "LoadBalancerRouting", + "kind": "NATGateway", "version": "v1alpha1" } }, @@ -40528,7 +42100,7 @@ { "uniqueItems": true, "type": "string", - "description": "name of the LoadBalancerRouting", + "description": "name of the NATGateway", "name": "name", "in": "path", "required": true @@ -40556,9 +42128,9 @@ } ] }, - "/apis/core.apinet.ironcore.dev/v1alpha1/watch/namespaces/{namespace}/loadbalancers": { + "/apis/core.apinet.ironcore.dev/v1alpha1/watch/namespaces/{namespace}/nattables": { "get": { - "description": "watch individual changes to a list of LoadBalancer. deprecated: use the 'watch' parameter with a list operation instead.", + "description": "watch individual changes to a list of NATTable. deprecated: use the 'watch' parameter with a list operation instead.", "consumes": [ "*/*" ], @@ -40573,7 +42145,7 @@ "tags": [ "coreApinetIroncoreDev_v1alpha1" ], - "operationId": "watchCoreApinetIroncoreDevV1alpha1NamespacedLoadBalancerList", + "operationId": "watchCoreApinetIroncoreDevV1alpha1NamespacedNATTableList", "responses": { "200": { "description": "OK", @@ -40588,7 +42160,7 @@ "x-kubernetes-action": "watchlist", "x-kubernetes-group-version-kind": { "group": "core.apinet.ironcore.dev", - "kind": "LoadBalancer", + "kind": "NATTable", "version": "v1alpha1" } }, @@ -40631,9 +42203,9 @@ } ] }, - "/apis/core.apinet.ironcore.dev/v1alpha1/watch/namespaces/{namespace}/loadbalancers/{name}": { + "/apis/core.apinet.ironcore.dev/v1alpha1/watch/namespaces/{namespace}/nattables/{name}": { "get": { - "description": "watch changes to an object of kind LoadBalancer. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.", + "description": "watch changes to an object of kind NATTable. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.", "consumes": [ "*/*" ], @@ -40648,7 +42220,7 @@ "tags": [ "coreApinetIroncoreDev_v1alpha1" ], - "operationId": "watchCoreApinetIroncoreDevV1alpha1NamespacedLoadBalancer", + "operationId": "watchCoreApinetIroncoreDevV1alpha1NamespacedNATTable", "responses": { "200": { "description": "OK", @@ -40663,7 +42235,7 @@ "x-kubernetes-action": "watch", "x-kubernetes-group-version-kind": { "group": "core.apinet.ironcore.dev", - "kind": "LoadBalancer", + "kind": "NATTable", "version": "v1alpha1" } }, @@ -40686,7 +42258,7 @@ { "uniqueItems": true, "type": "string", - "description": "name of the LoadBalancer", + "description": "name of the NATTable", "name": "name", "in": "path", "required": true @@ -40714,9 +42286,9 @@ } ] }, - "/apis/core.apinet.ironcore.dev/v1alpha1/watch/namespaces/{namespace}/natgatewayautoscalers": { + "/apis/core.apinet.ironcore.dev/v1alpha1/watch/namespaces/{namespace}/networkinterfaces": { "get": { - "description": "watch individual changes to a list of NATGatewayAutoscaler. deprecated: use the 'watch' parameter with a list operation instead.", + "description": "watch individual changes to a list of NetworkInterface. deprecated: use the 'watch' parameter with a list operation instead.", "consumes": [ "*/*" ], @@ -40731,7 +42303,7 @@ "tags": [ "coreApinetIroncoreDev_v1alpha1" ], - "operationId": "watchCoreApinetIroncoreDevV1alpha1NamespacedNATGatewayAutoscalerList", + "operationId": "watchCoreApinetIroncoreDevV1alpha1NamespacedNetworkInterfaceList", "responses": { "200": { "description": "OK", @@ -40746,7 +42318,7 @@ "x-kubernetes-action": "watchlist", "x-kubernetes-group-version-kind": { "group": "core.apinet.ironcore.dev", - "kind": "NATGatewayAutoscaler", + "kind": "NetworkInterface", "version": "v1alpha1" } }, @@ -40789,9 +42361,9 @@ } ] }, - "/apis/core.apinet.ironcore.dev/v1alpha1/watch/namespaces/{namespace}/natgatewayautoscalers/{name}": { + "/apis/core.apinet.ironcore.dev/v1alpha1/watch/namespaces/{namespace}/networkinterfaces/{name}": { "get": { - "description": "watch changes to an object of kind NATGatewayAutoscaler. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.", + "description": "watch changes to an object of kind NetworkInterface. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.", "consumes": [ "*/*" ], @@ -40806,7 +42378,7 @@ "tags": [ "coreApinetIroncoreDev_v1alpha1" ], - "operationId": "watchCoreApinetIroncoreDevV1alpha1NamespacedNATGatewayAutoscaler", + "operationId": "watchCoreApinetIroncoreDevV1alpha1NamespacedNetworkInterface", "responses": { "200": { "description": "OK", @@ -40821,7 +42393,7 @@ "x-kubernetes-action": "watch", "x-kubernetes-group-version-kind": { "group": "core.apinet.ironcore.dev", - "kind": "NATGatewayAutoscaler", + "kind": "NetworkInterface", "version": "v1alpha1" } }, @@ -40844,7 +42416,7 @@ { "uniqueItems": true, "type": "string", - "description": "name of the NATGatewayAutoscaler", + "description": "name of the NetworkInterface", "name": "name", "in": "path", "required": true @@ -40872,9 +42444,9 @@ } ] }, - "/apis/core.apinet.ironcore.dev/v1alpha1/watch/namespaces/{namespace}/natgateways": { + "/apis/core.apinet.ironcore.dev/v1alpha1/watch/namespaces/{namespace}/networkpolicies": { "get": { - "description": "watch individual changes to a list of NATGateway. deprecated: use the 'watch' parameter with a list operation instead.", + "description": "watch individual changes to a list of NetworkPolicy. deprecated: use the 'watch' parameter with a list operation instead.", "consumes": [ "*/*" ], @@ -40889,7 +42461,7 @@ "tags": [ "coreApinetIroncoreDev_v1alpha1" ], - "operationId": "watchCoreApinetIroncoreDevV1alpha1NamespacedNATGatewayList", + "operationId": "watchCoreApinetIroncoreDevV1alpha1NamespacedNetworkPolicyList", "responses": { "200": { "description": "OK", @@ -40904,7 +42476,7 @@ "x-kubernetes-action": "watchlist", "x-kubernetes-group-version-kind": { "group": "core.apinet.ironcore.dev", - "kind": "NATGateway", + "kind": "NetworkPolicy", "version": "v1alpha1" } }, @@ -40947,9 +42519,9 @@ } ] }, - "/apis/core.apinet.ironcore.dev/v1alpha1/watch/namespaces/{namespace}/natgateways/{name}": { + "/apis/core.apinet.ironcore.dev/v1alpha1/watch/namespaces/{namespace}/networkpolicies/{name}": { "get": { - "description": "watch changes to an object of kind NATGateway. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.", + "description": "watch changes to an object of kind NetworkPolicy. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.", "consumes": [ "*/*" ], @@ -40964,7 +42536,7 @@ "tags": [ "coreApinetIroncoreDev_v1alpha1" ], - "operationId": "watchCoreApinetIroncoreDevV1alpha1NamespacedNATGateway", + "operationId": "watchCoreApinetIroncoreDevV1alpha1NamespacedNetworkPolicy", "responses": { "200": { "description": "OK", @@ -40979,7 +42551,7 @@ "x-kubernetes-action": "watch", "x-kubernetes-group-version-kind": { "group": "core.apinet.ironcore.dev", - "kind": "NATGateway", + "kind": "NetworkPolicy", "version": "v1alpha1" } }, @@ -41002,7 +42574,7 @@ { "uniqueItems": true, "type": "string", - "description": "name of the NATGateway", + "description": "name of the NetworkPolicy", "name": "name", "in": "path", "required": true @@ -41030,9 +42602,9 @@ } ] }, - "/apis/core.apinet.ironcore.dev/v1alpha1/watch/namespaces/{namespace}/nattables": { + "/apis/core.apinet.ironcore.dev/v1alpha1/watch/namespaces/{namespace}/networkpolicyrules": { "get": { - "description": "watch individual changes to a list of NATTable. deprecated: use the 'watch' parameter with a list operation instead.", + "description": "watch individual changes to a list of NetworkPolicyRule. deprecated: use the 'watch' parameter with a list operation instead.", "consumes": [ "*/*" ], @@ -41047,7 +42619,7 @@ "tags": [ "coreApinetIroncoreDev_v1alpha1" ], - "operationId": "watchCoreApinetIroncoreDevV1alpha1NamespacedNATTableList", + "operationId": "watchCoreApinetIroncoreDevV1alpha1NamespacedNetworkPolicyRuleList", "responses": { "200": { "description": "OK", @@ -41062,7 +42634,7 @@ "x-kubernetes-action": "watchlist", "x-kubernetes-group-version-kind": { "group": "core.apinet.ironcore.dev", - "kind": "NATTable", + "kind": "NetworkPolicyRule", "version": "v1alpha1" } }, @@ -41105,9 +42677,9 @@ } ] }, - "/apis/core.apinet.ironcore.dev/v1alpha1/watch/namespaces/{namespace}/nattables/{name}": { + "/apis/core.apinet.ironcore.dev/v1alpha1/watch/namespaces/{namespace}/networkpolicyrules/{name}": { "get": { - "description": "watch changes to an object of kind NATTable. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.", + "description": "watch changes to an object of kind NetworkPolicyRule. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.", "consumes": [ "*/*" ], @@ -41122,7 +42694,7 @@ "tags": [ "coreApinetIroncoreDev_v1alpha1" ], - "operationId": "watchCoreApinetIroncoreDevV1alpha1NamespacedNATTable", + "operationId": "watchCoreApinetIroncoreDevV1alpha1NamespacedNetworkPolicyRule", "responses": { "200": { "description": "OK", @@ -41137,7 +42709,7 @@ "x-kubernetes-action": "watch", "x-kubernetes-group-version-kind": { "group": "core.apinet.ironcore.dev", - "kind": "NATTable", + "kind": "NetworkPolicyRule", "version": "v1alpha1" } }, @@ -41160,7 +42732,7 @@ { "uniqueItems": true, "type": "string", - "description": "name of the NATTable", + "description": "name of the NetworkPolicyRule", "name": "name", "in": "path", "required": true @@ -41188,9 +42760,9 @@ } ] }, - "/apis/core.apinet.ironcore.dev/v1alpha1/watch/namespaces/{namespace}/networkinterfaces": { + "/apis/core.apinet.ironcore.dev/v1alpha1/watch/namespaces/{namespace}/networks": { "get": { - "description": "watch individual changes to a list of NetworkInterface. deprecated: use the 'watch' parameter with a list operation instead.", + "description": "watch individual changes to a list of Network. deprecated: use the 'watch' parameter with a list operation instead.", "consumes": [ "*/*" ], @@ -41205,7 +42777,7 @@ "tags": [ "coreApinetIroncoreDev_v1alpha1" ], - "operationId": "watchCoreApinetIroncoreDevV1alpha1NamespacedNetworkInterfaceList", + "operationId": "watchCoreApinetIroncoreDevV1alpha1NamespacedNetworkList", "responses": { "200": { "description": "OK", @@ -41220,7 +42792,7 @@ "x-kubernetes-action": "watchlist", "x-kubernetes-group-version-kind": { "group": "core.apinet.ironcore.dev", - "kind": "NetworkInterface", + "kind": "Network", "version": "v1alpha1" } }, @@ -41263,9 +42835,9 @@ } ] }, - "/apis/core.apinet.ironcore.dev/v1alpha1/watch/namespaces/{namespace}/networkinterfaces/{name}": { + "/apis/core.apinet.ironcore.dev/v1alpha1/watch/namespaces/{namespace}/networks/{name}": { "get": { - "description": "watch changes to an object of kind NetworkInterface. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.", + "description": "watch changes to an object of kind Network. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.", "consumes": [ "*/*" ], @@ -41280,7 +42852,7 @@ "tags": [ "coreApinetIroncoreDev_v1alpha1" ], - "operationId": "watchCoreApinetIroncoreDevV1alpha1NamespacedNetworkInterface", + "operationId": "watchCoreApinetIroncoreDevV1alpha1NamespacedNetwork", "responses": { "200": { "description": "OK", @@ -41295,7 +42867,7 @@ "x-kubernetes-action": "watch", "x-kubernetes-group-version-kind": { "group": "core.apinet.ironcore.dev", - "kind": "NetworkInterface", + "kind": "Network", "version": "v1alpha1" } }, @@ -41318,7 +42890,7 @@ { "uniqueItems": true, "type": "string", - "description": "name of the NetworkInterface", + "description": "name of the Network", "name": "name", "in": "path", "required": true @@ -41346,9 +42918,9 @@ } ] }, - "/apis/core.apinet.ironcore.dev/v1alpha1/watch/namespaces/{namespace}/networks": { + "/apis/core.apinet.ironcore.dev/v1alpha1/watch/natgatewayautoscalers": { "get": { - "description": "watch individual changes to a list of Network. deprecated: use the 'watch' parameter with a list operation instead.", + "description": "watch individual changes to a list of NATGatewayAutoscaler. deprecated: use the 'watch' parameter with a list operation instead.", "consumes": [ "*/*" ], @@ -41363,7 +42935,7 @@ "tags": [ "coreApinetIroncoreDev_v1alpha1" ], - "operationId": "watchCoreApinetIroncoreDevV1alpha1NamespacedNetworkList", + "operationId": "watchCoreApinetIroncoreDevV1alpha1NATGatewayAutoscalerListForAllNamespaces", "responses": { "200": { "description": "OK", @@ -41378,7 +42950,7 @@ "x-kubernetes-action": "watchlist", "x-kubernetes-group-version-kind": { "group": "core.apinet.ironcore.dev", - "kind": "Network", + "kind": "NATGatewayAutoscaler", "version": "v1alpha1" } }, @@ -41398,9 +42970,6 @@ { "$ref": "#/parameters/limit-1NfNmdNH" }, - { - "$ref": "#/parameters/namespace-vgWSWtn3" - }, { "$ref": "#/parameters/pretty-tJGM1-ng" }, @@ -41421,9 +42990,9 @@ } ] }, - "/apis/core.apinet.ironcore.dev/v1alpha1/watch/namespaces/{namespace}/networks/{name}": { + "/apis/core.apinet.ironcore.dev/v1alpha1/watch/natgateways": { "get": { - "description": "watch changes to an object of kind Network. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.", + "description": "watch individual changes to a list of NATGateway. deprecated: use the 'watch' parameter with a list operation instead.", "consumes": [ "*/*" ], @@ -41438,7 +43007,7 @@ "tags": [ "coreApinetIroncoreDev_v1alpha1" ], - "operationId": "watchCoreApinetIroncoreDevV1alpha1NamespacedNetwork", + "operationId": "watchCoreApinetIroncoreDevV1alpha1NATGatewayListForAllNamespaces", "responses": { "200": { "description": "OK", @@ -41450,10 +43019,10 @@ "description": "Unauthorized" } }, - "x-kubernetes-action": "watch", + "x-kubernetes-action": "watchlist", "x-kubernetes-group-version-kind": { "group": "core.apinet.ironcore.dev", - "kind": "Network", + "kind": "NATGateway", "version": "v1alpha1" } }, @@ -41473,17 +43042,6 @@ { "$ref": "#/parameters/limit-1NfNmdNH" }, - { - "uniqueItems": true, - "type": "string", - "description": "name of the Network", - "name": "name", - "in": "path", - "required": true - }, - { - "$ref": "#/parameters/namespace-vgWSWtn3" - }, { "$ref": "#/parameters/pretty-tJGM1-ng" }, @@ -41504,9 +43062,9 @@ } ] }, - "/apis/core.apinet.ironcore.dev/v1alpha1/watch/natgatewayautoscalers": { + "/apis/core.apinet.ironcore.dev/v1alpha1/watch/nattables": { "get": { - "description": "watch individual changes to a list of NATGatewayAutoscaler. deprecated: use the 'watch' parameter with a list operation instead.", + "description": "watch individual changes to a list of NATTable. deprecated: use the 'watch' parameter with a list operation instead.", "consumes": [ "*/*" ], @@ -41521,7 +43079,7 @@ "tags": [ "coreApinetIroncoreDev_v1alpha1" ], - "operationId": "watchCoreApinetIroncoreDevV1alpha1NATGatewayAutoscalerListForAllNamespaces", + "operationId": "watchCoreApinetIroncoreDevV1alpha1NATTableListForAllNamespaces", "responses": { "200": { "description": "OK", @@ -41536,7 +43094,7 @@ "x-kubernetes-action": "watchlist", "x-kubernetes-group-version-kind": { "group": "core.apinet.ironcore.dev", - "kind": "NATGatewayAutoscaler", + "kind": "NATTable", "version": "v1alpha1" } }, @@ -41576,9 +43134,9 @@ } ] }, - "/apis/core.apinet.ironcore.dev/v1alpha1/watch/natgateways": { + "/apis/core.apinet.ironcore.dev/v1alpha1/watch/networkids": { "get": { - "description": "watch individual changes to a list of NATGateway. deprecated: use the 'watch' parameter with a list operation instead.", + "description": "watch individual changes to a list of NetworkID. deprecated: use the 'watch' parameter with a list operation instead.", "consumes": [ "*/*" ], @@ -41593,7 +43151,7 @@ "tags": [ "coreApinetIroncoreDev_v1alpha1" ], - "operationId": "watchCoreApinetIroncoreDevV1alpha1NATGatewayListForAllNamespaces", + "operationId": "watchCoreApinetIroncoreDevV1alpha1NetworkIDList", "responses": { "200": { "description": "OK", @@ -41608,7 +43166,7 @@ "x-kubernetes-action": "watchlist", "x-kubernetes-group-version-kind": { "group": "core.apinet.ironcore.dev", - "kind": "NATGateway", + "kind": "NetworkID", "version": "v1alpha1" } }, @@ -41648,9 +43206,9 @@ } ] }, - "/apis/core.apinet.ironcore.dev/v1alpha1/watch/nattables": { + "/apis/core.apinet.ironcore.dev/v1alpha1/watch/networkids/{name}": { "get": { - "description": "watch individual changes to a list of NATTable. deprecated: use the 'watch' parameter with a list operation instead.", + "description": "watch changes to an object of kind NetworkID. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.", "consumes": [ "*/*" ], @@ -41665,7 +43223,7 @@ "tags": [ "coreApinetIroncoreDev_v1alpha1" ], - "operationId": "watchCoreApinetIroncoreDevV1alpha1NATTableListForAllNamespaces", + "operationId": "watchCoreApinetIroncoreDevV1alpha1NetworkID", "responses": { "200": { "description": "OK", @@ -41677,10 +43235,10 @@ "description": "Unauthorized" } }, - "x-kubernetes-action": "watchlist", + "x-kubernetes-action": "watch", "x-kubernetes-group-version-kind": { "group": "core.apinet.ironcore.dev", - "kind": "NATTable", + "kind": "NetworkID", "version": "v1alpha1" } }, @@ -41700,6 +43258,14 @@ { "$ref": "#/parameters/limit-1NfNmdNH" }, + { + "uniqueItems": true, + "type": "string", + "description": "name of the NetworkID", + "name": "name", + "in": "path", + "required": true + }, { "$ref": "#/parameters/pretty-tJGM1-ng" }, @@ -41720,9 +43286,9 @@ } ] }, - "/apis/core.apinet.ironcore.dev/v1alpha1/watch/networkids": { + "/apis/core.apinet.ironcore.dev/v1alpha1/watch/networkinterfaces": { "get": { - "description": "watch individual changes to a list of NetworkID. deprecated: use the 'watch' parameter with a list operation instead.", + "description": "watch individual changes to a list of NetworkInterface. deprecated: use the 'watch' parameter with a list operation instead.", "consumes": [ "*/*" ], @@ -41737,7 +43303,7 @@ "tags": [ "coreApinetIroncoreDev_v1alpha1" ], - "operationId": "watchCoreApinetIroncoreDevV1alpha1NetworkIDList", + "operationId": "watchCoreApinetIroncoreDevV1alpha1NetworkInterfaceListForAllNamespaces", "responses": { "200": { "description": "OK", @@ -41752,7 +43318,7 @@ "x-kubernetes-action": "watchlist", "x-kubernetes-group-version-kind": { "group": "core.apinet.ironcore.dev", - "kind": "NetworkID", + "kind": "NetworkInterface", "version": "v1alpha1" } }, @@ -41792,9 +43358,9 @@ } ] }, - "/apis/core.apinet.ironcore.dev/v1alpha1/watch/networkids/{name}": { + "/apis/core.apinet.ironcore.dev/v1alpha1/watch/networkpolicies": { "get": { - "description": "watch changes to an object of kind NetworkID. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.", + "description": "watch individual changes to a list of NetworkPolicy. deprecated: use the 'watch' parameter with a list operation instead.", "consumes": [ "*/*" ], @@ -41809,7 +43375,7 @@ "tags": [ "coreApinetIroncoreDev_v1alpha1" ], - "operationId": "watchCoreApinetIroncoreDevV1alpha1NetworkID", + "operationId": "watchCoreApinetIroncoreDevV1alpha1NetworkPolicyListForAllNamespaces", "responses": { "200": { "description": "OK", @@ -41821,10 +43387,10 @@ "description": "Unauthorized" } }, - "x-kubernetes-action": "watch", + "x-kubernetes-action": "watchlist", "x-kubernetes-group-version-kind": { "group": "core.apinet.ironcore.dev", - "kind": "NetworkID", + "kind": "NetworkPolicy", "version": "v1alpha1" } }, @@ -41844,14 +43410,6 @@ { "$ref": "#/parameters/limit-1NfNmdNH" }, - { - "uniqueItems": true, - "type": "string", - "description": "name of the NetworkID", - "name": "name", - "in": "path", - "required": true - }, { "$ref": "#/parameters/pretty-tJGM1-ng" }, @@ -41872,9 +43430,9 @@ } ] }, - "/apis/core.apinet.ironcore.dev/v1alpha1/watch/networkinterfaces": { + "/apis/core.apinet.ironcore.dev/v1alpha1/watch/networkpolicyrules": { "get": { - "description": "watch individual changes to a list of NetworkInterface. deprecated: use the 'watch' parameter with a list operation instead.", + "description": "watch individual changes to a list of NetworkPolicyRule. deprecated: use the 'watch' parameter with a list operation instead.", "consumes": [ "*/*" ], @@ -41889,7 +43447,7 @@ "tags": [ "coreApinetIroncoreDev_v1alpha1" ], - "operationId": "watchCoreApinetIroncoreDevV1alpha1NetworkInterfaceListForAllNamespaces", + "operationId": "watchCoreApinetIroncoreDevV1alpha1NetworkPolicyRuleListForAllNamespaces", "responses": { "200": { "description": "OK", @@ -41904,7 +43462,7 @@ "x-kubernetes-action": "watchlist", "x-kubernetes-group-version-kind": { "group": "core.apinet.ironcore.dev", - "kind": "NetworkInterface", + "kind": "NetworkPolicyRule", "version": "v1alpha1" } }, @@ -59039,6 +60597,26 @@ } } }, + "com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.IPBlock": { + "description": "IPBlock specifies an ip block with optional exceptions.", + "type": "object", + "required": [ + "cidr" + ], + "properties": { + "cidr": { + "description": "CIDR is a string representing the ip block.", + "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.apimachinery.api.net.IPPrefix" + }, + "except": { + "description": "Except is a slice of CIDRs that should not be included within the specified CIDR. Values will be rejected if they are outside CIDR.", + "type": "array", + "items": { + "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.apimachinery.api.net.IPPrefix" + } + } + } + }, "com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.IPClaimRef": { "type": "object", "properties": { @@ -59557,6 +61135,25 @@ } } }, + "com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.LocalUIDReference": { + "description": "LocalUIDReference is a reference to another entity including its UID", + "type": "object", + "required": [ + "name", + "uid" + ], + "properties": { + "name": { + "description": "Name is the name of the referenced entity.", + "type": "string" + }, + "uid": { + "description": "UID is the UID of the referenced entity.", + "type": "string" + } + }, + "x-kubernetes-map-type": "atomic" + }, "com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NATGateway": { "description": "NATGateway is the schema for the natgateways API.", "type": "object", @@ -59866,18 +61463,128 @@ "description": "Name is the name of the target.", "type": "string" }, - "nodeRef": { - "description": "NodeRef references the node the destination network interface is on.", - "$ref": "#/definitions/io.k8s.api.core.v1.LocalObjectReference" + "nodeRef": { + "description": "NodeRef references the node the destination network interface is on.", + "$ref": "#/definitions/io.k8s.api.core.v1.LocalObjectReference" + }, + "uid": { + "description": "UID is the UID of the target.", + "type": "string" + } + } + }, + "com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NATTableList": { + "description": "NATTableList contains a list of NATTable.", + "type": "object", + "required": [ + "items" + ], + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "type": "array", + "items": { + "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NATTable" + } + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + }, + "x-kubernetes-group-version-kind": [ + { + "group": "core.apinet.ironcore.dev", + "kind": "NATTableList", + "version": "v1alpha1" + } + ] + }, + "com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Network": { + "description": "Network is the schema for the networks API.", + "type": "object", + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + }, + "spec": { + "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkSpec" + }, + "status": { + "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkStatus" + } + }, + "x-kubernetes-group-version-kind": [ + { + "group": "core.apinet.ironcore.dev", + "kind": "Network", + "version": "v1alpha1" + } + ] + }, + "com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkID": { + "description": "NetworkID is the schema for the networkids API.", + "type": "object", + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + }, + "spec": { + "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkIDSpec" + } + }, + "x-kubernetes-group-version-kind": [ + { + "group": "core.apinet.ironcore.dev", + "kind": "NetworkID", + "version": "v1alpha1" + } + ] + }, + "com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkIDClaimRef": { + "type": "object", + "properties": { + "group": { + "type": "string" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "resource": { + "type": "string" }, "uid": { - "description": "UID is the UID of the target.", "type": "string" } } }, - "com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NATTableList": { - "description": "NATTableList contains a list of NATTable.", + "com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkIDList": { + "description": "NetworkIDList contains a list of NetworkID.", "type": "object", "required": [ "items" @@ -59890,7 +61597,7 @@ "items": { "type": "array", "items": { - "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NATTable" + "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkID" } }, "kind": { @@ -59904,13 +61611,24 @@ "x-kubernetes-group-version-kind": [ { "group": "core.apinet.ironcore.dev", - "kind": "NATTableList", + "kind": "NetworkIDList", "version": "v1alpha1" } ] }, - "com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Network": { - "description": "Network is the schema for the networks API.", + "com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkIDSpec": { + "type": "object", + "required": [ + "claimRef" + ], + "properties": { + "claimRef": { + "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkIDClaimRef" + } + } + }, + "com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkInterface": { + "description": "NetworkInterface is the schema for the networkinterfaces API.", "type": "object", "properties": { "apiVersion": { @@ -59925,69 +61643,195 @@ "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" }, "spec": { - "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkSpec" + "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkInterfaceSpec" }, "status": { - "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkStatus" + "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkInterfaceStatus" } }, "x-kubernetes-group-version-kind": [ { "group": "core.apinet.ironcore.dev", - "kind": "Network", + "kind": "NetworkInterface", "version": "v1alpha1" } ] }, - "com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkID": { - "description": "NetworkID is the schema for the networkids API.", + "com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkInterfaceList": { + "description": "NetworkInterfaceList contains a list of NetworkInterface.", "type": "object", + "required": [ + "items" + ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, + "items": { + "type": "array", + "items": { + "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkInterface" + } + }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - }, - "spec": { - "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkIDSpec" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } }, "x-kubernetes-group-version-kind": [ { "group": "core.apinet.ironcore.dev", - "kind": "NetworkID", + "kind": "NetworkInterfaceList", "version": "v1alpha1" } ] }, - "com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkIDClaimRef": { + "com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkInterfaceNAT": { "type": "object", + "required": [ + "ipFamily", + "claimRef" + ], "properties": { - "group": { - "type": "string" + "claimRef": { + "description": "ClaimRef references the NAT claim handling the network interface's NAT.", + "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkInterfaceNATClaimRef" }, + "ipFamily": { + "description": "IPFamily is the IP family of the handling NAT gateway.\n\nPossible enum values:\n - `\"\"` indicates that this IP is unknown protocol\n - `\"IPv4\"` indicates that this IP is IPv4 protocol\n - `\"IPv6\"` indicates that this IP is IPv6 protocol", + "type": "string", + "enum": [ + "", + "IPv4", + "IPv6" + ] + } + } + }, + "com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkInterfaceNATClaimRef": { + "type": "object", + "required": [ + "name", + "uid" + ], + "properties": { "name": { + "description": "Name is the name of the claiming NAT gateway.", "type": "string" }, - "namespace": { + "uid": { + "description": "UID is the uid of the claiming NAT gateway.", "type": "string" + } + } + }, + "com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkInterfacePublicIP": { + "type": "object", + "required": [ + "name" + ], + "properties": { + "ip": { + "description": "IP specifies a specific IP to allocate. If empty, a random ephemeral IP will be allocated.", + "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.apimachinery.api.net.IP" }, - "resource": { + "ipFamily": { + "description": "IPFamily is the IP family of the IP. Has to match IP if specified. If unspecified and IP is specified, will be defaulted by using the IP family of IP. If only IPFamily is specified, a random IP of that family will be allocated if possible.\n\nPossible enum values:\n - `\"\"` indicates that this IP is unknown protocol\n - `\"IPv4\"` indicates that this IP is IPv4 protocol\n - `\"IPv6\"` indicates that this IP is IPv6 protocol", + "type": "string", + "enum": [ + "", + "IPv4", + "IPv6" + ] + }, + "name": { + "description": "Name is the semantic name of the network interface public IP.", "type": "string" + } + } + }, + "com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkInterfaceSpec": { + "type": "object", + "required": [ + "nodeRef", + "networkRef" + ], + "properties": { + "ips": { + "description": "IPs are the internal IPs of the network interface.", + "type": "array", + "items": { + "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.apimachinery.api.net.IP" + } }, - "uid": { + "natGateways": { + "description": "NATs specify the NAT of the network interface IP family. Can only be set if there is no matching IP family in PublicIPs.", + "type": "array", + "items": { + "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkInterfaceNAT" + } + }, + "networkRef": { + "description": "NetworkRef references the network that the network interface is in.", + "$ref": "#/definitions/io.k8s.api.core.v1.LocalObjectReference" + }, + "nodeRef": { + "description": "NodeRef is the node the network interface is hosted on.", + "$ref": "#/definitions/io.k8s.api.core.v1.LocalObjectReference" + }, + "prefixes": { + "description": "Prefixes are additional prefixes to route to the network interface.", + "type": "array", + "items": { + "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.apimachinery.api.net.IPPrefix" + } + }, + "publicIPs": { + "description": "PublicIPs are the public IPs the network interface should have.", + "type": "array", + "items": { + "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkInterfacePublicIP" + }, + "x-kubernetes-patch-merge-key": "name", + "x-kubernetes-patch-strategy": "merge,retainKeys" + } + } + }, + "com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkInterfaceStatus": { + "type": "object", + "properties": { + "natIPs": { + "type": "array", + "items": { + "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.apimachinery.api.net.IP" + } + }, + "pciAddress": { + "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.PCIAddress" + }, + "prefixes": { + "type": "array", + "items": { + "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.apimachinery.api.net.IPPrefix" + } + }, + "publicIPs": { + "type": "array", + "items": { + "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.apimachinery.api.net.IP" + } + }, + "state": { "type": "string" } } }, - "com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkIDList": { - "description": "NetworkIDList contains a list of NetworkID.", + "com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkList": { + "description": "NetworkList contains a list of Network.", "type": "object", "required": [ "items" @@ -60000,7 +61844,7 @@ "items": { "type": "array", "items": { - "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkID" + "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Network" } }, "kind": { @@ -60014,24 +61858,49 @@ "x-kubernetes-group-version-kind": [ { "group": "core.apinet.ironcore.dev", - "kind": "NetworkIDList", + "kind": "NetworkList", "version": "v1alpha1" } ] }, - "com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkIDSpec": { + "com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkPeering": { + "description": "NetworkPeering defines a network peering with another network.", "type": "object", "required": [ - "claimRef" + "name", + "id" ], "properties": { - "claimRef": { - "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkIDClaimRef" + "id": { + "description": "ID is the ID of the network to peer with.", + "type": "string" + }, + "name": { + "description": "Name is the semantical name of the network peering.", + "type": "string" } } }, - "com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkInterface": { - "description": "NetworkInterface is the schema for the networkinterfaces API.", + "com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkPeeringStatus": { + "description": "NetworkPeeringStatus is the status of a network peering.", + "type": "object", + "required": [ + "id" + ], + "properties": { + "id": { + "description": "ID is the ID of network", + "type": "integer", + "format": "int32" + }, + "state": { + "description": "State represents the network peering state", + "type": "string" + } + } + }, + "com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkPolicy": { + "description": "NetworkPolicy is the Schema for the networkpolicies API.", "type": "object", "properties": { "apiVersion": { @@ -60046,22 +61915,59 @@ "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" }, "spec": { - "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkInterfaceSpec" - }, - "status": { - "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkInterfaceStatus" + "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkPolicySpec" } }, "x-kubernetes-group-version-kind": [ { "group": "core.apinet.ironcore.dev", - "kind": "NetworkInterface", + "kind": "NetworkPolicy", "version": "v1alpha1" } ] }, - "com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkInterfaceList": { - "description": "NetworkInterfaceList contains a list of NetworkInterface.", + "com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkPolicyEgressRule": { + "description": "NetworkPolicyEgressRule describes a rule to regulate egress traffic with.", + "type": "object", + "properties": { + "ports": { + "description": "Ports specifies the list of destination ports that can be called with this rule. Each item in this list is combined using a logical OR. Empty matches all ports. As soon as a single item is present, only these ports are allowed.", + "type": "array", + "items": { + "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkPolicyPort" + } + }, + "to": { + "description": "To specifies the list of destinations which the selected network interfaces should be able to send traffic to. Fields are combined using a logical OR. Empty matches all destinations. As soon as a single item is present, only these peers are allowed.", + "type": "array", + "items": { + "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkPolicyPeer" + } + } + } + }, + "com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkPolicyIngressRule": { + "description": "NetworkPolicyIngressRule describes a rule to regulate ingress traffic with.", + "type": "object", + "properties": { + "from": { + "description": "From specifies the list of sources which should be able to send traffic to the selected network interfaces. Fields are combined using a logical OR. Empty matches all sources. As soon as a single item is present, only these peers are allowed.", + "type": "array", + "items": { + "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkPolicyPeer" + } + }, + "ports": { + "description": "Ports specifies the list of ports which should be made accessible for this rule. Each item in this list is combined using a logical OR. Empty matches all ports. As soon as a single item is present, only these ports are allowed.", + "type": "array", + "items": { + "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkPolicyPort" + } + } + } + }, + "com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkPolicyList": { + "description": "NetworkPolicyList contains a list of NetworkPolicy.", "type": "object", "required": [ "items" @@ -60074,7 +61980,7 @@ "items": { "type": "array", "items": { - "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkInterface" + "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkPolicy" } }, "kind": { @@ -60088,153 +61994,109 @@ "x-kubernetes-group-version-kind": [ { "group": "core.apinet.ironcore.dev", - "kind": "NetworkInterfaceList", + "kind": "NetworkPolicyList", "version": "v1alpha1" } ] }, - "com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkInterfaceNAT": { + "com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkPolicyPeer": { + "description": "NetworkPolicyPeer describes a peer to allow traffic to / from.", "type": "object", - "required": [ - "ipFamily", - "claimRef" - ], "properties": { - "claimRef": { - "description": "ClaimRef references the NAT claim handling the network interface's NAT.", - "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkInterfaceNATClaimRef" + "ipBlock": { + "description": "IPBlock specifies the ip block from or to which network traffic may come.", + "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.IPBlock" }, - "ipFamily": { - "description": "IPFamily is the IP family of the handling NAT gateway.\n\nPossible enum values:\n - `\"\"` indicates that this IP is unknown protocol\n - `\"IPv4\"` indicates that this IP is IPv4 protocol\n - `\"IPv6\"` indicates that this IP is IPv6 protocol", - "type": "string", - "enum": [ - "", - "IPv4", - "IPv6" - ] + "objectSelector": { + "description": "ObjectSelector selects peers with the given kind matching the label selector. Exclusive with other peer specifiers.", + "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.ObjectSelector" } } }, - "com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkInterfaceNATClaimRef": { + "com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkPolicyPort": { + "description": "NetworkPolicyPort describes a port to allow traffic on", "type": "object", - "required": [ - "name", - "uid" - ], "properties": { - "name": { - "description": "Name is the name of the claiming NAT gateway.", - "type": "string" + "endPort": { + "description": "EndPort indicates that the range of ports from Port to EndPort, inclusive, should be allowed by the policy. This field cannot be defined if the port field is not defined. The endPort must be equal or greater than port.", + "type": "integer", + "format": "int32" }, - "uid": { - "description": "UID is the uid of the claiming NAT gateway.", - "type": "string" - } - } - }, - "com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkInterfacePublicIP": { - "type": "object", - "required": [ - "name" - ], - "properties": { - "ip": { - "description": "IP specifies a specific IP to allocate. If empty, a random ephemeral IP will be allocated.", - "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.apimachinery.api.net.IP" + "port": { + "description": "The port on the given protocol. If this field is not provided, this matches all port names and numbers. If present, only traffic on the specified protocol AND port will be matched.", + "type": "integer", + "format": "int32" }, - "ipFamily": { - "description": "IPFamily is the IP family of the IP. Has to match IP if specified. If unspecified and IP is specified, will be defaulted by using the IP family of IP. If only IPFamily is specified, a random IP of that family will be allocated if possible.\n\nPossible enum values:\n - `\"\"` indicates that this IP is unknown protocol\n - `\"IPv4\"` indicates that this IP is IPv4 protocol\n - `\"IPv6\"` indicates that this IP is IPv6 protocol", + "protocol": { + "description": "Protocol (TCP, UDP, or SCTP) which traffic must match. If not specified, this field defaults to TCP.\n\nPossible enum values:\n - `\"SCTP\"` is the SCTP protocol.\n - `\"TCP\"` is the TCP protocol.\n - `\"UDP\"` is the UDP protocol.", "type": "string", "enum": [ - "", - "IPv4", - "IPv6" + "SCTP", + "TCP", + "UDP" ] - }, - "name": { - "description": "Name is the semantic name of the network interface public IP.", - "type": "string" } } }, - "com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkInterfaceSpec": { + "com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkPolicyRule": { + "description": "NetworkPolicyRule is the schema for the networkpolicyrules API.", "type": "object", "required": [ - "nodeRef", "networkRef" ], "properties": { - "ips": { - "description": "IPs are the internal IPs of the network interface.", - "type": "array", - "items": { - "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.apimachinery.api.net.IP" - } + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "natGateways": { - "description": "NATs specify the NAT of the network interface IP family. Can only be set if there is no matching IP family in PublicIPs.", + "egressRule": { + "description": "EgressRules are the egress rules.", "type": "array", "items": { - "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkInterfaceNAT" + "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Rule" } }, - "networkRef": { - "description": "NetworkRef references the network that the network interface is in.", - "$ref": "#/definitions/io.k8s.api.core.v1.LocalObjectReference" - }, - "nodeRef": { - "description": "NodeRef is the node the network interface is hosted on.", - "$ref": "#/definitions/io.k8s.api.core.v1.LocalObjectReference" - }, - "prefixes": { - "description": "Prefixes are additional prefixes to route to the network interface.", + "ingressRule": { + "description": "IngressRules are the ingress rules.", "type": "array", "items": { - "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.apimachinery.api.net.IPPrefix" + "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Rule" } }, - "publicIPs": { - "description": "PublicIPs are the public IPs the network interface should have.", - "type": "array", - "items": { - "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkInterfacePublicIP" - }, - "x-kubernetes-patch-merge-key": "name", - "x-kubernetes-patch-strategy": "merge,retainKeys" - } - } - }, - "com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkInterfaceStatus": { - "type": "object", - "properties": { - "natIPs": { - "type": "array", - "items": { - "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.apimachinery.api.net.IP" - } + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" }, - "pciAddress": { - "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.PCIAddress" + "metadata": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" }, - "prefixes": { - "type": "array", - "items": { - "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.apimachinery.api.net.IPPrefix" - } + "networkRef": { + "description": "NetworkRef is the network the load balancer is assigned to.", + "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.LocalUIDReference" }, - "publicIPs": { + "priority": { + "description": "Priority is an optional field that specifies the order in which the policy is applied.", + "type": "integer", + "format": "int32" + }, + "targets": { + "description": "Targets are the targets of the network policy.", "type": "array", "items": { - "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.apimachinery.api.net.IP" + "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.TargetNetworkInterface" } - }, - "state": { - "type": "string" } - } + }, + "x-kubernetes-group-version-kind": [ + { + "group": "core.apinet.ironcore.dev", + "kind": "NetworkPolicyRule", + "version": "v1alpha1" + } + ] }, - "com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkList": { - "description": "NetworkList contains a list of Network.", + "com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkPolicyRuleList": { + "description": "NetworkPolicyRulesList contains a list of NetworkPolicyRule.", "type": "object", "required": [ "items" @@ -60247,7 +62109,7 @@ "items": { "type": "array", "items": { - "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Network" + "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkPolicyRule" } }, "kind": { @@ -60261,22 +62123,81 @@ "x-kubernetes-group-version-kind": [ { "group": "core.apinet.ironcore.dev", - "kind": "NetworkList", + "kind": "NetworkPolicyRuleList", "version": "v1alpha1" } ] }, + "com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkPolicySpec": { + "type": "object", + "required": [ + "networkRef", + "networkInterfaceSelector" + ], + "properties": { + "egress": { + "description": "Egress specifies rules for egress traffic.", + "type": "array", + "items": { + "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkPolicyEgressRule" + } + }, + "ingress": { + "description": "Ingress specifies rules for ingress traffic.", + "type": "array", + "items": { + "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkPolicyIngressRule" + } + }, + "networkInterfaceSelector": { + "description": "NetworkInterfaceSelector selects the network interfaces that are subject to this policy.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector" + }, + "networkRef": { + "description": "NetworkRef is the network to regulate using this policy.", + "$ref": "#/definitions/io.k8s.api.core.v1.LocalObjectReference" + }, + "policyTypes": { + "description": "PolicyTypes specifies the types of policies this network policy contains.", + "type": "array", + "items": { + "type": "string" + } + }, + "priority": { + "description": "Priority is an optional field that specifies the order in which the policy is applied. Policies with higher \"order\" are applied after those with lower order. If the order is omitted, it may be considered to be \"infinite\" - i.e. the policy will be applied last. Policies with identical order will be applied in alphanumerical order based on the Policy \"Name\".", + "type": "integer", + "format": "int32" + } + } + }, "com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkSpec": { "type": "object", "properties": { "id": { "description": "ID is the ID of the network.", "type": "string" + }, + "peerings": { + "description": "Peerings are the network peerings with this network", + "type": "array", + "items": { + "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkPeering" + } } } }, "com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkStatus": { - "type": "object" + "type": "object", + "properties": { + "peerings": { + "description": "Peerings contains the states of the network peerings for the network.", + "type": "array", + "items": { + "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkPeeringStatus" + } + } + } }, "com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Node": { "description": "Node is the schema for the nodes API.", @@ -60416,6 +62337,51 @@ "com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NodeStatus": { "type": "object" }, + "com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.ObjectIP": { + "type": "object", + "properties": { + "ipFamily": { + "description": "IPFamily is the IPFamily of the prefix. If unset but Prefix is set, this can be inferred.\n\nPossible enum values:\n - `\"\"` indicates that this IP is unknown protocol\n - `\"IPv4\"` indicates that this IP is IPv4 protocol\n - `\"IPv6\"` indicates that this IP is IPv6 protocol", + "type": "string", + "enum": [ + "", + "IPv4", + "IPv6" + ] + }, + "prefix": { + "description": "Prefix is the prefix of the IP.", + "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.apimachinery.api.net.IPPrefix" + } + } + }, + "com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.ObjectSelector": { + "description": "ObjectSelector specifies how to select objects of a certain kind.", + "type": "object", + "required": [ + "kind" + ], + "properties": { + "kind": { + "description": "Kind is the kind of object to select.", + "type": "string" + }, + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "type": "array", + "items": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelectorRequirement" + } + }, + "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object", + "additionalProperties": { + "type": "string" + } + } + } + }, "com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.PCIAddress": { "description": "PCIAddress is a PCI address.", "type": "object", @@ -60434,6 +62400,49 @@ } } }, + "com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Rule": { + "type": "object", + "properties": { + "ipBlock": { + "description": "CIDRBlock specifies the CIDR block from which network traffic may come or go.", + "type": "array", + "items": { + "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.IPBlock" + } + }, + "ips": { + "description": "ObjectIPs are the object IPs the rule applies to.", + "type": "array", + "items": { + "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.ObjectIP" + } + }, + "networkPolicyPorts": { + "description": "NetworkPolicyPorts are the protocol type and ports.", + "type": "array", + "items": { + "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkPolicyPort" + } + } + } + }, + "com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.TargetNetworkInterface": { + "description": "TargetNetworkInterface is the target of the network policy.", + "type": "object", + "required": [ + "ip" + ], + "properties": { + "ip": { + "description": "IP is the IP address of the target network interface.", + "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.apimachinery.api.net.IP" + }, + "targetRef": { + "description": "TargetRef is the target providing the destination.", + "$ref": "#/definitions/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.LocalUIDReference" + } + } + }, "com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.TopologySpreadConstraint": { "description": "TopologySpreadConstraint specifies how to spread matching instances among the given topology.", "type": "object", diff --git a/gen/v3/apis__core.apinet.ironcore.dev__v1alpha1_openapi.json b/gen/v3/apis__core.apinet.ironcore.dev__v1alpha1_openapi.json index 0a4dc1b0..b7718f51 100644 --- a/gen/v3/apis__core.apinet.ironcore.dev__v1alpha1_openapi.json +++ b/gen/v3/apis__core.apinet.ironcore.dev__v1alpha1_openapi.json @@ -9681,13 +9681,13 @@ } ] }, - "/apis/core.apinet.ironcore.dev/v1alpha1/namespaces/{namespace}/networks": { + "/apis/core.apinet.ironcore.dev/v1alpha1/namespaces/{namespace}/networkpolicies": { "get": { "tags": [ "coreApinetIroncoreDev_v1alpha1" ], - "description": "list or watch objects of kind Network", - "operationId": "listCoreApinetIroncoreDevV1alpha1NamespacedNetwork", + "description": "list or watch objects of kind NetworkPolicy", + "operationId": "listCoreApinetIroncoreDevV1alpha1NamespacedNetworkPolicy", "parameters": [ { "name": "allowWatchBookmarks", @@ -9786,17 +9786,17 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkList" + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkPolicyList" } }, "application/json;stream=watch": { "schema": { - "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkList" + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkPolicyList" } }, "application/yaml": { "schema": { - "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkList" + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkPolicyList" } } } @@ -9806,15 +9806,15 @@ "x-kubernetes-group-version-kind": { "group": "core.apinet.ironcore.dev", "version": "v1alpha1", - "kind": "Network" + "kind": "NetworkPolicy" } }, "post": { "tags": [ "coreApinetIroncoreDev_v1alpha1" ], - "description": "create a Network", - "operationId": "createCoreApinetIroncoreDevV1alpha1NamespacedNetwork", + "description": "create a NetworkPolicy", + "operationId": "createCoreApinetIroncoreDevV1alpha1NamespacedNetworkPolicy", "parameters": [ { "name": "dryRun", @@ -9848,7 +9848,7 @@ "content": { "*/*": { "schema": { - "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Network" + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkPolicy" } } }, @@ -9860,12 +9860,12 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Network" + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkPolicy" } }, "application/yaml": { "schema": { - "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Network" + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkPolicy" } } } @@ -9875,12 +9875,12 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Network" + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkPolicy" } }, "application/yaml": { "schema": { - "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Network" + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkPolicy" } } } @@ -9890,12 +9890,12 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Network" + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkPolicy" } }, "application/yaml": { "schema": { - "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Network" + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkPolicy" } } } @@ -9905,15 +9905,15 @@ "x-kubernetes-group-version-kind": { "group": "core.apinet.ironcore.dev", "version": "v1alpha1", - "kind": "Network" + "kind": "NetworkPolicy" } }, "delete": { "tags": [ "coreApinetIroncoreDev_v1alpha1" ], - "description": "delete collection of Network", - "operationId": "deleteCoreApinetIroncoreDevV1alpha1CollectionNamespacedNetwork", + "description": "delete collection of NetworkPolicy", + "operationId": "deleteCoreApinetIroncoreDevV1alpha1CollectionNamespacedNetworkPolicy", "parameters": [ { "name": "continue", @@ -10054,7 +10054,7 @@ "x-kubernetes-group-version-kind": { "group": "core.apinet.ironcore.dev", "version": "v1alpha1", - "kind": "Network" + "kind": "NetworkPolicy" } }, "parameters": [ @@ -10079,25 +10079,25 @@ } ] }, - "/apis/core.apinet.ironcore.dev/v1alpha1/namespaces/{namespace}/networks/{name}": { + "/apis/core.apinet.ironcore.dev/v1alpha1/namespaces/{namespace}/networkpolicies/{name}": { "get": { "tags": [ "coreApinetIroncoreDev_v1alpha1" ], - "description": "read the specified Network", - "operationId": "readCoreApinetIroncoreDevV1alpha1NamespacedNetwork", + "description": "read the specified NetworkPolicy", + "operationId": "readCoreApinetIroncoreDevV1alpha1NamespacedNetworkPolicy", "responses": { "200": { "description": "OK", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Network" + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkPolicy" } }, "application/yaml": { "schema": { - "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Network" + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkPolicy" } } } @@ -10107,15 +10107,15 @@ "x-kubernetes-group-version-kind": { "group": "core.apinet.ironcore.dev", "version": "v1alpha1", - "kind": "Network" + "kind": "NetworkPolicy" } }, "put": { "tags": [ "coreApinetIroncoreDev_v1alpha1" ], - "description": "replace the specified Network", - "operationId": "replaceCoreApinetIroncoreDevV1alpha1NamespacedNetwork", + "description": "replace the specified NetworkPolicy", + "operationId": "replaceCoreApinetIroncoreDevV1alpha1NamespacedNetworkPolicy", "parameters": [ { "name": "dryRun", @@ -10149,7 +10149,7 @@ "content": { "*/*": { "schema": { - "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Network" + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkPolicy" } } }, @@ -10161,12 +10161,12 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Network" + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkPolicy" } }, "application/yaml": { "schema": { - "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Network" + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkPolicy" } } } @@ -10176,12 +10176,12 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Network" + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkPolicy" } }, "application/yaml": { "schema": { - "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Network" + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkPolicy" } } } @@ -10191,15 +10191,15 @@ "x-kubernetes-group-version-kind": { "group": "core.apinet.ironcore.dev", "version": "v1alpha1", - "kind": "Network" + "kind": "NetworkPolicy" } }, "delete": { "tags": [ "coreApinetIroncoreDev_v1alpha1" ], - "description": "delete a Network", - "operationId": "deleteCoreApinetIroncoreDevV1alpha1NamespacedNetwork", + "description": "delete a NetworkPolicy", + "operationId": "deleteCoreApinetIroncoreDevV1alpha1NamespacedNetworkPolicy", "parameters": [ { "name": "dryRun", @@ -10283,15 +10283,15 @@ "x-kubernetes-group-version-kind": { "group": "core.apinet.ironcore.dev", "version": "v1alpha1", - "kind": "Network" + "kind": "NetworkPolicy" } }, "patch": { "tags": [ "coreApinetIroncoreDev_v1alpha1" ], - "description": "partially update the specified Network", - "operationId": "patchCoreApinetIroncoreDevV1alpha1NamespacedNetwork", + "description": "partially update the specified NetworkPolicy", + "operationId": "patchCoreApinetIroncoreDevV1alpha1NamespacedNetworkPolicy", "parameters": [ { "name": "dryRun", @@ -10361,12 +10361,12 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Network" + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkPolicy" } }, "application/yaml": { "schema": { - "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Network" + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkPolicy" } } } @@ -10376,12 +10376,12 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Network" + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkPolicy" } }, "application/yaml": { "schema": { - "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Network" + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkPolicy" } } } @@ -10391,14 +10391,14 @@ "x-kubernetes-group-version-kind": { "group": "core.apinet.ironcore.dev", "version": "v1alpha1", - "kind": "Network" + "kind": "NetworkPolicy" } }, "parameters": [ { "name": "name", "in": "path", - "description": "name of the Network", + "description": "name of the NetworkPolicy", "required": true, "schema": { "type": "string", @@ -10426,43 +10426,140 @@ } ] }, - "/apis/core.apinet.ironcore.dev/v1alpha1/namespaces/{namespace}/networks/{name}/status": { + "/apis/core.apinet.ironcore.dev/v1alpha1/namespaces/{namespace}/networkpolicyrules": { "get": { "tags": [ "coreApinetIroncoreDev_v1alpha1" ], - "description": "read status of the specified Network", - "operationId": "readCoreApinetIroncoreDevV1alpha1NamespacedNetworkStatus", + "description": "list or watch objects of kind NetworkPolicyRule", + "operationId": "listCoreApinetIroncoreDevV1alpha1NamespacedNetworkPolicyRule", + "parameters": [ + { + "name": "allowWatchBookmarks", + "in": "query", + "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "name": "continue", + "in": "query", + "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "name": "fieldSelector", + "in": "query", + "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "name": "labelSelector", + "in": "query", + "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "name": "limit", + "in": "query", + "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "name": "resourceVersion", + "in": "query", + "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "name": "resourceVersionMatch", + "in": "query", + "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "name": "sendInitialEvents", + "in": "query", + "description": "`sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic \"Bookmark\" event will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `\"k8s.io/initial-events-end\": \"true\"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.\n\nWhen `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan\n is interpreted as \"data at least as new as the provided `resourceVersion`\"\n and the bookmark event is send when the state is synced\n to a `resourceVersion` at least as fresh as the one provided by the ListOptions.\n If `resourceVersion` is unset, this is interpreted as \"consistent read\" and the\n bookmark event is send when the state is synced at least to the moment\n when request started being processed.\n- `resourceVersionMatch` set to any other value or unset\n Invalid error is returned.\n\nDefaults to true if `resourceVersion=\"\"` or `resourceVersion=\"0\"` (for backward compatibility reasons) and to false otherwise.", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "name": "timeoutSeconds", + "in": "query", + "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "name": "watch", + "in": "query", + "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", + "schema": { + "type": "boolean", + "uniqueItems": true + } + } + ], "responses": { "200": { "description": "OK", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Network" + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkPolicyRuleList" + } + }, + "application/json;stream=watch": { + "schema": { + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkPolicyRuleList" } }, "application/yaml": { "schema": { - "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Network" + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkPolicyRuleList" } } } } }, - "x-kubernetes-action": "get", + "x-kubernetes-action": "list", "x-kubernetes-group-version-kind": { "group": "core.apinet.ironcore.dev", "version": "v1alpha1", - "kind": "Network" + "kind": "NetworkPolicyRule" } }, - "put": { + "post": { "tags": [ "coreApinetIroncoreDev_v1alpha1" ], - "description": "replace status of the specified Network", - "operationId": "replaceCoreApinetIroncoreDevV1alpha1NamespacedNetworkStatus", + "description": "create a NetworkPolicyRule", + "operationId": "createCoreApinetIroncoreDevV1alpha1NamespacedNetworkPolicyRule", "parameters": [ { "name": "dryRun", @@ -10496,7 +10593,7 @@ "content": { "*/*": { "schema": { - "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Network" + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkPolicyRule" } } }, @@ -10508,12 +10605,12 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Network" + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkPolicyRule" } }, "application/yaml": { "schema": { - "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Network" + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkPolicyRule" } } } @@ -10523,31 +10620,55 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Network" + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkPolicyRule" } }, "application/yaml": { "schema": { - "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Network" + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkPolicyRule" + } + } + } + }, + "202": { + "description": "Accepted", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkPolicyRule" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkPolicyRule" } } } } }, - "x-kubernetes-action": "put", + "x-kubernetes-action": "post", "x-kubernetes-group-version-kind": { "group": "core.apinet.ironcore.dev", "version": "v1alpha1", - "kind": "Network" + "kind": "NetworkPolicyRule" } }, - "patch": { + "delete": { "tags": [ "coreApinetIroncoreDev_v1alpha1" ], - "description": "partially update status of the specified Network", - "operationId": "patchCoreApinetIroncoreDevV1alpha1NamespacedNetworkStatus", + "description": "delete collection of NetworkPolicyRule", + "operationId": "deleteCoreApinetIroncoreDevV1alpha1CollectionNamespacedNetworkPolicyRule", "parameters": [ + { + "name": "continue", + "in": "query", + "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", + "schema": { + "type": "string", + "uniqueItems": true + } + }, { "name": "dryRun", "in": "query", @@ -10558,108 +10679,130 @@ } }, { - "name": "fieldManager", + "name": "fieldSelector", "in": "query", - "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).", + "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", "schema": { "type": "string", "uniqueItems": true } }, { - "name": "fieldValidation", + "name": "gracePeriodSeconds", "in": "query", - "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", + "description": "The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "name": "labelSelector", + "in": "query", + "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", "schema": { "type": "string", "uniqueItems": true } }, { - "name": "force", + "name": "limit", "in": "query", - "description": "Force is going to \"force\" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.", + "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "name": "orphanDependents", + "in": "query", + "description": "Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the \"orphan\" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.", "schema": { "type": "boolean", "uniqueItems": true } - } - ], - "requestBody": { - "content": { - "application/apply-patch+yaml": { - "schema": { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" - } - }, - "application/json-patch+json": { - "schema": { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" - } - }, - "application/merge-patch+json": { - "schema": { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" - } - }, - "application/strategic-merge-patch+json": { - "schema": { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" - } + }, + { + "name": "propagationPolicy", + "in": "query", + "description": "Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.", + "schema": { + "type": "string", + "uniqueItems": true } }, - "required": true - }, - "responses": { - "200": { - "description": "OK", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Network" - } - }, - "application/yaml": { - "schema": { - "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Network" - } - } + { + "name": "resourceVersion", + "in": "query", + "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "schema": { + "type": "string", + "uniqueItems": true } }, - "201": { - "description": "Created", + { + "name": "resourceVersionMatch", + "in": "query", + "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "name": "sendInitialEvents", + "in": "query", + "description": "`sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic \"Bookmark\" event will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `\"k8s.io/initial-events-end\": \"true\"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.\n\nWhen `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan\n is interpreted as \"data at least as new as the provided `resourceVersion`\"\n and the bookmark event is send when the state is synced\n to a `resourceVersion` at least as fresh as the one provided by the ListOptions.\n If `resourceVersion` is unset, this is interpreted as \"consistent read\" and the\n bookmark event is send when the state is synced at least to the moment\n when request started being processed.\n- `resourceVersionMatch` set to any other value or unset\n Invalid error is returned.\n\nDefaults to true if `resourceVersion=\"\"` or `resourceVersion=\"0\"` (for backward compatibility reasons) and to false otherwise.", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "name": "timeoutSeconds", + "in": "query", + "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", + "schema": { + "type": "integer", + "uniqueItems": true + } + } + ], + "requestBody": { + "content": { + "*/*": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions" + } + } + } + }, + "responses": { + "200": { + "description": "OK", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Network" + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status" } }, "application/yaml": { "schema": { - "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Network" + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status" } } } } }, - "x-kubernetes-action": "patch", + "x-kubernetes-action": "deletecollection", "x-kubernetes-group-version-kind": { "group": "core.apinet.ironcore.dev", "version": "v1alpha1", - "kind": "Network" + "kind": "NetworkPolicyRule" } }, "parameters": [ - { - "name": "name", - "in": "path", - "description": "name of the Network", - "required": true, - "schema": { - "type": "string", - "uniqueItems": true - } - }, { "name": "namespace", "in": "path", @@ -10681,187 +10824,2673 @@ } ] }, - "/apis/core.apinet.ironcore.dev/v1alpha1/natgatewayautoscalers": { + "/apis/core.apinet.ironcore.dev/v1alpha1/namespaces/{namespace}/networkpolicyrules/{name}": { "get": { "tags": [ "coreApinetIroncoreDev_v1alpha1" ], - "description": "list or watch objects of kind NATGatewayAutoscaler", - "operationId": "listCoreApinetIroncoreDevV1alpha1NATGatewayAutoscalerForAllNamespaces", + "description": "read the specified NetworkPolicyRule", + "operationId": "readCoreApinetIroncoreDevV1alpha1NamespacedNetworkPolicyRule", "responses": { "200": { "description": "OK", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NATGatewayAutoscalerList" - } - }, - "application/json;stream=watch": { - "schema": { - "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NATGatewayAutoscalerList" + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkPolicyRule" } }, "application/yaml": { "schema": { - "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NATGatewayAutoscalerList" + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkPolicyRule" } } } } }, - "x-kubernetes-action": "list", + "x-kubernetes-action": "get", "x-kubernetes-group-version-kind": { "group": "core.apinet.ironcore.dev", "version": "v1alpha1", - "kind": "NATGatewayAutoscaler" + "kind": "NetworkPolicyRule" } }, - "parameters": [ - { - "name": "allowWatchBookmarks", - "in": "query", - "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", - "schema": { - "type": "boolean", - "uniqueItems": true - } - }, - { - "name": "continue", - "in": "query", - "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", - "schema": { - "type": "string", - "uniqueItems": true - } - }, - { - "name": "fieldSelector", - "in": "query", - "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", - "schema": { - "type": "string", - "uniqueItems": true - } - }, - { - "name": "labelSelector", - "in": "query", - "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", - "schema": { - "type": "string", - "uniqueItems": true - } - }, - { - "name": "limit", - "in": "query", - "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", - "schema": { - "type": "integer", - "uniqueItems": true - } - }, - { - "name": "pretty", - "in": "query", - "description": "If 'true', then the output is pretty printed. Defaults to 'false' unless the user-agent indicates a browser or command-line HTTP tool (curl and wget).", - "schema": { - "type": "string", - "uniqueItems": true - } - }, - { - "name": "resourceVersion", - "in": "query", - "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", - "schema": { - "type": "string", - "uniqueItems": true - } - }, - { - "name": "resourceVersionMatch", - "in": "query", - "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", - "schema": { - "type": "string", - "uniqueItems": true - } - }, - { - "name": "sendInitialEvents", - "in": "query", - "description": "`sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic \"Bookmark\" event will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `\"k8s.io/initial-events-end\": \"true\"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.\n\nWhen `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan\n is interpreted as \"data at least as new as the provided `resourceVersion`\"\n and the bookmark event is send when the state is synced\n to a `resourceVersion` at least as fresh as the one provided by the ListOptions.\n If `resourceVersion` is unset, this is interpreted as \"consistent read\" and the\n bookmark event is send when the state is synced at least to the moment\n when request started being processed.\n- `resourceVersionMatch` set to any other value or unset\n Invalid error is returned.\n\nDefaults to true if `resourceVersion=\"\"` or `resourceVersion=\"0\"` (for backward compatibility reasons) and to false otherwise.", - "schema": { - "type": "boolean", - "uniqueItems": true - } - }, - { - "name": "timeoutSeconds", - "in": "query", - "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", - "schema": { - "type": "integer", - "uniqueItems": true - } - }, - { - "name": "watch", - "in": "query", - "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", - "schema": { - "type": "boolean", - "uniqueItems": true - } - } - ] - }, - "/apis/core.apinet.ironcore.dev/v1alpha1/natgateways": { - "get": { + "put": { "tags": [ "coreApinetIroncoreDev_v1alpha1" ], - "description": "list or watch objects of kind NATGateway", - "operationId": "listCoreApinetIroncoreDevV1alpha1NATGatewayForAllNamespaces", + "description": "replace the specified NetworkPolicyRule", + "operationId": "replaceCoreApinetIroncoreDevV1alpha1NamespacedNetworkPolicyRule", + "parameters": [ + { + "name": "dryRun", + "in": "query", + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "name": "fieldManager", + "in": "query", + "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "name": "fieldValidation", + "in": "query", + "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", + "schema": { + "type": "string", + "uniqueItems": true + } + } + ], + "requestBody": { + "content": { + "*/*": { + "schema": { + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkPolicyRule" + } + } + }, + "required": true + }, "responses": { "200": { "description": "OK", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NATGatewayList" + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkPolicyRule" } }, - "application/json;stream=watch": { + "application/yaml": { "schema": { - "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NATGatewayList" + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkPolicyRule" + } + } + } + }, + "201": { + "description": "Created", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkPolicyRule" } }, "application/yaml": { "schema": { - "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NATGatewayList" + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkPolicyRule" } } } } }, - "x-kubernetes-action": "list", + "x-kubernetes-action": "put", "x-kubernetes-group-version-kind": { "group": "core.apinet.ironcore.dev", "version": "v1alpha1", - "kind": "NATGateway" + "kind": "NetworkPolicyRule" } }, - "parameters": [ - { - "name": "allowWatchBookmarks", - "in": "query", - "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", - "schema": { - "type": "boolean", + "delete": { + "tags": [ + "coreApinetIroncoreDev_v1alpha1" + ], + "description": "delete a NetworkPolicyRule", + "operationId": "deleteCoreApinetIroncoreDevV1alpha1NamespacedNetworkPolicyRule", + "parameters": [ + { + "name": "dryRun", + "in": "query", + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "name": "gracePeriodSeconds", + "in": "query", + "description": "The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "name": "orphanDependents", + "in": "query", + "description": "Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the \"orphan\" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "name": "propagationPolicy", + "in": "query", + "description": "Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.", + "schema": { + "type": "string", + "uniqueItems": true + } + } + ], + "requestBody": { + "content": { + "*/*": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions" + } + } + } + }, + "responses": { + "200": { + "description": "OK", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + } + } + } + }, + "202": { + "description": "Accepted", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + } + } + } + } + }, + "x-kubernetes-action": "delete", + "x-kubernetes-group-version-kind": { + "group": "core.apinet.ironcore.dev", + "version": "v1alpha1", + "kind": "NetworkPolicyRule" + } + }, + "patch": { + "tags": [ + "coreApinetIroncoreDev_v1alpha1" + ], + "description": "partially update the specified NetworkPolicyRule", + "operationId": "patchCoreApinetIroncoreDevV1alpha1NamespacedNetworkPolicyRule", + "parameters": [ + { + "name": "dryRun", + "in": "query", + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "name": "fieldManager", + "in": "query", + "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "name": "fieldValidation", + "in": "query", + "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "name": "force", + "in": "query", + "description": "Force is going to \"force\" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.", + "schema": { + "type": "boolean", + "uniqueItems": true + } + } + ], + "requestBody": { + "content": { + "application/apply-patch+yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + }, + "application/json-patch+json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + }, + "application/merge-patch+json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + }, + "application/strategic-merge-patch+json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + } + }, + "required": true + }, + "responses": { + "200": { + "description": "OK", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkPolicyRule" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkPolicyRule" + } + } + } + }, + "201": { + "description": "Created", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkPolicyRule" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkPolicyRule" + } + } + } + } + }, + "x-kubernetes-action": "patch", + "x-kubernetes-group-version-kind": { + "group": "core.apinet.ironcore.dev", + "version": "v1alpha1", + "kind": "NetworkPolicyRule" + } + }, + "parameters": [ + { + "name": "name", + "in": "path", + "description": "name of the NetworkPolicyRule", + "required": true, + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "name": "namespace", + "in": "path", + "description": "object name and auth scope, such as for teams and projects", + "required": true, + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "name": "pretty", + "in": "query", + "description": "If 'true', then the output is pretty printed. Defaults to 'false' unless the user-agent indicates a browser or command-line HTTP tool (curl and wget).", + "schema": { + "type": "string", + "uniqueItems": true + } + } + ] + }, + "/apis/core.apinet.ironcore.dev/v1alpha1/namespaces/{namespace}/networks": { + "get": { + "tags": [ + "coreApinetIroncoreDev_v1alpha1" + ], + "description": "list or watch objects of kind Network", + "operationId": "listCoreApinetIroncoreDevV1alpha1NamespacedNetwork", + "parameters": [ + { + "name": "allowWatchBookmarks", + "in": "query", + "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "name": "continue", + "in": "query", + "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "name": "fieldSelector", + "in": "query", + "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "name": "labelSelector", + "in": "query", + "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "name": "limit", + "in": "query", + "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "name": "resourceVersion", + "in": "query", + "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "name": "resourceVersionMatch", + "in": "query", + "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "name": "sendInitialEvents", + "in": "query", + "description": "`sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic \"Bookmark\" event will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `\"k8s.io/initial-events-end\": \"true\"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.\n\nWhen `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan\n is interpreted as \"data at least as new as the provided `resourceVersion`\"\n and the bookmark event is send when the state is synced\n to a `resourceVersion` at least as fresh as the one provided by the ListOptions.\n If `resourceVersion` is unset, this is interpreted as \"consistent read\" and the\n bookmark event is send when the state is synced at least to the moment\n when request started being processed.\n- `resourceVersionMatch` set to any other value or unset\n Invalid error is returned.\n\nDefaults to true if `resourceVersion=\"\"` or `resourceVersion=\"0\"` (for backward compatibility reasons) and to false otherwise.", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "name": "timeoutSeconds", + "in": "query", + "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "name": "watch", + "in": "query", + "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", + "schema": { + "type": "boolean", + "uniqueItems": true + } + } + ], + "responses": { + "200": { + "description": "OK", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkList" + } + }, + "application/json;stream=watch": { + "schema": { + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkList" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkList" + } + } + } + } + }, + "x-kubernetes-action": "list", + "x-kubernetes-group-version-kind": { + "group": "core.apinet.ironcore.dev", + "version": "v1alpha1", + "kind": "Network" + } + }, + "post": { + "tags": [ + "coreApinetIroncoreDev_v1alpha1" + ], + "description": "create a Network", + "operationId": "createCoreApinetIroncoreDevV1alpha1NamespacedNetwork", + "parameters": [ + { + "name": "dryRun", + "in": "query", + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "name": "fieldManager", + "in": "query", + "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "name": "fieldValidation", + "in": "query", + "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", + "schema": { + "type": "string", + "uniqueItems": true + } + } + ], + "requestBody": { + "content": { + "*/*": { + "schema": { + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Network" + } + } + }, + "required": true + }, + "responses": { + "200": { + "description": "OK", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Network" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Network" + } + } + } + }, + "201": { + "description": "Created", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Network" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Network" + } + } + } + }, + "202": { + "description": "Accepted", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Network" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Network" + } + } + } + } + }, + "x-kubernetes-action": "post", + "x-kubernetes-group-version-kind": { + "group": "core.apinet.ironcore.dev", + "version": "v1alpha1", + "kind": "Network" + } + }, + "delete": { + "tags": [ + "coreApinetIroncoreDev_v1alpha1" + ], + "description": "delete collection of Network", + "operationId": "deleteCoreApinetIroncoreDevV1alpha1CollectionNamespacedNetwork", + "parameters": [ + { + "name": "continue", + "in": "query", + "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "name": "dryRun", + "in": "query", + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "name": "fieldSelector", + "in": "query", + "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "name": "gracePeriodSeconds", + "in": "query", + "description": "The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "name": "labelSelector", + "in": "query", + "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "name": "limit", + "in": "query", + "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "name": "orphanDependents", + "in": "query", + "description": "Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the \"orphan\" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "name": "propagationPolicy", + "in": "query", + "description": "Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "name": "resourceVersion", + "in": "query", + "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "name": "resourceVersionMatch", + "in": "query", + "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "name": "sendInitialEvents", + "in": "query", + "description": "`sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic \"Bookmark\" event will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `\"k8s.io/initial-events-end\": \"true\"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.\n\nWhen `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan\n is interpreted as \"data at least as new as the provided `resourceVersion`\"\n and the bookmark event is send when the state is synced\n to a `resourceVersion` at least as fresh as the one provided by the ListOptions.\n If `resourceVersion` is unset, this is interpreted as \"consistent read\" and the\n bookmark event is send when the state is synced at least to the moment\n when request started being processed.\n- `resourceVersionMatch` set to any other value or unset\n Invalid error is returned.\n\nDefaults to true if `resourceVersion=\"\"` or `resourceVersion=\"0\"` (for backward compatibility reasons) and to false otherwise.", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "name": "timeoutSeconds", + "in": "query", + "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", + "schema": { + "type": "integer", + "uniqueItems": true + } + } + ], + "requestBody": { + "content": { + "*/*": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions" + } + } + } + }, + "responses": { + "200": { + "description": "OK", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + } + } + } + } + }, + "x-kubernetes-action": "deletecollection", + "x-kubernetes-group-version-kind": { + "group": "core.apinet.ironcore.dev", + "version": "v1alpha1", + "kind": "Network" + } + }, + "parameters": [ + { + "name": "namespace", + "in": "path", + "description": "object name and auth scope, such as for teams and projects", + "required": true, + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "name": "pretty", + "in": "query", + "description": "If 'true', then the output is pretty printed. Defaults to 'false' unless the user-agent indicates a browser or command-line HTTP tool (curl and wget).", + "schema": { + "type": "string", + "uniqueItems": true + } + } + ] + }, + "/apis/core.apinet.ironcore.dev/v1alpha1/namespaces/{namespace}/networks/{name}": { + "get": { + "tags": [ + "coreApinetIroncoreDev_v1alpha1" + ], + "description": "read the specified Network", + "operationId": "readCoreApinetIroncoreDevV1alpha1NamespacedNetwork", + "responses": { + "200": { + "description": "OK", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Network" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Network" + } + } + } + } + }, + "x-kubernetes-action": "get", + "x-kubernetes-group-version-kind": { + "group": "core.apinet.ironcore.dev", + "version": "v1alpha1", + "kind": "Network" + } + }, + "put": { + "tags": [ + "coreApinetIroncoreDev_v1alpha1" + ], + "description": "replace the specified Network", + "operationId": "replaceCoreApinetIroncoreDevV1alpha1NamespacedNetwork", + "parameters": [ + { + "name": "dryRun", + "in": "query", + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "name": "fieldManager", + "in": "query", + "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "name": "fieldValidation", + "in": "query", + "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", + "schema": { + "type": "string", + "uniqueItems": true + } + } + ], + "requestBody": { + "content": { + "*/*": { + "schema": { + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Network" + } + } + }, + "required": true + }, + "responses": { + "200": { + "description": "OK", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Network" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Network" + } + } + } + }, + "201": { + "description": "Created", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Network" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Network" + } + } + } + } + }, + "x-kubernetes-action": "put", + "x-kubernetes-group-version-kind": { + "group": "core.apinet.ironcore.dev", + "version": "v1alpha1", + "kind": "Network" + } + }, + "delete": { + "tags": [ + "coreApinetIroncoreDev_v1alpha1" + ], + "description": "delete a Network", + "operationId": "deleteCoreApinetIroncoreDevV1alpha1NamespacedNetwork", + "parameters": [ + { + "name": "dryRun", + "in": "query", + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "name": "gracePeriodSeconds", + "in": "query", + "description": "The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "name": "orphanDependents", + "in": "query", + "description": "Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the \"orphan\" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "name": "propagationPolicy", + "in": "query", + "description": "Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.", + "schema": { + "type": "string", + "uniqueItems": true + } + } + ], + "requestBody": { + "content": { + "*/*": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions" + } + } + } + }, + "responses": { + "200": { + "description": "OK", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + } + } + } + }, + "202": { + "description": "Accepted", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + } + } + } + } + }, + "x-kubernetes-action": "delete", + "x-kubernetes-group-version-kind": { + "group": "core.apinet.ironcore.dev", + "version": "v1alpha1", + "kind": "Network" + } + }, + "patch": { + "tags": [ + "coreApinetIroncoreDev_v1alpha1" + ], + "description": "partially update the specified Network", + "operationId": "patchCoreApinetIroncoreDevV1alpha1NamespacedNetwork", + "parameters": [ + { + "name": "dryRun", + "in": "query", + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "name": "fieldManager", + "in": "query", + "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "name": "fieldValidation", + "in": "query", + "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "name": "force", + "in": "query", + "description": "Force is going to \"force\" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.", + "schema": { + "type": "boolean", + "uniqueItems": true + } + } + ], + "requestBody": { + "content": { + "application/apply-patch+yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + }, + "application/json-patch+json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + }, + "application/merge-patch+json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + }, + "application/strategic-merge-patch+json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + } + }, + "required": true + }, + "responses": { + "200": { + "description": "OK", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Network" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Network" + } + } + } + }, + "201": { + "description": "Created", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Network" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Network" + } + } + } + } + }, + "x-kubernetes-action": "patch", + "x-kubernetes-group-version-kind": { + "group": "core.apinet.ironcore.dev", + "version": "v1alpha1", + "kind": "Network" + } + }, + "parameters": [ + { + "name": "name", + "in": "path", + "description": "name of the Network", + "required": true, + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "name": "namespace", + "in": "path", + "description": "object name and auth scope, such as for teams and projects", + "required": true, + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "name": "pretty", + "in": "query", + "description": "If 'true', then the output is pretty printed. Defaults to 'false' unless the user-agent indicates a browser or command-line HTTP tool (curl and wget).", + "schema": { + "type": "string", + "uniqueItems": true + } + } + ] + }, + "/apis/core.apinet.ironcore.dev/v1alpha1/namespaces/{namespace}/networks/{name}/status": { + "get": { + "tags": [ + "coreApinetIroncoreDev_v1alpha1" + ], + "description": "read status of the specified Network", + "operationId": "readCoreApinetIroncoreDevV1alpha1NamespacedNetworkStatus", + "responses": { + "200": { + "description": "OK", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Network" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Network" + } + } + } + } + }, + "x-kubernetes-action": "get", + "x-kubernetes-group-version-kind": { + "group": "core.apinet.ironcore.dev", + "version": "v1alpha1", + "kind": "Network" + } + }, + "put": { + "tags": [ + "coreApinetIroncoreDev_v1alpha1" + ], + "description": "replace status of the specified Network", + "operationId": "replaceCoreApinetIroncoreDevV1alpha1NamespacedNetworkStatus", + "parameters": [ + { + "name": "dryRun", + "in": "query", + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "name": "fieldManager", + "in": "query", + "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "name": "fieldValidation", + "in": "query", + "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", + "schema": { + "type": "string", + "uniqueItems": true + } + } + ], + "requestBody": { + "content": { + "*/*": { + "schema": { + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Network" + } + } + }, + "required": true + }, + "responses": { + "200": { + "description": "OK", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Network" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Network" + } + } + } + }, + "201": { + "description": "Created", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Network" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Network" + } + } + } + } + }, + "x-kubernetes-action": "put", + "x-kubernetes-group-version-kind": { + "group": "core.apinet.ironcore.dev", + "version": "v1alpha1", + "kind": "Network" + } + }, + "patch": { + "tags": [ + "coreApinetIroncoreDev_v1alpha1" + ], + "description": "partially update status of the specified Network", + "operationId": "patchCoreApinetIroncoreDevV1alpha1NamespacedNetworkStatus", + "parameters": [ + { + "name": "dryRun", + "in": "query", + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "name": "fieldManager", + "in": "query", + "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "name": "fieldValidation", + "in": "query", + "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "name": "force", + "in": "query", + "description": "Force is going to \"force\" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.", + "schema": { + "type": "boolean", + "uniqueItems": true + } + } + ], + "requestBody": { + "content": { + "application/apply-patch+yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + }, + "application/json-patch+json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + }, + "application/merge-patch+json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + }, + "application/strategic-merge-patch+json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + } + }, + "required": true + }, + "responses": { + "200": { + "description": "OK", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Network" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Network" + } + } + } + }, + "201": { + "description": "Created", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Network" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Network" + } + } + } + } + }, + "x-kubernetes-action": "patch", + "x-kubernetes-group-version-kind": { + "group": "core.apinet.ironcore.dev", + "version": "v1alpha1", + "kind": "Network" + } + }, + "parameters": [ + { + "name": "name", + "in": "path", + "description": "name of the Network", + "required": true, + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "name": "namespace", + "in": "path", + "description": "object name and auth scope, such as for teams and projects", + "required": true, + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "name": "pretty", + "in": "query", + "description": "If 'true', then the output is pretty printed. Defaults to 'false' unless the user-agent indicates a browser or command-line HTTP tool (curl and wget).", + "schema": { + "type": "string", + "uniqueItems": true + } + } + ] + }, + "/apis/core.apinet.ironcore.dev/v1alpha1/natgatewayautoscalers": { + "get": { + "tags": [ + "coreApinetIroncoreDev_v1alpha1" + ], + "description": "list or watch objects of kind NATGatewayAutoscaler", + "operationId": "listCoreApinetIroncoreDevV1alpha1NATGatewayAutoscalerForAllNamespaces", + "responses": { + "200": { + "description": "OK", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NATGatewayAutoscalerList" + } + }, + "application/json;stream=watch": { + "schema": { + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NATGatewayAutoscalerList" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NATGatewayAutoscalerList" + } + } + } + } + }, + "x-kubernetes-action": "list", + "x-kubernetes-group-version-kind": { + "group": "core.apinet.ironcore.dev", + "version": "v1alpha1", + "kind": "NATGatewayAutoscaler" + } + }, + "parameters": [ + { + "name": "allowWatchBookmarks", + "in": "query", + "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "name": "continue", + "in": "query", + "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "name": "fieldSelector", + "in": "query", + "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "name": "labelSelector", + "in": "query", + "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "name": "limit", + "in": "query", + "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "name": "pretty", + "in": "query", + "description": "If 'true', then the output is pretty printed. Defaults to 'false' unless the user-agent indicates a browser or command-line HTTP tool (curl and wget).", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "name": "resourceVersion", + "in": "query", + "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "name": "resourceVersionMatch", + "in": "query", + "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "name": "sendInitialEvents", + "in": "query", + "description": "`sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic \"Bookmark\" event will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `\"k8s.io/initial-events-end\": \"true\"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.\n\nWhen `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan\n is interpreted as \"data at least as new as the provided `resourceVersion`\"\n and the bookmark event is send when the state is synced\n to a `resourceVersion` at least as fresh as the one provided by the ListOptions.\n If `resourceVersion` is unset, this is interpreted as \"consistent read\" and the\n bookmark event is send when the state is synced at least to the moment\n when request started being processed.\n- `resourceVersionMatch` set to any other value or unset\n Invalid error is returned.\n\nDefaults to true if `resourceVersion=\"\"` or `resourceVersion=\"0\"` (for backward compatibility reasons) and to false otherwise.", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "name": "timeoutSeconds", + "in": "query", + "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "name": "watch", + "in": "query", + "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", + "schema": { + "type": "boolean", + "uniqueItems": true + } + } + ] + }, + "/apis/core.apinet.ironcore.dev/v1alpha1/natgateways": { + "get": { + "tags": [ + "coreApinetIroncoreDev_v1alpha1" + ], + "description": "list or watch objects of kind NATGateway", + "operationId": "listCoreApinetIroncoreDevV1alpha1NATGatewayForAllNamespaces", + "responses": { + "200": { + "description": "OK", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NATGatewayList" + } + }, + "application/json;stream=watch": { + "schema": { + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NATGatewayList" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NATGatewayList" + } + } + } + } + }, + "x-kubernetes-action": "list", + "x-kubernetes-group-version-kind": { + "group": "core.apinet.ironcore.dev", + "version": "v1alpha1", + "kind": "NATGateway" + } + }, + "parameters": [ + { + "name": "allowWatchBookmarks", + "in": "query", + "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "name": "continue", + "in": "query", + "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "name": "fieldSelector", + "in": "query", + "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "name": "labelSelector", + "in": "query", + "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "name": "limit", + "in": "query", + "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "name": "pretty", + "in": "query", + "description": "If 'true', then the output is pretty printed. Defaults to 'false' unless the user-agent indicates a browser or command-line HTTP tool (curl and wget).", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "name": "resourceVersion", + "in": "query", + "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "name": "resourceVersionMatch", + "in": "query", + "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "name": "sendInitialEvents", + "in": "query", + "description": "`sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic \"Bookmark\" event will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `\"k8s.io/initial-events-end\": \"true\"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.\n\nWhen `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan\n is interpreted as \"data at least as new as the provided `resourceVersion`\"\n and the bookmark event is send when the state is synced\n to a `resourceVersion` at least as fresh as the one provided by the ListOptions.\n If `resourceVersion` is unset, this is interpreted as \"consistent read\" and the\n bookmark event is send when the state is synced at least to the moment\n when request started being processed.\n- `resourceVersionMatch` set to any other value or unset\n Invalid error is returned.\n\nDefaults to true if `resourceVersion=\"\"` or `resourceVersion=\"0\"` (for backward compatibility reasons) and to false otherwise.", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "name": "timeoutSeconds", + "in": "query", + "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "name": "watch", + "in": "query", + "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", + "schema": { + "type": "boolean", + "uniqueItems": true + } + } + ] + }, + "/apis/core.apinet.ironcore.dev/v1alpha1/nattables": { + "get": { + "tags": [ + "coreApinetIroncoreDev_v1alpha1" + ], + "description": "list or watch objects of kind NATTable", + "operationId": "listCoreApinetIroncoreDevV1alpha1NATTableForAllNamespaces", + "responses": { + "200": { + "description": "OK", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NATTableList" + } + }, + "application/json;stream=watch": { + "schema": { + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NATTableList" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NATTableList" + } + } + } + } + }, + "x-kubernetes-action": "list", + "x-kubernetes-group-version-kind": { + "group": "core.apinet.ironcore.dev", + "version": "v1alpha1", + "kind": "NATTable" + } + }, + "parameters": [ + { + "name": "allowWatchBookmarks", + "in": "query", + "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "name": "continue", + "in": "query", + "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "name": "fieldSelector", + "in": "query", + "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "name": "labelSelector", + "in": "query", + "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "name": "limit", + "in": "query", + "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "name": "pretty", + "in": "query", + "description": "If 'true', then the output is pretty printed. Defaults to 'false' unless the user-agent indicates a browser or command-line HTTP tool (curl and wget).", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "name": "resourceVersion", + "in": "query", + "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "name": "resourceVersionMatch", + "in": "query", + "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "name": "sendInitialEvents", + "in": "query", + "description": "`sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic \"Bookmark\" event will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `\"k8s.io/initial-events-end\": \"true\"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.\n\nWhen `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan\n is interpreted as \"data at least as new as the provided `resourceVersion`\"\n and the bookmark event is send when the state is synced\n to a `resourceVersion` at least as fresh as the one provided by the ListOptions.\n If `resourceVersion` is unset, this is interpreted as \"consistent read\" and the\n bookmark event is send when the state is synced at least to the moment\n when request started being processed.\n- `resourceVersionMatch` set to any other value or unset\n Invalid error is returned.\n\nDefaults to true if `resourceVersion=\"\"` or `resourceVersion=\"0\"` (for backward compatibility reasons) and to false otherwise.", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "name": "timeoutSeconds", + "in": "query", + "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "name": "watch", + "in": "query", + "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", + "schema": { + "type": "boolean", + "uniqueItems": true + } + } + ] + }, + "/apis/core.apinet.ironcore.dev/v1alpha1/networkids": { + "get": { + "tags": [ + "coreApinetIroncoreDev_v1alpha1" + ], + "description": "list or watch objects of kind NetworkID", + "operationId": "listCoreApinetIroncoreDevV1alpha1NetworkID", + "parameters": [ + { + "name": "allowWatchBookmarks", + "in": "query", + "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "name": "continue", + "in": "query", + "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "name": "fieldSelector", + "in": "query", + "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "name": "labelSelector", + "in": "query", + "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "name": "limit", + "in": "query", + "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "name": "resourceVersion", + "in": "query", + "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "name": "resourceVersionMatch", + "in": "query", + "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "name": "sendInitialEvents", + "in": "query", + "description": "`sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic \"Bookmark\" event will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `\"k8s.io/initial-events-end\": \"true\"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.\n\nWhen `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan\n is interpreted as \"data at least as new as the provided `resourceVersion`\"\n and the bookmark event is send when the state is synced\n to a `resourceVersion` at least as fresh as the one provided by the ListOptions.\n If `resourceVersion` is unset, this is interpreted as \"consistent read\" and the\n bookmark event is send when the state is synced at least to the moment\n when request started being processed.\n- `resourceVersionMatch` set to any other value or unset\n Invalid error is returned.\n\nDefaults to true if `resourceVersion=\"\"` or `resourceVersion=\"0\"` (for backward compatibility reasons) and to false otherwise.", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "name": "timeoutSeconds", + "in": "query", + "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "name": "watch", + "in": "query", + "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", + "schema": { + "type": "boolean", + "uniqueItems": true + } + } + ], + "responses": { + "200": { + "description": "OK", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkIDList" + } + }, + "application/json;stream=watch": { + "schema": { + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkIDList" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkIDList" + } + } + } + } + }, + "x-kubernetes-action": "list", + "x-kubernetes-group-version-kind": { + "group": "core.apinet.ironcore.dev", + "version": "v1alpha1", + "kind": "NetworkID" + } + }, + "post": { + "tags": [ + "coreApinetIroncoreDev_v1alpha1" + ], + "description": "create a NetworkID", + "operationId": "createCoreApinetIroncoreDevV1alpha1NetworkID", + "parameters": [ + { + "name": "dryRun", + "in": "query", + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "name": "fieldManager", + "in": "query", + "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "name": "fieldValidation", + "in": "query", + "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", + "schema": { + "type": "string", + "uniqueItems": true + } + } + ], + "requestBody": { + "content": { + "*/*": { + "schema": { + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkID" + } + } + }, + "required": true + }, + "responses": { + "200": { + "description": "OK", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkID" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkID" + } + } + } + }, + "201": { + "description": "Created", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkID" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkID" + } + } + } + }, + "202": { + "description": "Accepted", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkID" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkID" + } + } + } + } + }, + "x-kubernetes-action": "post", + "x-kubernetes-group-version-kind": { + "group": "core.apinet.ironcore.dev", + "version": "v1alpha1", + "kind": "NetworkID" + } + }, + "delete": { + "tags": [ + "coreApinetIroncoreDev_v1alpha1" + ], + "description": "delete collection of NetworkID", + "operationId": "deleteCoreApinetIroncoreDevV1alpha1CollectionNetworkID", + "parameters": [ + { + "name": "continue", + "in": "query", + "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "name": "dryRun", + "in": "query", + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "name": "fieldSelector", + "in": "query", + "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "name": "gracePeriodSeconds", + "in": "query", + "description": "The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "name": "labelSelector", + "in": "query", + "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "name": "limit", + "in": "query", + "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "name": "orphanDependents", + "in": "query", + "description": "Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the \"orphan\" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "name": "propagationPolicy", + "in": "query", + "description": "Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "name": "resourceVersion", + "in": "query", + "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "name": "resourceVersionMatch", + "in": "query", + "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "name": "sendInitialEvents", + "in": "query", + "description": "`sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic \"Bookmark\" event will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `\"k8s.io/initial-events-end\": \"true\"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.\n\nWhen `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan\n is interpreted as \"data at least as new as the provided `resourceVersion`\"\n and the bookmark event is send when the state is synced\n to a `resourceVersion` at least as fresh as the one provided by the ListOptions.\n If `resourceVersion` is unset, this is interpreted as \"consistent read\" and the\n bookmark event is send when the state is synced at least to the moment\n when request started being processed.\n- `resourceVersionMatch` set to any other value or unset\n Invalid error is returned.\n\nDefaults to true if `resourceVersion=\"\"` or `resourceVersion=\"0\"` (for backward compatibility reasons) and to false otherwise.", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "name": "timeoutSeconds", + "in": "query", + "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", + "schema": { + "type": "integer", + "uniqueItems": true + } + } + ], + "requestBody": { + "content": { + "*/*": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions" + } + } + } + }, + "responses": { + "200": { + "description": "OK", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + } + } + } + } + }, + "x-kubernetes-action": "deletecollection", + "x-kubernetes-group-version-kind": { + "group": "core.apinet.ironcore.dev", + "version": "v1alpha1", + "kind": "NetworkID" + } + }, + "parameters": [ + { + "name": "pretty", + "in": "query", + "description": "If 'true', then the output is pretty printed. Defaults to 'false' unless the user-agent indicates a browser or command-line HTTP tool (curl and wget).", + "schema": { + "type": "string", + "uniqueItems": true + } + } + ] + }, + "/apis/core.apinet.ironcore.dev/v1alpha1/networkids/{name}": { + "get": { + "tags": [ + "coreApinetIroncoreDev_v1alpha1" + ], + "description": "read the specified NetworkID", + "operationId": "readCoreApinetIroncoreDevV1alpha1NetworkID", + "responses": { + "200": { + "description": "OK", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkID" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkID" + } + } + } + } + }, + "x-kubernetes-action": "get", + "x-kubernetes-group-version-kind": { + "group": "core.apinet.ironcore.dev", + "version": "v1alpha1", + "kind": "NetworkID" + } + }, + "put": { + "tags": [ + "coreApinetIroncoreDev_v1alpha1" + ], + "description": "replace the specified NetworkID", + "operationId": "replaceCoreApinetIroncoreDevV1alpha1NetworkID", + "parameters": [ + { + "name": "dryRun", + "in": "query", + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "name": "fieldManager", + "in": "query", + "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "name": "fieldValidation", + "in": "query", + "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", + "schema": { + "type": "string", + "uniqueItems": true + } + } + ], + "requestBody": { + "content": { + "*/*": { + "schema": { + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkID" + } + } + }, + "required": true + }, + "responses": { + "200": { + "description": "OK", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkID" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkID" + } + } + } + }, + "201": { + "description": "Created", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkID" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkID" + } + } + } + } + }, + "x-kubernetes-action": "put", + "x-kubernetes-group-version-kind": { + "group": "core.apinet.ironcore.dev", + "version": "v1alpha1", + "kind": "NetworkID" + } + }, + "delete": { + "tags": [ + "coreApinetIroncoreDev_v1alpha1" + ], + "description": "delete a NetworkID", + "operationId": "deleteCoreApinetIroncoreDevV1alpha1NetworkID", + "parameters": [ + { + "name": "dryRun", + "in": "query", + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "name": "gracePeriodSeconds", + "in": "query", + "description": "The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "name": "orphanDependents", + "in": "query", + "description": "Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the \"orphan\" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "name": "propagationPolicy", + "in": "query", + "description": "Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.", + "schema": { + "type": "string", + "uniqueItems": true + } + } + ], + "requestBody": { + "content": { + "*/*": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions" + } + } + } + }, + "responses": { + "200": { + "description": "OK", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + } + } + } + }, + "202": { + "description": "Accepted", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + } + } + } + } + }, + "x-kubernetes-action": "delete", + "x-kubernetes-group-version-kind": { + "group": "core.apinet.ironcore.dev", + "version": "v1alpha1", + "kind": "NetworkID" + } + }, + "patch": { + "tags": [ + "coreApinetIroncoreDev_v1alpha1" + ], + "description": "partially update the specified NetworkID", + "operationId": "patchCoreApinetIroncoreDevV1alpha1NetworkID", + "parameters": [ + { + "name": "dryRun", + "in": "query", + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "name": "fieldManager", + "in": "query", + "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "name": "fieldValidation", + "in": "query", + "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "name": "force", + "in": "query", + "description": "Force is going to \"force\" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.", + "schema": { + "type": "boolean", + "uniqueItems": true + } + } + ], + "requestBody": { + "content": { + "application/apply-patch+yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + }, + "application/json-patch+json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + }, + "application/merge-patch+json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + }, + "application/strategic-merge-patch+json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + } + }, + "required": true + }, + "responses": { + "200": { + "description": "OK", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkID" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkID" + } + } + } + }, + "201": { + "description": "Created", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkID" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkID" + } + } + } + } + }, + "x-kubernetes-action": "patch", + "x-kubernetes-group-version-kind": { + "group": "core.apinet.ironcore.dev", + "version": "v1alpha1", + "kind": "NetworkID" + } + }, + "parameters": [ + { + "name": "name", + "in": "path", + "description": "name of the NetworkID", + "required": true, + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "name": "pretty", + "in": "query", + "description": "If 'true', then the output is pretty printed. Defaults to 'false' unless the user-agent indicates a browser or command-line HTTP tool (curl and wget).", + "schema": { + "type": "string", + "uniqueItems": true + } + } + ] + }, + "/apis/core.apinet.ironcore.dev/v1alpha1/networkinterfaces": { + "get": { + "tags": [ + "coreApinetIroncoreDev_v1alpha1" + ], + "description": "list or watch objects of kind NetworkInterface", + "operationId": "listCoreApinetIroncoreDevV1alpha1NetworkInterfaceForAllNamespaces", + "responses": { + "200": { + "description": "OK", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkInterfaceList" + } + }, + "application/json;stream=watch": { + "schema": { + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkInterfaceList" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkInterfaceList" + } + } + } + } + }, + "x-kubernetes-action": "list", + "x-kubernetes-group-version-kind": { + "group": "core.apinet.ironcore.dev", + "version": "v1alpha1", + "kind": "NetworkInterface" + } + }, + "parameters": [ + { + "name": "allowWatchBookmarks", + "in": "query", + "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "name": "continue", + "in": "query", + "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "name": "fieldSelector", + "in": "query", + "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "name": "labelSelector", + "in": "query", + "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "name": "limit", + "in": "query", + "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "name": "pretty", + "in": "query", + "description": "If 'true', then the output is pretty printed. Defaults to 'false' unless the user-agent indicates a browser or command-line HTTP tool (curl and wget).", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "name": "resourceVersion", + "in": "query", + "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "name": "resourceVersionMatch", + "in": "query", + "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "name": "sendInitialEvents", + "in": "query", + "description": "`sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic \"Bookmark\" event will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `\"k8s.io/initial-events-end\": \"true\"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.\n\nWhen `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan\n is interpreted as \"data at least as new as the provided `resourceVersion`\"\n and the bookmark event is send when the state is synced\n to a `resourceVersion` at least as fresh as the one provided by the ListOptions.\n If `resourceVersion` is unset, this is interpreted as \"consistent read\" and the\n bookmark event is send when the state is synced at least to the moment\n when request started being processed.\n- `resourceVersionMatch` set to any other value or unset\n Invalid error is returned.\n\nDefaults to true if `resourceVersion=\"\"` or `resourceVersion=\"0\"` (for backward compatibility reasons) and to false otherwise.", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "name": "timeoutSeconds", + "in": "query", + "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "name": "watch", + "in": "query", + "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", + "schema": { + "type": "boolean", + "uniqueItems": true + } + } + ] + }, + "/apis/core.apinet.ironcore.dev/v1alpha1/networkpolicies": { + "get": { + "tags": [ + "coreApinetIroncoreDev_v1alpha1" + ], + "description": "list or watch objects of kind NetworkPolicy", + "operationId": "listCoreApinetIroncoreDevV1alpha1NetworkPolicyForAllNamespaces", + "responses": { + "200": { + "description": "OK", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkPolicyList" + } + }, + "application/json;stream=watch": { + "schema": { + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkPolicyList" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkPolicyList" + } + } + } + } + }, + "x-kubernetes-action": "list", + "x-kubernetes-group-version-kind": { + "group": "core.apinet.ironcore.dev", + "version": "v1alpha1", + "kind": "NetworkPolicy" + } + }, + "parameters": [ + { + "name": "allowWatchBookmarks", + "in": "query", + "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", + "schema": { + "type": "boolean", "uniqueItems": true } }, @@ -10957,30 +13586,30 @@ } ] }, - "/apis/core.apinet.ironcore.dev/v1alpha1/nattables": { + "/apis/core.apinet.ironcore.dev/v1alpha1/networkpolicyrules": { "get": { "tags": [ "coreApinetIroncoreDev_v1alpha1" ], - "description": "list or watch objects of kind NATTable", - "operationId": "listCoreApinetIroncoreDevV1alpha1NATTableForAllNamespaces", + "description": "list or watch objects of kind NetworkPolicyRule", + "operationId": "listCoreApinetIroncoreDevV1alpha1NetworkPolicyRuleForAllNamespaces", "responses": { "200": { "description": "OK", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NATTableList" + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkPolicyRuleList" } }, "application/json;stream=watch": { "schema": { - "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NATTableList" + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkPolicyRuleList" } }, "application/yaml": { "schema": { - "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NATTableList" + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkPolicyRuleList" } } } @@ -10990,7 +13619,7 @@ "x-kubernetes-group-version-kind": { "group": "core.apinet.ironcore.dev", "version": "v1alpha1", - "kind": "NATTable" + "kind": "NetworkPolicyRule" } }, "parameters": [ @@ -11095,13 +13724,151 @@ } ] }, - "/apis/core.apinet.ironcore.dev/v1alpha1/networkids": { + "/apis/core.apinet.ironcore.dev/v1alpha1/networks": { "get": { "tags": [ "coreApinetIroncoreDev_v1alpha1" ], - "description": "list or watch objects of kind NetworkID", - "operationId": "listCoreApinetIroncoreDevV1alpha1NetworkID", + "description": "list or watch objects of kind Network", + "operationId": "listCoreApinetIroncoreDevV1alpha1NetworkForAllNamespaces", + "responses": { + "200": { + "description": "OK", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkList" + } + }, + "application/json;stream=watch": { + "schema": { + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkList" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkList" + } + } + } + } + }, + "x-kubernetes-action": "list", + "x-kubernetes-group-version-kind": { + "group": "core.apinet.ironcore.dev", + "version": "v1alpha1", + "kind": "Network" + } + }, + "parameters": [ + { + "name": "allowWatchBookmarks", + "in": "query", + "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "name": "continue", + "in": "query", + "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "name": "fieldSelector", + "in": "query", + "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "name": "labelSelector", + "in": "query", + "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "name": "limit", + "in": "query", + "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "name": "pretty", + "in": "query", + "description": "If 'true', then the output is pretty printed. Defaults to 'false' unless the user-agent indicates a browser or command-line HTTP tool (curl and wget).", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "name": "resourceVersion", + "in": "query", + "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "name": "resourceVersionMatch", + "in": "query", + "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "name": "sendInitialEvents", + "in": "query", + "description": "`sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic \"Bookmark\" event will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `\"k8s.io/initial-events-end\": \"true\"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.\n\nWhen `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan\n is interpreted as \"data at least as new as the provided `resourceVersion`\"\n and the bookmark event is send when the state is synced\n to a `resourceVersion` at least as fresh as the one provided by the ListOptions.\n If `resourceVersion` is unset, this is interpreted as \"consistent read\" and the\n bookmark event is send when the state is synced at least to the moment\n when request started being processed.\n- `resourceVersionMatch` set to any other value or unset\n Invalid error is returned.\n\nDefaults to true if `resourceVersion=\"\"` or `resourceVersion=\"0\"` (for backward compatibility reasons) and to false otherwise.", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "name": "timeoutSeconds", + "in": "query", + "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "name": "watch", + "in": "query", + "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", + "schema": { + "type": "boolean", + "uniqueItems": true + } + } + ] + }, + "/apis/core.apinet.ironcore.dev/v1alpha1/nodes": { + "get": { + "tags": [ + "coreApinetIroncoreDev_v1alpha1" + ], + "description": "list or watch objects of kind Node", + "operationId": "listCoreApinetIroncoreDevV1alpha1Node", "parameters": [ { "name": "allowWatchBookmarks", @@ -11200,17 +13967,17 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkIDList" + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NodeList" } }, "application/json;stream=watch": { "schema": { - "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkIDList" + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NodeList" } }, "application/yaml": { "schema": { - "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkIDList" + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NodeList" } } } @@ -11220,15 +13987,15 @@ "x-kubernetes-group-version-kind": { "group": "core.apinet.ironcore.dev", "version": "v1alpha1", - "kind": "NetworkID" + "kind": "Node" } }, "post": { "tags": [ "coreApinetIroncoreDev_v1alpha1" ], - "description": "create a NetworkID", - "operationId": "createCoreApinetIroncoreDevV1alpha1NetworkID", + "description": "create a Node", + "operationId": "createCoreApinetIroncoreDevV1alpha1Node", "parameters": [ { "name": "dryRun", @@ -11262,7 +14029,7 @@ "content": { "*/*": { "schema": { - "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkID" + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Node" } } }, @@ -11274,12 +14041,12 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkID" + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Node" } }, "application/yaml": { "schema": { - "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkID" + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Node" } } } @@ -11289,12 +14056,12 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkID" + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Node" } }, "application/yaml": { "schema": { - "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkID" + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Node" } } } @@ -11304,12 +14071,12 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkID" + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Node" } }, "application/yaml": { "schema": { - "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkID" + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Node" } } } @@ -11319,15 +14086,15 @@ "x-kubernetes-group-version-kind": { "group": "core.apinet.ironcore.dev", "version": "v1alpha1", - "kind": "NetworkID" + "kind": "Node" } }, "delete": { "tags": [ "coreApinetIroncoreDev_v1alpha1" ], - "description": "delete collection of NetworkID", - "operationId": "deleteCoreApinetIroncoreDevV1alpha1CollectionNetworkID", + "description": "delete collection of Node", + "operationId": "deleteCoreApinetIroncoreDevV1alpha1CollectionNode", "parameters": [ { "name": "continue", @@ -11468,7 +14235,7 @@ "x-kubernetes-group-version-kind": { "group": "core.apinet.ironcore.dev", "version": "v1alpha1", - "kind": "NetworkID" + "kind": "Node" } }, "parameters": [ @@ -11483,25 +14250,25 @@ } ] }, - "/apis/core.apinet.ironcore.dev/v1alpha1/networkids/{name}": { + "/apis/core.apinet.ironcore.dev/v1alpha1/nodes/{name}": { "get": { "tags": [ "coreApinetIroncoreDev_v1alpha1" ], - "description": "read the specified NetworkID", - "operationId": "readCoreApinetIroncoreDevV1alpha1NetworkID", + "description": "read the specified Node", + "operationId": "readCoreApinetIroncoreDevV1alpha1Node", "responses": { "200": { "description": "OK", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkID" + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Node" } }, "application/yaml": { "schema": { - "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkID" + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Node" } } } @@ -11511,15 +14278,15 @@ "x-kubernetes-group-version-kind": { "group": "core.apinet.ironcore.dev", "version": "v1alpha1", - "kind": "NetworkID" + "kind": "Node" } }, "put": { "tags": [ "coreApinetIroncoreDev_v1alpha1" ], - "description": "replace the specified NetworkID", - "operationId": "replaceCoreApinetIroncoreDevV1alpha1NetworkID", + "description": "replace the specified Node", + "operationId": "replaceCoreApinetIroncoreDevV1alpha1Node", "parameters": [ { "name": "dryRun", @@ -11553,7 +14320,7 @@ "content": { "*/*": { "schema": { - "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkID" + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Node" } } }, @@ -11565,12 +14332,12 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkID" + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Node" } }, "application/yaml": { "schema": { - "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkID" + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Node" } } } @@ -11580,12 +14347,12 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkID" + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Node" } }, "application/yaml": { "schema": { - "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkID" + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Node" } } } @@ -11595,15 +14362,15 @@ "x-kubernetes-group-version-kind": { "group": "core.apinet.ironcore.dev", "version": "v1alpha1", - "kind": "NetworkID" + "kind": "Node" } }, "delete": { "tags": [ "coreApinetIroncoreDev_v1alpha1" ], - "description": "delete a NetworkID", - "operationId": "deleteCoreApinetIroncoreDevV1alpha1NetworkID", + "description": "delete a Node", + "operationId": "deleteCoreApinetIroncoreDevV1alpha1Node", "parameters": [ { "name": "dryRun", @@ -11687,15 +14454,15 @@ "x-kubernetes-group-version-kind": { "group": "core.apinet.ironcore.dev", "version": "v1alpha1", - "kind": "NetworkID" + "kind": "Node" } }, "patch": { "tags": [ "coreApinetIroncoreDev_v1alpha1" ], - "description": "partially update the specified NetworkID", - "operationId": "patchCoreApinetIroncoreDevV1alpha1NetworkID", + "description": "partially update the specified Node", + "operationId": "patchCoreApinetIroncoreDevV1alpha1Node", "parameters": [ { "name": "dryRun", @@ -11765,12 +14532,12 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkID" + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Node" } }, "application/yaml": { "schema": { - "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkID" + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Node" } } } @@ -11780,12 +14547,12 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkID" + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Node" } }, "application/yaml": { "schema": { - "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkID" + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Node" } } } @@ -11795,14 +14562,14 @@ "x-kubernetes-group-version-kind": { "group": "core.apinet.ironcore.dev", "version": "v1alpha1", - "kind": "NetworkID" + "kind": "Node" } }, "parameters": [ { "name": "name", "in": "path", - "description": "name of the NetworkID", + "description": "name of the Node", "required": true, "schema": { "type": "string", @@ -11820,88 +14587,240 @@ } ] }, - "/apis/core.apinet.ironcore.dev/v1alpha1/networkinterfaces": { + "/apis/core.apinet.ironcore.dev/v1alpha1/nodes/{name}/status": { "get": { "tags": [ "coreApinetIroncoreDev_v1alpha1" ], - "description": "list or watch objects of kind NetworkInterface", - "operationId": "listCoreApinetIroncoreDevV1alpha1NetworkInterfaceForAllNamespaces", + "description": "read status of the specified Node", + "operationId": "readCoreApinetIroncoreDevV1alpha1NodeStatus", + "responses": { + "200": { + "description": "OK", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Node" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Node" + } + } + } + } + }, + "x-kubernetes-action": "get", + "x-kubernetes-group-version-kind": { + "group": "core.apinet.ironcore.dev", + "version": "v1alpha1", + "kind": "Node" + } + }, + "put": { + "tags": [ + "coreApinetIroncoreDev_v1alpha1" + ], + "description": "replace status of the specified Node", + "operationId": "replaceCoreApinetIroncoreDevV1alpha1NodeStatus", + "parameters": [ + { + "name": "dryRun", + "in": "query", + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "name": "fieldManager", + "in": "query", + "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "name": "fieldValidation", + "in": "query", + "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", + "schema": { + "type": "string", + "uniqueItems": true + } + } + ], + "requestBody": { + "content": { + "*/*": { + "schema": { + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Node" + } + } + }, + "required": true + }, + "responses": { + "200": { + "description": "OK", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Node" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Node" + } + } + } + }, + "201": { + "description": "Created", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Node" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Node" + } + } + } + } + }, + "x-kubernetes-action": "put", + "x-kubernetes-group-version-kind": { + "group": "core.apinet.ironcore.dev", + "version": "v1alpha1", + "kind": "Node" + } + }, + "patch": { + "tags": [ + "coreApinetIroncoreDev_v1alpha1" + ], + "description": "partially update status of the specified Node", + "operationId": "patchCoreApinetIroncoreDevV1alpha1NodeStatus", + "parameters": [ + { + "name": "dryRun", + "in": "query", + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "name": "fieldManager", + "in": "query", + "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "name": "fieldValidation", + "in": "query", + "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "name": "force", + "in": "query", + "description": "Force is going to \"force\" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.", + "schema": { + "type": "boolean", + "uniqueItems": true + } + } + ], + "requestBody": { + "content": { + "application/apply-patch+yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + }, + "application/json-patch+json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + }, + "application/merge-patch+json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + }, + "application/strategic-merge-patch+json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + } + }, + "required": true + }, "responses": { "200": { "description": "OK", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkInterfaceList" + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Node" } }, - "application/json;stream=watch": { + "application/yaml": { "schema": { - "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkInterfaceList" + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Node" + } + } + } + }, + "201": { + "description": "Created", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Node" } }, "application/yaml": { "schema": { - "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkInterfaceList" + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Node" } } } } }, - "x-kubernetes-action": "list", + "x-kubernetes-action": "patch", "x-kubernetes-group-version-kind": { "group": "core.apinet.ironcore.dev", "version": "v1alpha1", - "kind": "NetworkInterface" + "kind": "Node" } }, "parameters": [ { - "name": "allowWatchBookmarks", - "in": "query", - "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", - "schema": { - "type": "boolean", - "uniqueItems": true - } - }, - { - "name": "continue", - "in": "query", - "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", - "schema": { - "type": "string", - "uniqueItems": true - } - }, - { - "name": "fieldSelector", - "in": "query", - "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", - "schema": { - "type": "string", - "uniqueItems": true - } - }, - { - "name": "labelSelector", - "in": "query", - "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", + "name": "name", + "in": "path", + "description": "name of the Node", + "required": true, "schema": { "type": "string", "uniqueItems": true } }, - { - "name": "limit", - "in": "query", - "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", - "schema": { - "type": "integer", - "uniqueItems": true - } - }, { "name": "pretty", "in": "query", @@ -11910,88 +14829,43 @@ "type": "string", "uniqueItems": true } - }, - { - "name": "resourceVersion", - "in": "query", - "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", - "schema": { - "type": "string", - "uniqueItems": true - } - }, - { - "name": "resourceVersionMatch", - "in": "query", - "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", - "schema": { - "type": "string", - "uniqueItems": true - } - }, - { - "name": "sendInitialEvents", - "in": "query", - "description": "`sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic \"Bookmark\" event will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `\"k8s.io/initial-events-end\": \"true\"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.\n\nWhen `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan\n is interpreted as \"data at least as new as the provided `resourceVersion`\"\n and the bookmark event is send when the state is synced\n to a `resourceVersion` at least as fresh as the one provided by the ListOptions.\n If `resourceVersion` is unset, this is interpreted as \"consistent read\" and the\n bookmark event is send when the state is synced at least to the moment\n when request started being processed.\n- `resourceVersionMatch` set to any other value or unset\n Invalid error is returned.\n\nDefaults to true if `resourceVersion=\"\"` or `resourceVersion=\"0\"` (for backward compatibility reasons) and to false otherwise.", - "schema": { - "type": "boolean", - "uniqueItems": true - } - }, - { - "name": "timeoutSeconds", - "in": "query", - "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", - "schema": { - "type": "integer", - "uniqueItems": true - } - }, - { - "name": "watch", - "in": "query", - "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", - "schema": { - "type": "boolean", - "uniqueItems": true - } } ] }, - "/apis/core.apinet.ironcore.dev/v1alpha1/networks": { + "/apis/core.apinet.ironcore.dev/v1alpha1/watch/daemonsets": { "get": { "tags": [ "coreApinetIroncoreDev_v1alpha1" ], - "description": "list or watch objects of kind Network", - "operationId": "listCoreApinetIroncoreDevV1alpha1NetworkForAllNamespaces", + "description": "watch individual changes to a list of DaemonSet. deprecated: use the 'watch' parameter with a list operation instead.", + "operationId": "watchCoreApinetIroncoreDevV1alpha1DaemonSetListForAllNamespaces", "responses": { "200": { "description": "OK", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkList" + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" } }, "application/json;stream=watch": { "schema": { - "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkList" + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" } }, "application/yaml": { "schema": { - "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkList" + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" } } } } }, - "x-kubernetes-action": "list", + "x-kubernetes-action": "watchlist", "x-kubernetes-group-version-kind": { "group": "core.apinet.ironcore.dev", "version": "v1alpha1", - "kind": "Network" + "kind": "DaemonSet" } }, "parameters": [ @@ -12089,390 +14963,95 @@ "name": "watch", "in": "query", "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", - "schema": { - "type": "boolean", - "uniqueItems": true - } - } - ] - }, - "/apis/core.apinet.ironcore.dev/v1alpha1/nodes": { - "get": { - "tags": [ - "coreApinetIroncoreDev_v1alpha1" - ], - "description": "list or watch objects of kind Node", - "operationId": "listCoreApinetIroncoreDevV1alpha1Node", - "parameters": [ - { - "name": "allowWatchBookmarks", - "in": "query", - "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", - "schema": { - "type": "boolean", - "uniqueItems": true - } - }, - { - "name": "continue", - "in": "query", - "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", - "schema": { - "type": "string", - "uniqueItems": true - } - }, - { - "name": "fieldSelector", - "in": "query", - "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", - "schema": { - "type": "string", - "uniqueItems": true - } - }, - { - "name": "labelSelector", - "in": "query", - "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", - "schema": { - "type": "string", - "uniqueItems": true - } - }, - { - "name": "limit", - "in": "query", - "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", - "schema": { - "type": "integer", - "uniqueItems": true - } - }, - { - "name": "resourceVersion", - "in": "query", - "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", - "schema": { - "type": "string", - "uniqueItems": true - } - }, - { - "name": "resourceVersionMatch", - "in": "query", - "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", - "schema": { - "type": "string", - "uniqueItems": true - } - }, - { - "name": "sendInitialEvents", - "in": "query", - "description": "`sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic \"Bookmark\" event will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `\"k8s.io/initial-events-end\": \"true\"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.\n\nWhen `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan\n is interpreted as \"data at least as new as the provided `resourceVersion`\"\n and the bookmark event is send when the state is synced\n to a `resourceVersion` at least as fresh as the one provided by the ListOptions.\n If `resourceVersion` is unset, this is interpreted as \"consistent read\" and the\n bookmark event is send when the state is synced at least to the moment\n when request started being processed.\n- `resourceVersionMatch` set to any other value or unset\n Invalid error is returned.\n\nDefaults to true if `resourceVersion=\"\"` or `resourceVersion=\"0\"` (for backward compatibility reasons) and to false otherwise.", - "schema": { - "type": "boolean", - "uniqueItems": true - } - }, - { - "name": "timeoutSeconds", - "in": "query", - "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", - "schema": { - "type": "integer", - "uniqueItems": true - } - }, - { - "name": "watch", - "in": "query", - "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", - "schema": { - "type": "boolean", - "uniqueItems": true - } - } - ], - "responses": { - "200": { - "description": "OK", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NodeList" - } - }, - "application/json;stream=watch": { - "schema": { - "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NodeList" - } - }, - "application/yaml": { - "schema": { - "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NodeList" - } - } - } + "schema": { + "type": "boolean", + "uniqueItems": true } - }, - "x-kubernetes-action": "list", - "x-kubernetes-group-version-kind": { - "group": "core.apinet.ironcore.dev", - "version": "v1alpha1", - "kind": "Node" } - }, - "post": { + ] + }, + "/apis/core.apinet.ironcore.dev/v1alpha1/watch/instances": { + "get": { "tags": [ "coreApinetIroncoreDev_v1alpha1" ], - "description": "create a Node", - "operationId": "createCoreApinetIroncoreDevV1alpha1Node", - "parameters": [ - { - "name": "dryRun", - "in": "query", - "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", - "schema": { - "type": "string", - "uniqueItems": true - } - }, - { - "name": "fieldManager", - "in": "query", - "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.", - "schema": { - "type": "string", - "uniqueItems": true - } - }, - { - "name": "fieldValidation", - "in": "query", - "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", - "schema": { - "type": "string", - "uniqueItems": true - } - } - ], - "requestBody": { - "content": { - "*/*": { - "schema": { - "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Node" - } - } - }, - "required": true - }, + "description": "watch individual changes to a list of Instance. deprecated: use the 'watch' parameter with a list operation instead.", + "operationId": "watchCoreApinetIroncoreDevV1alpha1InstanceListForAllNamespaces", "responses": { "200": { "description": "OK", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Node" - } - }, - "application/yaml": { - "schema": { - "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Node" - } - } - } - }, - "201": { - "description": "Created", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Node" + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" } }, - "application/yaml": { - "schema": { - "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Node" - } - } - } - }, - "202": { - "description": "Accepted", - "content": { - "application/json": { + "application/json;stream=watch": { "schema": { - "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Node" + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" } }, "application/yaml": { "schema": { - "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Node" + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" } } } } }, - "x-kubernetes-action": "post", + "x-kubernetes-action": "watchlist", "x-kubernetes-group-version-kind": { "group": "core.apinet.ironcore.dev", "version": "v1alpha1", - "kind": "Node" + "kind": "Instance" } }, - "delete": { - "tags": [ - "coreApinetIroncoreDev_v1alpha1" - ], - "description": "delete collection of Node", - "operationId": "deleteCoreApinetIroncoreDevV1alpha1CollectionNode", - "parameters": [ - { - "name": "continue", - "in": "query", - "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", - "schema": { - "type": "string", - "uniqueItems": true - } - }, - { - "name": "dryRun", - "in": "query", - "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", - "schema": { - "type": "string", - "uniqueItems": true - } - }, - { - "name": "fieldSelector", - "in": "query", - "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", - "schema": { - "type": "string", - "uniqueItems": true - } - }, - { - "name": "gracePeriodSeconds", - "in": "query", - "description": "The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.", - "schema": { - "type": "integer", - "uniqueItems": true - } - }, - { - "name": "labelSelector", - "in": "query", - "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", - "schema": { - "type": "string", - "uniqueItems": true - } - }, - { - "name": "limit", - "in": "query", - "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", - "schema": { - "type": "integer", - "uniqueItems": true - } - }, - { - "name": "orphanDependents", - "in": "query", - "description": "Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the \"orphan\" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.", - "schema": { - "type": "boolean", - "uniqueItems": true - } - }, - { - "name": "propagationPolicy", - "in": "query", - "description": "Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.", - "schema": { - "type": "string", - "uniqueItems": true - } - }, - { - "name": "resourceVersion", - "in": "query", - "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", - "schema": { - "type": "string", - "uniqueItems": true - } - }, - { - "name": "resourceVersionMatch", - "in": "query", - "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", - "schema": { - "type": "string", - "uniqueItems": true - } - }, - { - "name": "sendInitialEvents", - "in": "query", - "description": "`sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic \"Bookmark\" event will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `\"k8s.io/initial-events-end\": \"true\"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.\n\nWhen `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan\n is interpreted as \"data at least as new as the provided `resourceVersion`\"\n and the bookmark event is send when the state is synced\n to a `resourceVersion` at least as fresh as the one provided by the ListOptions.\n If `resourceVersion` is unset, this is interpreted as \"consistent read\" and the\n bookmark event is send when the state is synced at least to the moment\n when request started being processed.\n- `resourceVersionMatch` set to any other value or unset\n Invalid error is returned.\n\nDefaults to true if `resourceVersion=\"\"` or `resourceVersion=\"0\"` (for backward compatibility reasons) and to false otherwise.", - "schema": { - "type": "boolean", - "uniqueItems": true - } - }, - { - "name": "timeoutSeconds", - "in": "query", - "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", - "schema": { - "type": "integer", - "uniqueItems": true - } + "parameters": [ + { + "name": "allowWatchBookmarks", + "in": "query", + "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", + "schema": { + "type": "boolean", + "uniqueItems": true } - ], - "requestBody": { - "content": { - "*/*": { - "schema": { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions" - } - } + }, + { + "name": "continue", + "in": "query", + "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", + "schema": { + "type": "string", + "uniqueItems": true } }, - "responses": { - "200": { - "description": "OK", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status" - } - }, - "application/yaml": { - "schema": { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status" - } - } - } + { + "name": "fieldSelector", + "in": "query", + "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "name": "labelSelector", + "in": "query", + "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "name": "limit", + "in": "query", + "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", + "schema": { + "type": "integer", + "uniqueItems": true } }, - "x-kubernetes-action": "deletecollection", - "x-kubernetes-group-version-kind": { - "group": "core.apinet.ironcore.dev", - "version": "v1alpha1", - "kind": "Node" - } - }, - "parameters": [ { "name": "pretty", "in": "query", @@ -12481,335 +15060,422 @@ "type": "string", "uniqueItems": true } + }, + { + "name": "resourceVersion", + "in": "query", + "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "name": "resourceVersionMatch", + "in": "query", + "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "name": "sendInitialEvents", + "in": "query", + "description": "`sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic \"Bookmark\" event will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `\"k8s.io/initial-events-end\": \"true\"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.\n\nWhen `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan\n is interpreted as \"data at least as new as the provided `resourceVersion`\"\n and the bookmark event is send when the state is synced\n to a `resourceVersion` at least as fresh as the one provided by the ListOptions.\n If `resourceVersion` is unset, this is interpreted as \"consistent read\" and the\n bookmark event is send when the state is synced at least to the moment\n when request started being processed.\n- `resourceVersionMatch` set to any other value or unset\n Invalid error is returned.\n\nDefaults to true if `resourceVersion=\"\"` or `resourceVersion=\"0\"` (for backward compatibility reasons) and to false otherwise.", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "name": "timeoutSeconds", + "in": "query", + "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "name": "watch", + "in": "query", + "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", + "schema": { + "type": "boolean", + "uniqueItems": true + } } ] }, - "/apis/core.apinet.ironcore.dev/v1alpha1/nodes/{name}": { + "/apis/core.apinet.ironcore.dev/v1alpha1/watch/ipaddresses": { "get": { "tags": [ "coreApinetIroncoreDev_v1alpha1" ], - "description": "read the specified Node", - "operationId": "readCoreApinetIroncoreDevV1alpha1Node", + "description": "watch individual changes to a list of IPAddress. deprecated: use the 'watch' parameter with a list operation instead.", + "operationId": "watchCoreApinetIroncoreDevV1alpha1IPAddressList", "responses": { "200": { "description": "OK", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Node" + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/json;stream=watch": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" } }, "application/yaml": { "schema": { - "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Node" + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" } } } } }, - "x-kubernetes-action": "get", + "x-kubernetes-action": "watchlist", "x-kubernetes-group-version-kind": { "group": "core.apinet.ironcore.dev", "version": "v1alpha1", - "kind": "Node" + "kind": "IPAddress" } }, - "put": { - "tags": [ - "coreApinetIroncoreDev_v1alpha1" - ], - "description": "replace the specified Node", - "operationId": "replaceCoreApinetIroncoreDevV1alpha1Node", - "parameters": [ - { - "name": "dryRun", - "in": "query", - "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", - "schema": { - "type": "string", - "uniqueItems": true - } - }, - { - "name": "fieldManager", - "in": "query", - "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.", - "schema": { - "type": "string", - "uniqueItems": true - } - }, - { - "name": "fieldValidation", - "in": "query", - "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", - "schema": { - "type": "string", - "uniqueItems": true - } + "parameters": [ + { + "name": "allowWatchBookmarks", + "in": "query", + "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", + "schema": { + "type": "boolean", + "uniqueItems": true } - ], - "requestBody": { - "content": { - "*/*": { - "schema": { - "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Node" - } - } - }, - "required": true }, - "responses": { - "200": { - "description": "OK", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Node" - } - }, - "application/yaml": { - "schema": { - "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Node" - } - } - } - }, - "201": { - "description": "Created", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Node" - } - }, - "application/yaml": { - "schema": { - "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Node" - } - } - } + { + "name": "continue", + "in": "query", + "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "name": "fieldSelector", + "in": "query", + "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "name": "labelSelector", + "in": "query", + "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "name": "limit", + "in": "query", + "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "name": "pretty", + "in": "query", + "description": "If 'true', then the output is pretty printed. Defaults to 'false' unless the user-agent indicates a browser or command-line HTTP tool (curl and wget).", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "name": "resourceVersion", + "in": "query", + "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "name": "resourceVersionMatch", + "in": "query", + "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "name": "sendInitialEvents", + "in": "query", + "description": "`sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic \"Bookmark\" event will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `\"k8s.io/initial-events-end\": \"true\"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.\n\nWhen `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan\n is interpreted as \"data at least as new as the provided `resourceVersion`\"\n and the bookmark event is send when the state is synced\n to a `resourceVersion` at least as fresh as the one provided by the ListOptions.\n If `resourceVersion` is unset, this is interpreted as \"consistent read\" and the\n bookmark event is send when the state is synced at least to the moment\n when request started being processed.\n- `resourceVersionMatch` set to any other value or unset\n Invalid error is returned.\n\nDefaults to true if `resourceVersion=\"\"` or `resourceVersion=\"0\"` (for backward compatibility reasons) and to false otherwise.", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "name": "timeoutSeconds", + "in": "query", + "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "name": "watch", + "in": "query", + "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", + "schema": { + "type": "boolean", + "uniqueItems": true } - }, - "x-kubernetes-action": "put", - "x-kubernetes-group-version-kind": { - "group": "core.apinet.ironcore.dev", - "version": "v1alpha1", - "kind": "Node" } - }, - "delete": { + ] + }, + "/apis/core.apinet.ironcore.dev/v1alpha1/watch/ipaddresses/{name}": { + "get": { "tags": [ "coreApinetIroncoreDev_v1alpha1" ], - "description": "delete a Node", - "operationId": "deleteCoreApinetIroncoreDevV1alpha1Node", - "parameters": [ - { - "name": "dryRun", - "in": "query", - "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", - "schema": { - "type": "string", - "uniqueItems": true - } - }, - { - "name": "gracePeriodSeconds", - "in": "query", - "description": "The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.", - "schema": { - "type": "integer", - "uniqueItems": true - } - }, - { - "name": "orphanDependents", - "in": "query", - "description": "Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the \"orphan\" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.", - "schema": { - "type": "boolean", - "uniqueItems": true - } - }, - { - "name": "propagationPolicy", - "in": "query", - "description": "Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.", - "schema": { - "type": "string", - "uniqueItems": true - } - } - ], - "requestBody": { - "content": { - "*/*": { - "schema": { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions" - } - } - } - }, + "description": "watch changes to an object of kind IPAddress. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.", + "operationId": "watchCoreApinetIroncoreDevV1alpha1IPAddress", "responses": { "200": { "description": "OK", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" } }, - "application/yaml": { - "schema": { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status" - } - } - } - }, - "202": { - "description": "Accepted", - "content": { - "application/json": { + "application/json;stream=watch": { "schema": { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" } }, "application/yaml": { "schema": { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" } } } } }, - "x-kubernetes-action": "delete", + "x-kubernetes-action": "watch", "x-kubernetes-group-version-kind": { "group": "core.apinet.ironcore.dev", "version": "v1alpha1", - "kind": "Node" + "kind": "IPAddress" } }, - "patch": { - "tags": [ - "coreApinetIroncoreDev_v1alpha1" - ], - "description": "partially update the specified Node", - "operationId": "patchCoreApinetIroncoreDevV1alpha1Node", - "parameters": [ - { - "name": "dryRun", - "in": "query", - "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", - "schema": { - "type": "string", - "uniqueItems": true - } - }, - { - "name": "fieldManager", - "in": "query", - "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).", - "schema": { - "type": "string", - "uniqueItems": true - } - }, - { - "name": "fieldValidation", - "in": "query", - "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", - "schema": { - "type": "string", - "uniqueItems": true - } - }, - { - "name": "force", - "in": "query", - "description": "Force is going to \"force\" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.", - "schema": { - "type": "boolean", - "uniqueItems": true - } + "parameters": [ + { + "name": "allowWatchBookmarks", + "in": "query", + "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "name": "continue", + "in": "query", + "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "name": "fieldSelector", + "in": "query", + "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "name": "labelSelector", + "in": "query", + "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "name": "limit", + "in": "query", + "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "name": "name", + "in": "path", + "description": "name of the IPAddress", + "required": true, + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "name": "pretty", + "in": "query", + "description": "If 'true', then the output is pretty printed. Defaults to 'false' unless the user-agent indicates a browser or command-line HTTP tool (curl and wget).", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "name": "resourceVersion", + "in": "query", + "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "name": "resourceVersionMatch", + "in": "query", + "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "name": "sendInitialEvents", + "in": "query", + "description": "`sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic \"Bookmark\" event will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `\"k8s.io/initial-events-end\": \"true\"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.\n\nWhen `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan\n is interpreted as \"data at least as new as the provided `resourceVersion`\"\n and the bookmark event is send when the state is synced\n to a `resourceVersion` at least as fresh as the one provided by the ListOptions.\n If `resourceVersion` is unset, this is interpreted as \"consistent read\" and the\n bookmark event is send when the state is synced at least to the moment\n when request started being processed.\n- `resourceVersionMatch` set to any other value or unset\n Invalid error is returned.\n\nDefaults to true if `resourceVersion=\"\"` or `resourceVersion=\"0\"` (for backward compatibility reasons) and to false otherwise.", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "name": "timeoutSeconds", + "in": "query", + "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", + "schema": { + "type": "integer", + "uniqueItems": true } - ], - "requestBody": { - "content": { - "application/apply-patch+yaml": { - "schema": { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" - } - }, - "application/json-patch+json": { - "schema": { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" - } - }, - "application/merge-patch+json": { - "schema": { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" - } - }, - "application/strategic-merge-patch+json": { - "schema": { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" - } - } - }, - "required": true }, + { + "name": "watch", + "in": "query", + "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", + "schema": { + "type": "boolean", + "uniqueItems": true + } + } + ] + }, + "/apis/core.apinet.ironcore.dev/v1alpha1/watch/ips": { + "get": { + "tags": [ + "coreApinetIroncoreDev_v1alpha1" + ], + "description": "watch individual changes to a list of IP. deprecated: use the 'watch' parameter with a list operation instead.", + "operationId": "watchCoreApinetIroncoreDevV1alpha1IPListForAllNamespaces", "responses": { "200": { "description": "OK", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Node" + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" } }, - "application/yaml": { - "schema": { - "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Node" - } - } - } - }, - "201": { - "description": "Created", - "content": { - "application/json": { + "application/json;stream=watch": { "schema": { - "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Node" + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" } }, "application/yaml": { "schema": { - "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Node" + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" } } } } }, - "x-kubernetes-action": "patch", + "x-kubernetes-action": "watchlist", "x-kubernetes-group-version-kind": { "group": "core.apinet.ironcore.dev", "version": "v1alpha1", - "kind": "Node" + "kind": "IP" } }, "parameters": [ { - "name": "name", - "in": "path", - "description": "name of the Node", - "required": true, + "name": "allowWatchBookmarks", + "in": "query", + "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "name": "continue", + "in": "query", + "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "name": "fieldSelector", + "in": "query", + "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "name": "labelSelector", + "in": "query", + "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", "schema": { "type": "string", "uniqueItems": true } }, + { + "name": "limit", + "in": "query", + "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, { "name": "pretty", "in": "query", @@ -12818,243 +15484,136 @@ "type": "string", "uniqueItems": true } - } - ] - }, - "/apis/core.apinet.ironcore.dev/v1alpha1/nodes/{name}/status": { - "get": { - "tags": [ - "coreApinetIroncoreDev_v1alpha1" - ], - "description": "read status of the specified Node", - "operationId": "readCoreApinetIroncoreDevV1alpha1NodeStatus", - "responses": { - "200": { - "description": "OK", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Node" - } - }, - "application/yaml": { - "schema": { - "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Node" - } - } - } + }, + { + "name": "resourceVersion", + "in": "query", + "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "schema": { + "type": "string", + "uniqueItems": true } }, - "x-kubernetes-action": "get", - "x-kubernetes-group-version-kind": { - "group": "core.apinet.ironcore.dev", - "version": "v1alpha1", - "kind": "Node" - } - }, - "put": { - "tags": [ - "coreApinetIroncoreDev_v1alpha1" - ], - "description": "replace status of the specified Node", - "operationId": "replaceCoreApinetIroncoreDevV1alpha1NodeStatus", - "parameters": [ - { - "name": "dryRun", - "in": "query", - "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", - "schema": { - "type": "string", - "uniqueItems": true - } - }, - { - "name": "fieldManager", - "in": "query", - "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.", - "schema": { - "type": "string", - "uniqueItems": true - } - }, - { - "name": "fieldValidation", - "in": "query", - "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", - "schema": { - "type": "string", - "uniqueItems": true - } + { + "name": "resourceVersionMatch", + "in": "query", + "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "schema": { + "type": "string", + "uniqueItems": true } - ], - "requestBody": { - "content": { - "*/*": { - "schema": { - "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Node" - } - } - }, - "required": true }, - "responses": { - "200": { - "description": "OK", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Node" - } - }, - "application/yaml": { - "schema": { - "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Node" - } - } - } - }, - "201": { - "description": "Created", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Node" - } - }, - "application/yaml": { - "schema": { - "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Node" - } - } - } + { + "name": "sendInitialEvents", + "in": "query", + "description": "`sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic \"Bookmark\" event will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `\"k8s.io/initial-events-end\": \"true\"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.\n\nWhen `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan\n is interpreted as \"data at least as new as the provided `resourceVersion`\"\n and the bookmark event is send when the state is synced\n to a `resourceVersion` at least as fresh as the one provided by the ListOptions.\n If `resourceVersion` is unset, this is interpreted as \"consistent read\" and the\n bookmark event is send when the state is synced at least to the moment\n when request started being processed.\n- `resourceVersionMatch` set to any other value or unset\n Invalid error is returned.\n\nDefaults to true if `resourceVersion=\"\"` or `resourceVersion=\"0\"` (for backward compatibility reasons) and to false otherwise.", + "schema": { + "type": "boolean", + "uniqueItems": true } }, - "x-kubernetes-action": "put", - "x-kubernetes-group-version-kind": { - "group": "core.apinet.ironcore.dev", - "version": "v1alpha1", - "kind": "Node" - } - }, - "patch": { - "tags": [ - "coreApinetIroncoreDev_v1alpha1" - ], - "description": "partially update status of the specified Node", - "operationId": "patchCoreApinetIroncoreDevV1alpha1NodeStatus", - "parameters": [ - { - "name": "dryRun", - "in": "query", - "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", - "schema": { - "type": "string", - "uniqueItems": true - } - }, - { - "name": "fieldManager", - "in": "query", - "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).", - "schema": { - "type": "string", - "uniqueItems": true - } - }, - { - "name": "fieldValidation", - "in": "query", - "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", - "schema": { - "type": "string", - "uniqueItems": true - } - }, - { - "name": "force", - "in": "query", - "description": "Force is going to \"force\" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.", - "schema": { - "type": "boolean", - "uniqueItems": true - } + { + "name": "timeoutSeconds", + "in": "query", + "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", + "schema": { + "type": "integer", + "uniqueItems": true } - ], - "requestBody": { - "content": { - "application/apply-patch+yaml": { - "schema": { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" - } - }, - "application/json-patch+json": { - "schema": { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" - } - }, - "application/merge-patch+json": { - "schema": { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" - } - }, - "application/strategic-merge-patch+json": { - "schema": { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" - } - } - }, - "required": true }, + { + "name": "watch", + "in": "query", + "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", + "schema": { + "type": "boolean", + "uniqueItems": true + } + } + ] + }, + "/apis/core.apinet.ironcore.dev/v1alpha1/watch/loadbalancerroutings": { + "get": { + "tags": [ + "coreApinetIroncoreDev_v1alpha1" + ], + "description": "watch individual changes to a list of LoadBalancerRouting. deprecated: use the 'watch' parameter with a list operation instead.", + "operationId": "watchCoreApinetIroncoreDevV1alpha1LoadBalancerRoutingListForAllNamespaces", "responses": { "200": { "description": "OK", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Node" + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" } }, - "application/yaml": { - "schema": { - "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Node" - } - } - } - }, - "201": { - "description": "Created", - "content": { - "application/json": { + "application/json;stream=watch": { "schema": { - "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Node" + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" } }, "application/yaml": { "schema": { - "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Node" + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" } } } } }, - "x-kubernetes-action": "patch", + "x-kubernetes-action": "watchlist", "x-kubernetes-group-version-kind": { "group": "core.apinet.ironcore.dev", "version": "v1alpha1", - "kind": "Node" + "kind": "LoadBalancerRouting" } }, "parameters": [ { - "name": "name", - "in": "path", - "description": "name of the Node", - "required": true, + "name": "allowWatchBookmarks", + "in": "query", + "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "name": "continue", + "in": "query", + "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "name": "fieldSelector", + "in": "query", + "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "name": "labelSelector", + "in": "query", + "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", "schema": { "type": "string", "uniqueItems": true } }, + { + "name": "limit", + "in": "query", + "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, { "name": "pretty", "in": "query", @@ -13063,16 +15622,61 @@ "type": "string", "uniqueItems": true } + }, + { + "name": "resourceVersion", + "in": "query", + "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "name": "resourceVersionMatch", + "in": "query", + "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "name": "sendInitialEvents", + "in": "query", + "description": "`sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic \"Bookmark\" event will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `\"k8s.io/initial-events-end\": \"true\"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.\n\nWhen `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan\n is interpreted as \"data at least as new as the provided `resourceVersion`\"\n and the bookmark event is send when the state is synced\n to a `resourceVersion` at least as fresh as the one provided by the ListOptions.\n If `resourceVersion` is unset, this is interpreted as \"consistent read\" and the\n bookmark event is send when the state is synced at least to the moment\n when request started being processed.\n- `resourceVersionMatch` set to any other value or unset\n Invalid error is returned.\n\nDefaults to true if `resourceVersion=\"\"` or `resourceVersion=\"0\"` (for backward compatibility reasons) and to false otherwise.", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "name": "timeoutSeconds", + "in": "query", + "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "name": "watch", + "in": "query", + "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", + "schema": { + "type": "boolean", + "uniqueItems": true + } } ] }, - "/apis/core.apinet.ironcore.dev/v1alpha1/watch/daemonsets": { + "/apis/core.apinet.ironcore.dev/v1alpha1/watch/loadbalancers": { "get": { "tags": [ "coreApinetIroncoreDev_v1alpha1" ], - "description": "watch individual changes to a list of DaemonSet. deprecated: use the 'watch' parameter with a list operation instead.", - "operationId": "watchCoreApinetIroncoreDevV1alpha1DaemonSetListForAllNamespaces", + "description": "watch individual changes to a list of LoadBalancer. deprecated: use the 'watch' parameter with a list operation instead.", + "operationId": "watchCoreApinetIroncoreDevV1alpha1LoadBalancerListForAllNamespaces", "responses": { "200": { "description": "OK", @@ -13099,7 +15703,7 @@ "x-kubernetes-group-version-kind": { "group": "core.apinet.ironcore.dev", "version": "v1alpha1", - "kind": "DaemonSet" + "kind": "LoadBalancer" } }, "parameters": [ @@ -13204,13 +15808,13 @@ } ] }, - "/apis/core.apinet.ironcore.dev/v1alpha1/watch/instances": { + "/apis/core.apinet.ironcore.dev/v1alpha1/watch/namespaces/{namespace}/daemonsets": { "get": { "tags": [ "coreApinetIroncoreDev_v1alpha1" ], - "description": "watch individual changes to a list of Instance. deprecated: use the 'watch' parameter with a list operation instead.", - "operationId": "watchCoreApinetIroncoreDevV1alpha1InstanceListForAllNamespaces", + "description": "watch individual changes to a list of DaemonSet. deprecated: use the 'watch' parameter with a list operation instead.", + "operationId": "watchCoreApinetIroncoreDevV1alpha1NamespacedDaemonSetList", "responses": { "200": { "description": "OK", @@ -13237,7 +15841,7 @@ "x-kubernetes-group-version-kind": { "group": "core.apinet.ironcore.dev", "version": "v1alpha1", - "kind": "Instance" + "kind": "DaemonSet" } }, "parameters": [ @@ -13286,6 +15890,16 @@ "uniqueItems": true } }, + { + "name": "namespace", + "in": "path", + "description": "object name and auth scope, such as for teams and projects", + "required": true, + "schema": { + "type": "string", + "uniqueItems": true + } + }, { "name": "pretty", "in": "query", @@ -13342,13 +15956,13 @@ } ] }, - "/apis/core.apinet.ironcore.dev/v1alpha1/watch/ipaddresses": { + "/apis/core.apinet.ironcore.dev/v1alpha1/watch/namespaces/{namespace}/daemonsets/{name}": { "get": { "tags": [ "coreApinetIroncoreDev_v1alpha1" ], - "description": "watch individual changes to a list of IPAddress. deprecated: use the 'watch' parameter with a list operation instead.", - "operationId": "watchCoreApinetIroncoreDevV1alpha1IPAddressList", + "description": "watch changes to an object of kind DaemonSet. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.", + "operationId": "watchCoreApinetIroncoreDevV1alpha1NamespacedDaemonSet", "responses": { "200": { "description": "OK", @@ -13371,11 +15985,11 @@ } } }, - "x-kubernetes-action": "watchlist", + "x-kubernetes-action": "watch", "x-kubernetes-group-version-kind": { "group": "core.apinet.ironcore.dev", "version": "v1alpha1", - "kind": "IPAddress" + "kind": "DaemonSet" } }, "parameters": [ @@ -13424,6 +16038,26 @@ "uniqueItems": true } }, + { + "name": "name", + "in": "path", + "description": "name of the DaemonSet", + "required": true, + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "name": "namespace", + "in": "path", + "description": "object name and auth scope, such as for teams and projects", + "required": true, + "schema": { + "type": "string", + "uniqueItems": true + } + }, { "name": "pretty", "in": "query", @@ -13480,13 +16114,13 @@ } ] }, - "/apis/core.apinet.ironcore.dev/v1alpha1/watch/ipaddresses/{name}": { + "/apis/core.apinet.ironcore.dev/v1alpha1/watch/namespaces/{namespace}/instances": { "get": { "tags": [ "coreApinetIroncoreDev_v1alpha1" ], - "description": "watch changes to an object of kind IPAddress. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.", - "operationId": "watchCoreApinetIroncoreDevV1alpha1IPAddress", + "description": "watch individual changes to a list of Instance. deprecated: use the 'watch' parameter with a list operation instead.", + "operationId": "watchCoreApinetIroncoreDevV1alpha1NamespacedInstanceList", "responses": { "200": { "description": "OK", @@ -13509,11 +16143,11 @@ } } }, - "x-kubernetes-action": "watch", + "x-kubernetes-action": "watchlist", "x-kubernetes-group-version-kind": { "group": "core.apinet.ironcore.dev", "version": "v1alpha1", - "kind": "IPAddress" + "kind": "Instance" } }, "parameters": [ @@ -13563,9 +16197,9 @@ } }, { - "name": "name", + "name": "namespace", "in": "path", - "description": "name of the IPAddress", + "description": "object name and auth scope, such as for teams and projects", "required": true, "schema": { "type": "string", @@ -13628,13 +16262,13 @@ } ] }, - "/apis/core.apinet.ironcore.dev/v1alpha1/watch/ips": { + "/apis/core.apinet.ironcore.dev/v1alpha1/watch/namespaces/{namespace}/instances/{name}": { "get": { "tags": [ "coreApinetIroncoreDev_v1alpha1" ], - "description": "watch individual changes to a list of IP. deprecated: use the 'watch' parameter with a list operation instead.", - "operationId": "watchCoreApinetIroncoreDevV1alpha1IPListForAllNamespaces", + "description": "watch changes to an object of kind Instance. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.", + "operationId": "watchCoreApinetIroncoreDevV1alpha1NamespacedInstance", "responses": { "200": { "description": "OK", @@ -13657,11 +16291,11 @@ } } }, - "x-kubernetes-action": "watchlist", + "x-kubernetes-action": "watch", "x-kubernetes-group-version-kind": { "group": "core.apinet.ironcore.dev", "version": "v1alpha1", - "kind": "IP" + "kind": "Instance" } }, "parameters": [ @@ -13702,11 +16336,31 @@ } }, { - "name": "limit", - "in": "query", - "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", + "name": "limit", + "in": "query", + "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "name": "name", + "in": "path", + "description": "name of the Instance", + "required": true, + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "name": "namespace", + "in": "path", + "description": "object name and auth scope, such as for teams and projects", + "required": true, "schema": { - "type": "integer", + "type": "string", "uniqueItems": true } }, @@ -13766,13 +16420,13 @@ } ] }, - "/apis/core.apinet.ironcore.dev/v1alpha1/watch/loadbalancerroutings": { + "/apis/core.apinet.ironcore.dev/v1alpha1/watch/namespaces/{namespace}/ips": { "get": { "tags": [ "coreApinetIroncoreDev_v1alpha1" ], - "description": "watch individual changes to a list of LoadBalancerRouting. deprecated: use the 'watch' parameter with a list operation instead.", - "operationId": "watchCoreApinetIroncoreDevV1alpha1LoadBalancerRoutingListForAllNamespaces", + "description": "watch individual changes to a list of IP. deprecated: use the 'watch' parameter with a list operation instead.", + "operationId": "watchCoreApinetIroncoreDevV1alpha1NamespacedIPList", "responses": { "200": { "description": "OK", @@ -13799,7 +16453,7 @@ "x-kubernetes-group-version-kind": { "group": "core.apinet.ironcore.dev", "version": "v1alpha1", - "kind": "LoadBalancerRouting" + "kind": "IP" } }, "parameters": [ @@ -13848,6 +16502,16 @@ "uniqueItems": true } }, + { + "name": "namespace", + "in": "path", + "description": "object name and auth scope, such as for teams and projects", + "required": true, + "schema": { + "type": "string", + "uniqueItems": true + } + }, { "name": "pretty", "in": "query", @@ -13904,13 +16568,13 @@ } ] }, - "/apis/core.apinet.ironcore.dev/v1alpha1/watch/loadbalancers": { + "/apis/core.apinet.ironcore.dev/v1alpha1/watch/namespaces/{namespace}/ips/{name}": { "get": { "tags": [ "coreApinetIroncoreDev_v1alpha1" ], - "description": "watch individual changes to a list of LoadBalancer. deprecated: use the 'watch' parameter with a list operation instead.", - "operationId": "watchCoreApinetIroncoreDevV1alpha1LoadBalancerListForAllNamespaces", + "description": "watch changes to an object of kind IP. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.", + "operationId": "watchCoreApinetIroncoreDevV1alpha1NamespacedIP", "responses": { "200": { "description": "OK", @@ -13933,11 +16597,11 @@ } } }, - "x-kubernetes-action": "watchlist", + "x-kubernetes-action": "watch", "x-kubernetes-group-version-kind": { "group": "core.apinet.ironcore.dev", "version": "v1alpha1", - "kind": "LoadBalancer" + "kind": "IP" } }, "parameters": [ @@ -13986,6 +16650,26 @@ "uniqueItems": true } }, + { + "name": "name", + "in": "path", + "description": "name of the IP", + "required": true, + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "name": "namespace", + "in": "path", + "description": "object name and auth scope, such as for teams and projects", + "required": true, + "schema": { + "type": "string", + "uniqueItems": true + } + }, { "name": "pretty", "in": "query", @@ -14042,13 +16726,13 @@ } ] }, - "/apis/core.apinet.ironcore.dev/v1alpha1/watch/namespaces/{namespace}/daemonsets": { + "/apis/core.apinet.ironcore.dev/v1alpha1/watch/namespaces/{namespace}/loadbalancerroutings": { "get": { "tags": [ "coreApinetIroncoreDev_v1alpha1" ], - "description": "watch individual changes to a list of DaemonSet. deprecated: use the 'watch' parameter with a list operation instead.", - "operationId": "watchCoreApinetIroncoreDevV1alpha1NamespacedDaemonSetList", + "description": "watch individual changes to a list of LoadBalancerRouting. deprecated: use the 'watch' parameter with a list operation instead.", + "operationId": "watchCoreApinetIroncoreDevV1alpha1NamespacedLoadBalancerRoutingList", "responses": { "200": { "description": "OK", @@ -14075,7 +16759,7 @@ "x-kubernetes-group-version-kind": { "group": "core.apinet.ironcore.dev", "version": "v1alpha1", - "kind": "DaemonSet" + "kind": "LoadBalancerRouting" } }, "parameters": [ @@ -14190,13 +16874,13 @@ } ] }, - "/apis/core.apinet.ironcore.dev/v1alpha1/watch/namespaces/{namespace}/daemonsets/{name}": { + "/apis/core.apinet.ironcore.dev/v1alpha1/watch/namespaces/{namespace}/loadbalancerroutings/{name}": { "get": { "tags": [ "coreApinetIroncoreDev_v1alpha1" ], - "description": "watch changes to an object of kind DaemonSet. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.", - "operationId": "watchCoreApinetIroncoreDevV1alpha1NamespacedDaemonSet", + "description": "watch changes to an object of kind LoadBalancerRouting. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.", + "operationId": "watchCoreApinetIroncoreDevV1alpha1NamespacedLoadBalancerRouting", "responses": { "200": { "description": "OK", @@ -14223,7 +16907,7 @@ "x-kubernetes-group-version-kind": { "group": "core.apinet.ironcore.dev", "version": "v1alpha1", - "kind": "DaemonSet" + "kind": "LoadBalancerRouting" } }, "parameters": [ @@ -14275,7 +16959,7 @@ { "name": "name", "in": "path", - "description": "name of the DaemonSet", + "description": "name of the LoadBalancerRouting", "required": true, "schema": { "type": "string", @@ -14348,13 +17032,13 @@ } ] }, - "/apis/core.apinet.ironcore.dev/v1alpha1/watch/namespaces/{namespace}/instances": { + "/apis/core.apinet.ironcore.dev/v1alpha1/watch/namespaces/{namespace}/loadbalancers": { "get": { "tags": [ "coreApinetIroncoreDev_v1alpha1" ], - "description": "watch individual changes to a list of Instance. deprecated: use the 'watch' parameter with a list operation instead.", - "operationId": "watchCoreApinetIroncoreDevV1alpha1NamespacedInstanceList", + "description": "watch individual changes to a list of LoadBalancer. deprecated: use the 'watch' parameter with a list operation instead.", + "operationId": "watchCoreApinetIroncoreDevV1alpha1NamespacedLoadBalancerList", "responses": { "200": { "description": "OK", @@ -14381,7 +17065,7 @@ "x-kubernetes-group-version-kind": { "group": "core.apinet.ironcore.dev", "version": "v1alpha1", - "kind": "Instance" + "kind": "LoadBalancer" } }, "parameters": [ @@ -14496,13 +17180,13 @@ } ] }, - "/apis/core.apinet.ironcore.dev/v1alpha1/watch/namespaces/{namespace}/instances/{name}": { + "/apis/core.apinet.ironcore.dev/v1alpha1/watch/namespaces/{namespace}/loadbalancers/{name}": { "get": { "tags": [ "coreApinetIroncoreDev_v1alpha1" ], - "description": "watch changes to an object of kind Instance. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.", - "operationId": "watchCoreApinetIroncoreDevV1alpha1NamespacedInstance", + "description": "watch changes to an object of kind LoadBalancer. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.", + "operationId": "watchCoreApinetIroncoreDevV1alpha1NamespacedLoadBalancer", "responses": { "200": { "description": "OK", @@ -14529,7 +17213,7 @@ "x-kubernetes-group-version-kind": { "group": "core.apinet.ironcore.dev", "version": "v1alpha1", - "kind": "Instance" + "kind": "LoadBalancer" } }, "parameters": [ @@ -14581,7 +17265,7 @@ { "name": "name", "in": "path", - "description": "name of the Instance", + "description": "name of the LoadBalancer", "required": true, "schema": { "type": "string", @@ -14654,13 +17338,13 @@ } ] }, - "/apis/core.apinet.ironcore.dev/v1alpha1/watch/namespaces/{namespace}/ips": { + "/apis/core.apinet.ironcore.dev/v1alpha1/watch/namespaces/{namespace}/natgatewayautoscalers": { "get": { "tags": [ "coreApinetIroncoreDev_v1alpha1" ], - "description": "watch individual changes to a list of IP. deprecated: use the 'watch' parameter with a list operation instead.", - "operationId": "watchCoreApinetIroncoreDevV1alpha1NamespacedIPList", + "description": "watch individual changes to a list of NATGatewayAutoscaler. deprecated: use the 'watch' parameter with a list operation instead.", + "operationId": "watchCoreApinetIroncoreDevV1alpha1NamespacedNATGatewayAutoscalerList", "responses": { "200": { "description": "OK", @@ -14687,7 +17371,7 @@ "x-kubernetes-group-version-kind": { "group": "core.apinet.ironcore.dev", "version": "v1alpha1", - "kind": "IP" + "kind": "NATGatewayAutoscaler" } }, "parameters": [ @@ -14802,13 +17486,13 @@ } ] }, - "/apis/core.apinet.ironcore.dev/v1alpha1/watch/namespaces/{namespace}/ips/{name}": { + "/apis/core.apinet.ironcore.dev/v1alpha1/watch/namespaces/{namespace}/natgatewayautoscalers/{name}": { "get": { "tags": [ "coreApinetIroncoreDev_v1alpha1" ], - "description": "watch changes to an object of kind IP. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.", - "operationId": "watchCoreApinetIroncoreDevV1alpha1NamespacedIP", + "description": "watch changes to an object of kind NATGatewayAutoscaler. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.", + "operationId": "watchCoreApinetIroncoreDevV1alpha1NamespacedNATGatewayAutoscaler", "responses": { "200": { "description": "OK", @@ -14835,7 +17519,7 @@ "x-kubernetes-group-version-kind": { "group": "core.apinet.ironcore.dev", "version": "v1alpha1", - "kind": "IP" + "kind": "NATGatewayAutoscaler" } }, "parameters": [ @@ -14887,7 +17571,7 @@ { "name": "name", "in": "path", - "description": "name of the IP", + "description": "name of the NATGatewayAutoscaler", "required": true, "schema": { "type": "string", @@ -14960,13 +17644,13 @@ } ] }, - "/apis/core.apinet.ironcore.dev/v1alpha1/watch/namespaces/{namespace}/loadbalancerroutings": { + "/apis/core.apinet.ironcore.dev/v1alpha1/watch/namespaces/{namespace}/natgateways": { "get": { "tags": [ "coreApinetIroncoreDev_v1alpha1" ], - "description": "watch individual changes to a list of LoadBalancerRouting. deprecated: use the 'watch' parameter with a list operation instead.", - "operationId": "watchCoreApinetIroncoreDevV1alpha1NamespacedLoadBalancerRoutingList", + "description": "watch individual changes to a list of NATGateway. deprecated: use the 'watch' parameter with a list operation instead.", + "operationId": "watchCoreApinetIroncoreDevV1alpha1NamespacedNATGatewayList", "responses": { "200": { "description": "OK", @@ -14993,7 +17677,7 @@ "x-kubernetes-group-version-kind": { "group": "core.apinet.ironcore.dev", "version": "v1alpha1", - "kind": "LoadBalancerRouting" + "kind": "NATGateway" } }, "parameters": [ @@ -15108,13 +17792,13 @@ } ] }, - "/apis/core.apinet.ironcore.dev/v1alpha1/watch/namespaces/{namespace}/loadbalancerroutings/{name}": { + "/apis/core.apinet.ironcore.dev/v1alpha1/watch/namespaces/{namespace}/natgateways/{name}": { "get": { "tags": [ "coreApinetIroncoreDev_v1alpha1" ], - "description": "watch changes to an object of kind LoadBalancerRouting. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.", - "operationId": "watchCoreApinetIroncoreDevV1alpha1NamespacedLoadBalancerRouting", + "description": "watch changes to an object of kind NATGateway. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.", + "operationId": "watchCoreApinetIroncoreDevV1alpha1NamespacedNATGateway", "responses": { "200": { "description": "OK", @@ -15141,7 +17825,7 @@ "x-kubernetes-group-version-kind": { "group": "core.apinet.ironcore.dev", "version": "v1alpha1", - "kind": "LoadBalancerRouting" + "kind": "NATGateway" } }, "parameters": [ @@ -15193,7 +17877,7 @@ { "name": "name", "in": "path", - "description": "name of the LoadBalancerRouting", + "description": "name of the NATGateway", "required": true, "schema": { "type": "string", @@ -15266,13 +17950,13 @@ } ] }, - "/apis/core.apinet.ironcore.dev/v1alpha1/watch/namespaces/{namespace}/loadbalancers": { + "/apis/core.apinet.ironcore.dev/v1alpha1/watch/namespaces/{namespace}/nattables": { "get": { "tags": [ "coreApinetIroncoreDev_v1alpha1" ], - "description": "watch individual changes to a list of LoadBalancer. deprecated: use the 'watch' parameter with a list operation instead.", - "operationId": "watchCoreApinetIroncoreDevV1alpha1NamespacedLoadBalancerList", + "description": "watch individual changes to a list of NATTable. deprecated: use the 'watch' parameter with a list operation instead.", + "operationId": "watchCoreApinetIroncoreDevV1alpha1NamespacedNATTableList", "responses": { "200": { "description": "OK", @@ -15299,7 +17983,7 @@ "x-kubernetes-group-version-kind": { "group": "core.apinet.ironcore.dev", "version": "v1alpha1", - "kind": "LoadBalancer" + "kind": "NATTable" } }, "parameters": [ @@ -15414,13 +18098,13 @@ } ] }, - "/apis/core.apinet.ironcore.dev/v1alpha1/watch/namespaces/{namespace}/loadbalancers/{name}": { + "/apis/core.apinet.ironcore.dev/v1alpha1/watch/namespaces/{namespace}/nattables/{name}": { "get": { "tags": [ "coreApinetIroncoreDev_v1alpha1" ], - "description": "watch changes to an object of kind LoadBalancer. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.", - "operationId": "watchCoreApinetIroncoreDevV1alpha1NamespacedLoadBalancer", + "description": "watch changes to an object of kind NATTable. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.", + "operationId": "watchCoreApinetIroncoreDevV1alpha1NamespacedNATTable", "responses": { "200": { "description": "OK", @@ -15447,7 +18131,7 @@ "x-kubernetes-group-version-kind": { "group": "core.apinet.ironcore.dev", "version": "v1alpha1", - "kind": "LoadBalancer" + "kind": "NATTable" } }, "parameters": [ @@ -15499,7 +18183,7 @@ { "name": "name", "in": "path", - "description": "name of the LoadBalancer", + "description": "name of the NATTable", "required": true, "schema": { "type": "string", @@ -15572,13 +18256,13 @@ } ] }, - "/apis/core.apinet.ironcore.dev/v1alpha1/watch/namespaces/{namespace}/natgatewayautoscalers": { + "/apis/core.apinet.ironcore.dev/v1alpha1/watch/namespaces/{namespace}/networkinterfaces": { "get": { "tags": [ "coreApinetIroncoreDev_v1alpha1" ], - "description": "watch individual changes to a list of NATGatewayAutoscaler. deprecated: use the 'watch' parameter with a list operation instead.", - "operationId": "watchCoreApinetIroncoreDevV1alpha1NamespacedNATGatewayAutoscalerList", + "description": "watch individual changes to a list of NetworkInterface. deprecated: use the 'watch' parameter with a list operation instead.", + "operationId": "watchCoreApinetIroncoreDevV1alpha1NamespacedNetworkInterfaceList", "responses": { "200": { "description": "OK", @@ -15605,7 +18289,7 @@ "x-kubernetes-group-version-kind": { "group": "core.apinet.ironcore.dev", "version": "v1alpha1", - "kind": "NATGatewayAutoscaler" + "kind": "NetworkInterface" } }, "parameters": [ @@ -15720,13 +18404,13 @@ } ] }, - "/apis/core.apinet.ironcore.dev/v1alpha1/watch/namespaces/{namespace}/natgatewayautoscalers/{name}": { + "/apis/core.apinet.ironcore.dev/v1alpha1/watch/namespaces/{namespace}/networkinterfaces/{name}": { "get": { "tags": [ "coreApinetIroncoreDev_v1alpha1" ], - "description": "watch changes to an object of kind NATGatewayAutoscaler. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.", - "operationId": "watchCoreApinetIroncoreDevV1alpha1NamespacedNATGatewayAutoscaler", + "description": "watch changes to an object of kind NetworkInterface. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.", + "operationId": "watchCoreApinetIroncoreDevV1alpha1NamespacedNetworkInterface", "responses": { "200": { "description": "OK", @@ -15753,7 +18437,7 @@ "x-kubernetes-group-version-kind": { "group": "core.apinet.ironcore.dev", "version": "v1alpha1", - "kind": "NATGatewayAutoscaler" + "kind": "NetworkInterface" } }, "parameters": [ @@ -15805,7 +18489,7 @@ { "name": "name", "in": "path", - "description": "name of the NATGatewayAutoscaler", + "description": "name of the NetworkInterface", "required": true, "schema": { "type": "string", @@ -15878,13 +18562,13 @@ } ] }, - "/apis/core.apinet.ironcore.dev/v1alpha1/watch/namespaces/{namespace}/natgateways": { + "/apis/core.apinet.ironcore.dev/v1alpha1/watch/namespaces/{namespace}/networkpolicies": { "get": { "tags": [ "coreApinetIroncoreDev_v1alpha1" ], - "description": "watch individual changes to a list of NATGateway. deprecated: use the 'watch' parameter with a list operation instead.", - "operationId": "watchCoreApinetIroncoreDevV1alpha1NamespacedNATGatewayList", + "description": "watch individual changes to a list of NetworkPolicy. deprecated: use the 'watch' parameter with a list operation instead.", + "operationId": "watchCoreApinetIroncoreDevV1alpha1NamespacedNetworkPolicyList", "responses": { "200": { "description": "OK", @@ -15911,7 +18595,7 @@ "x-kubernetes-group-version-kind": { "group": "core.apinet.ironcore.dev", "version": "v1alpha1", - "kind": "NATGateway" + "kind": "NetworkPolicy" } }, "parameters": [ @@ -16026,13 +18710,13 @@ } ] }, - "/apis/core.apinet.ironcore.dev/v1alpha1/watch/namespaces/{namespace}/natgateways/{name}": { + "/apis/core.apinet.ironcore.dev/v1alpha1/watch/namespaces/{namespace}/networkpolicies/{name}": { "get": { "tags": [ "coreApinetIroncoreDev_v1alpha1" ], - "description": "watch changes to an object of kind NATGateway. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.", - "operationId": "watchCoreApinetIroncoreDevV1alpha1NamespacedNATGateway", + "description": "watch changes to an object of kind NetworkPolicy. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.", + "operationId": "watchCoreApinetIroncoreDevV1alpha1NamespacedNetworkPolicy", "responses": { "200": { "description": "OK", @@ -16059,7 +18743,7 @@ "x-kubernetes-group-version-kind": { "group": "core.apinet.ironcore.dev", "version": "v1alpha1", - "kind": "NATGateway" + "kind": "NetworkPolicy" } }, "parameters": [ @@ -16111,7 +18795,7 @@ { "name": "name", "in": "path", - "description": "name of the NATGateway", + "description": "name of the NetworkPolicy", "required": true, "schema": { "type": "string", @@ -16184,13 +18868,13 @@ } ] }, - "/apis/core.apinet.ironcore.dev/v1alpha1/watch/namespaces/{namespace}/nattables": { + "/apis/core.apinet.ironcore.dev/v1alpha1/watch/namespaces/{namespace}/networkpolicyrules": { "get": { "tags": [ "coreApinetIroncoreDev_v1alpha1" ], - "description": "watch individual changes to a list of NATTable. deprecated: use the 'watch' parameter with a list operation instead.", - "operationId": "watchCoreApinetIroncoreDevV1alpha1NamespacedNATTableList", + "description": "watch individual changes to a list of NetworkPolicyRule. deprecated: use the 'watch' parameter with a list operation instead.", + "operationId": "watchCoreApinetIroncoreDevV1alpha1NamespacedNetworkPolicyRuleList", "responses": { "200": { "description": "OK", @@ -16217,7 +18901,7 @@ "x-kubernetes-group-version-kind": { "group": "core.apinet.ironcore.dev", "version": "v1alpha1", - "kind": "NATTable" + "kind": "NetworkPolicyRule" } }, "parameters": [ @@ -16332,13 +19016,13 @@ } ] }, - "/apis/core.apinet.ironcore.dev/v1alpha1/watch/namespaces/{namespace}/nattables/{name}": { + "/apis/core.apinet.ironcore.dev/v1alpha1/watch/namespaces/{namespace}/networkpolicyrules/{name}": { "get": { "tags": [ "coreApinetIroncoreDev_v1alpha1" ], - "description": "watch changes to an object of kind NATTable. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.", - "operationId": "watchCoreApinetIroncoreDevV1alpha1NamespacedNATTable", + "description": "watch changes to an object of kind NetworkPolicyRule. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.", + "operationId": "watchCoreApinetIroncoreDevV1alpha1NamespacedNetworkPolicyRule", "responses": { "200": { "description": "OK", @@ -16365,7 +19049,7 @@ "x-kubernetes-group-version-kind": { "group": "core.apinet.ironcore.dev", "version": "v1alpha1", - "kind": "NATTable" + "kind": "NetworkPolicyRule" } }, "parameters": [ @@ -16417,7 +19101,7 @@ { "name": "name", "in": "path", - "description": "name of the NATTable", + "description": "name of the NetworkPolicyRule", "required": true, "schema": { "type": "string", @@ -16490,13 +19174,13 @@ } ] }, - "/apis/core.apinet.ironcore.dev/v1alpha1/watch/namespaces/{namespace}/networkinterfaces": { + "/apis/core.apinet.ironcore.dev/v1alpha1/watch/namespaces/{namespace}/networks": { "get": { "tags": [ "coreApinetIroncoreDev_v1alpha1" ], - "description": "watch individual changes to a list of NetworkInterface. deprecated: use the 'watch' parameter with a list operation instead.", - "operationId": "watchCoreApinetIroncoreDevV1alpha1NamespacedNetworkInterfaceList", + "description": "watch individual changes to a list of Network. deprecated: use the 'watch' parameter with a list operation instead.", + "operationId": "watchCoreApinetIroncoreDevV1alpha1NamespacedNetworkList", "responses": { "200": { "description": "OK", @@ -16523,7 +19207,7 @@ "x-kubernetes-group-version-kind": { "group": "core.apinet.ironcore.dev", "version": "v1alpha1", - "kind": "NetworkInterface" + "kind": "Network" } }, "parameters": [ @@ -16638,13 +19322,13 @@ } ] }, - "/apis/core.apinet.ironcore.dev/v1alpha1/watch/namespaces/{namespace}/networkinterfaces/{name}": { + "/apis/core.apinet.ironcore.dev/v1alpha1/watch/namespaces/{namespace}/networks/{name}": { "get": { "tags": [ "coreApinetIroncoreDev_v1alpha1" ], - "description": "watch changes to an object of kind NetworkInterface. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.", - "operationId": "watchCoreApinetIroncoreDevV1alpha1NamespacedNetworkInterface", + "description": "watch changes to an object of kind Network. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.", + "operationId": "watchCoreApinetIroncoreDevV1alpha1NamespacedNetwork", "responses": { "200": { "description": "OK", @@ -16671,7 +19355,7 @@ "x-kubernetes-group-version-kind": { "group": "core.apinet.ironcore.dev", "version": "v1alpha1", - "kind": "NetworkInterface" + "kind": "Network" } }, "parameters": [ @@ -16723,7 +19407,7 @@ { "name": "name", "in": "path", - "description": "name of the NetworkInterface", + "description": "name of the Network", "required": true, "schema": { "type": "string", @@ -16796,13 +19480,13 @@ } ] }, - "/apis/core.apinet.ironcore.dev/v1alpha1/watch/namespaces/{namespace}/networks": { + "/apis/core.apinet.ironcore.dev/v1alpha1/watch/natgatewayautoscalers": { "get": { "tags": [ "coreApinetIroncoreDev_v1alpha1" ], - "description": "watch individual changes to a list of Network. deprecated: use the 'watch' parameter with a list operation instead.", - "operationId": "watchCoreApinetIroncoreDevV1alpha1NamespacedNetworkList", + "description": "watch individual changes to a list of NATGatewayAutoscaler. deprecated: use the 'watch' parameter with a list operation instead.", + "operationId": "watchCoreApinetIroncoreDevV1alpha1NATGatewayAutoscalerListForAllNamespaces", "responses": { "200": { "description": "OK", @@ -16829,7 +19513,7 @@ "x-kubernetes-group-version-kind": { "group": "core.apinet.ironcore.dev", "version": "v1alpha1", - "kind": "Network" + "kind": "NATGatewayAutoscaler" } }, "parameters": [ @@ -16878,16 +19562,6 @@ "uniqueItems": true } }, - { - "name": "namespace", - "in": "path", - "description": "object name and auth scope, such as for teams and projects", - "required": true, - "schema": { - "type": "string", - "uniqueItems": true - } - }, { "name": "pretty", "in": "query", @@ -16944,13 +19618,13 @@ } ] }, - "/apis/core.apinet.ironcore.dev/v1alpha1/watch/namespaces/{namespace}/networks/{name}": { + "/apis/core.apinet.ironcore.dev/v1alpha1/watch/natgateways": { "get": { "tags": [ "coreApinetIroncoreDev_v1alpha1" ], - "description": "watch changes to an object of kind Network. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.", - "operationId": "watchCoreApinetIroncoreDevV1alpha1NamespacedNetwork", + "description": "watch individual changes to a list of NATGateway. deprecated: use the 'watch' parameter with a list operation instead.", + "operationId": "watchCoreApinetIroncoreDevV1alpha1NATGatewayListForAllNamespaces", "responses": { "200": { "description": "OK", @@ -16973,11 +19647,11 @@ } } }, - "x-kubernetes-action": "watch", + "x-kubernetes-action": "watchlist", "x-kubernetes-group-version-kind": { "group": "core.apinet.ironcore.dev", "version": "v1alpha1", - "kind": "Network" + "kind": "NATGateway" } }, "parameters": [ @@ -17007,42 +19681,22 @@ "type": "string", "uniqueItems": true } - }, - { - "name": "labelSelector", - "in": "query", - "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", - "schema": { - "type": "string", - "uniqueItems": true - } - }, - { - "name": "limit", - "in": "query", - "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", - "schema": { - "type": "integer", - "uniqueItems": true - } - }, - { - "name": "name", - "in": "path", - "description": "name of the Network", - "required": true, + }, + { + "name": "labelSelector", + "in": "query", + "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", "schema": { "type": "string", "uniqueItems": true } }, { - "name": "namespace", - "in": "path", - "description": "object name and auth scope, such as for teams and projects", - "required": true, + "name": "limit", + "in": "query", + "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", "schema": { - "type": "string", + "type": "integer", "uniqueItems": true } }, @@ -17102,13 +19756,13 @@ } ] }, - "/apis/core.apinet.ironcore.dev/v1alpha1/watch/natgatewayautoscalers": { + "/apis/core.apinet.ironcore.dev/v1alpha1/watch/nattables": { "get": { "tags": [ "coreApinetIroncoreDev_v1alpha1" ], - "description": "watch individual changes to a list of NATGatewayAutoscaler. deprecated: use the 'watch' parameter with a list operation instead.", - "operationId": "watchCoreApinetIroncoreDevV1alpha1NATGatewayAutoscalerListForAllNamespaces", + "description": "watch individual changes to a list of NATTable. deprecated: use the 'watch' parameter with a list operation instead.", + "operationId": "watchCoreApinetIroncoreDevV1alpha1NATTableListForAllNamespaces", "responses": { "200": { "description": "OK", @@ -17135,7 +19789,7 @@ "x-kubernetes-group-version-kind": { "group": "core.apinet.ironcore.dev", "version": "v1alpha1", - "kind": "NATGatewayAutoscaler" + "kind": "NATTable" } }, "parameters": [ @@ -17240,13 +19894,13 @@ } ] }, - "/apis/core.apinet.ironcore.dev/v1alpha1/watch/natgateways": { + "/apis/core.apinet.ironcore.dev/v1alpha1/watch/networkids": { "get": { "tags": [ "coreApinetIroncoreDev_v1alpha1" ], - "description": "watch individual changes to a list of NATGateway. deprecated: use the 'watch' parameter with a list operation instead.", - "operationId": "watchCoreApinetIroncoreDevV1alpha1NATGatewayListForAllNamespaces", + "description": "watch individual changes to a list of NetworkID. deprecated: use the 'watch' parameter with a list operation instead.", + "operationId": "watchCoreApinetIroncoreDevV1alpha1NetworkIDList", "responses": { "200": { "description": "OK", @@ -17273,7 +19927,7 @@ "x-kubernetes-group-version-kind": { "group": "core.apinet.ironcore.dev", "version": "v1alpha1", - "kind": "NATGateway" + "kind": "NetworkID" } }, "parameters": [ @@ -17378,13 +20032,13 @@ } ] }, - "/apis/core.apinet.ironcore.dev/v1alpha1/watch/nattables": { + "/apis/core.apinet.ironcore.dev/v1alpha1/watch/networkids/{name}": { "get": { "tags": [ "coreApinetIroncoreDev_v1alpha1" ], - "description": "watch individual changes to a list of NATTable. deprecated: use the 'watch' parameter with a list operation instead.", - "operationId": "watchCoreApinetIroncoreDevV1alpha1NATTableListForAllNamespaces", + "description": "watch changes to an object of kind NetworkID. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.", + "operationId": "watchCoreApinetIroncoreDevV1alpha1NetworkID", "responses": { "200": { "description": "OK", @@ -17407,11 +20061,11 @@ } } }, - "x-kubernetes-action": "watchlist", + "x-kubernetes-action": "watch", "x-kubernetes-group-version-kind": { "group": "core.apinet.ironcore.dev", "version": "v1alpha1", - "kind": "NATTable" + "kind": "NetworkID" } }, "parameters": [ @@ -17460,6 +20114,16 @@ "uniqueItems": true } }, + { + "name": "name", + "in": "path", + "description": "name of the NetworkID", + "required": true, + "schema": { + "type": "string", + "uniqueItems": true + } + }, { "name": "pretty", "in": "query", @@ -17516,13 +20180,13 @@ } ] }, - "/apis/core.apinet.ironcore.dev/v1alpha1/watch/networkids": { + "/apis/core.apinet.ironcore.dev/v1alpha1/watch/networkinterfaces": { "get": { "tags": [ "coreApinetIroncoreDev_v1alpha1" ], - "description": "watch individual changes to a list of NetworkID. deprecated: use the 'watch' parameter with a list operation instead.", - "operationId": "watchCoreApinetIroncoreDevV1alpha1NetworkIDList", + "description": "watch individual changes to a list of NetworkInterface. deprecated: use the 'watch' parameter with a list operation instead.", + "operationId": "watchCoreApinetIroncoreDevV1alpha1NetworkInterfaceListForAllNamespaces", "responses": { "200": { "description": "OK", @@ -17549,7 +20213,7 @@ "x-kubernetes-group-version-kind": { "group": "core.apinet.ironcore.dev", "version": "v1alpha1", - "kind": "NetworkID" + "kind": "NetworkInterface" } }, "parameters": [ @@ -17654,13 +20318,13 @@ } ] }, - "/apis/core.apinet.ironcore.dev/v1alpha1/watch/networkids/{name}": { + "/apis/core.apinet.ironcore.dev/v1alpha1/watch/networkpolicies": { "get": { "tags": [ "coreApinetIroncoreDev_v1alpha1" ], - "description": "watch changes to an object of kind NetworkID. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.", - "operationId": "watchCoreApinetIroncoreDevV1alpha1NetworkID", + "description": "watch individual changes to a list of NetworkPolicy. deprecated: use the 'watch' parameter with a list operation instead.", + "operationId": "watchCoreApinetIroncoreDevV1alpha1NetworkPolicyListForAllNamespaces", "responses": { "200": { "description": "OK", @@ -17683,11 +20347,11 @@ } } }, - "x-kubernetes-action": "watch", + "x-kubernetes-action": "watchlist", "x-kubernetes-group-version-kind": { "group": "core.apinet.ironcore.dev", "version": "v1alpha1", - "kind": "NetworkID" + "kind": "NetworkPolicy" } }, "parameters": [ @@ -17736,16 +20400,6 @@ "uniqueItems": true } }, - { - "name": "name", - "in": "path", - "description": "name of the NetworkID", - "required": true, - "schema": { - "type": "string", - "uniqueItems": true - } - }, { "name": "pretty", "in": "query", @@ -17802,13 +20456,13 @@ } ] }, - "/apis/core.apinet.ironcore.dev/v1alpha1/watch/networkinterfaces": { + "/apis/core.apinet.ironcore.dev/v1alpha1/watch/networkpolicyrules": { "get": { "tags": [ "coreApinetIroncoreDev_v1alpha1" ], - "description": "watch individual changes to a list of NetworkInterface. deprecated: use the 'watch' parameter with a list operation instead.", - "operationId": "watchCoreApinetIroncoreDevV1alpha1NetworkInterfaceListForAllNamespaces", + "description": "watch individual changes to a list of NetworkPolicyRule. deprecated: use the 'watch' parameter with a list operation instead.", + "operationId": "watchCoreApinetIroncoreDevV1alpha1NetworkPolicyRuleListForAllNamespaces", "responses": { "200": { "description": "OK", @@ -17835,7 +20489,7 @@ "x-kubernetes-group-version-kind": { "group": "core.apinet.ironcore.dev", "version": "v1alpha1", - "kind": "NetworkInterface" + "kind": "NetworkPolicyRule" } }, "parameters": [ @@ -18661,6 +21315,30 @@ } } }, + "com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.IPBlock": { + "description": "IPBlock specifies an ip block with optional exceptions.", + "type": "object", + "required": [ + "cidr" + ], + "properties": { + "cidr": { + "description": "CIDR is a string representing the ip block.", + "allOf": [ + { + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.apimachinery.api.net.IPPrefix" + } + ] + }, + "except": { + "description": "Except is a slice of CIDRs that should not be included within the specified CIDR. Values will be rejected if they are outside CIDR.", + "type": "array", + "items": { + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.apimachinery.api.net.IPPrefix" + } + } + } + }, "com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.IPClaimRef": { "type": "object", "properties": { @@ -19351,6 +22029,27 @@ } } }, + "com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.LocalUIDReference": { + "description": "LocalUIDReference is a reference to another entity including its UID", + "type": "object", + "required": [ + "name", + "uid" + ], + "properties": { + "name": { + "description": "Name is the name of the referenced entity.", + "type": "string", + "default": "" + }, + "uid": { + "description": "UID is the UID of the referenced entity.", + "type": "string", + "default": "" + } + }, + "x-kubernetes-map-type": "atomic" + }, "com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NATGateway": { "description": "NATGateway is the schema for the natgateways API.", "type": "object", @@ -19684,50 +22383,196 @@ "format": "int32", "default": 0 }, - "ip": { - "description": "IP is the source IP.", + "ip": { + "description": "IP is the source IP.", + "allOf": [ + { + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.apimachinery.api.net.IP" + } + ] + }, + "port": { + "description": "Port is the start port of the section.", + "type": "integer", + "format": "int32", + "default": 0 + }, + "targetRef": { + "description": "TargetRef references the entity having the IP.", + "allOf": [ + { + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NATTableIPTargetRef" + } + ] + } + } + }, + "com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NATTable": { + "description": "NATTable is the schema for the nattables API.", + "type": "object", + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "ips": { + "description": "IPs specifies how to NAT the IPs for the NAT gateway.", + "type": "array", + "items": { + "default": {}, + "allOf": [ + { + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NATIP" + } + ] + } + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "default": {}, + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ] + } + }, + "x-kubernetes-group-version-kind": [ + { + "group": "core.apinet.ironcore.dev", + "kind": "NATTable", + "version": "v1alpha1" + } + ] + }, + "com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NATTableIPTargetRef": { + "type": "object", + "required": [ + "uid", + "name", + "nodeRef" + ], + "properties": { + "name": { + "description": "Name is the name of the target.", + "type": "string", + "default": "" + }, + "nodeRef": { + "description": "NodeRef references the node the destination network interface is on.", + "default": {}, + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.LocalObjectReference" + } + ] + }, + "uid": { + "description": "UID is the UID of the target.", + "type": "string", + "default": "" + } + } + }, + "com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NATTableList": { + "description": "NATTableList contains a list of NATTable.", + "type": "object", + "required": [ + "items" + ], + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "type": "array", + "items": { + "default": {}, + "allOf": [ + { + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NATTable" + } + ] + } + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "default": {}, + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ] + } + }, + "x-kubernetes-group-version-kind": [ + { + "group": "core.apinet.ironcore.dev", + "kind": "NATTableList", + "version": "v1alpha1" + } + ] + }, + "com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Network": { + "description": "Network is the schema for the networks API.", + "type": "object", + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "default": {}, "allOf": [ { - "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.apimachinery.api.net.IP" + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" } ] }, - "port": { - "description": "Port is the start port of the section.", - "type": "integer", - "format": "int32", - "default": 0 + "spec": { + "default": {}, + "allOf": [ + { + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkSpec" + } + ] }, - "targetRef": { - "description": "TargetRef references the entity having the IP.", + "status": { + "default": {}, "allOf": [ { - "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NATTableIPTargetRef" + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkStatus" } ] } - } + }, + "x-kubernetes-group-version-kind": [ + { + "group": "core.apinet.ironcore.dev", + "kind": "Network", + "version": "v1alpha1" + } + ] }, - "com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NATTable": { - "description": "NATTable is the schema for the nattables API.", + "com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkID": { + "description": "NetworkID is the schema for the networkids API.", "type": "object", "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "ips": { - "description": "IPs specifies how to NAT the IPs for the NAT gateway.", - "type": "array", - "items": { - "default": {}, - "allOf": [ - { - "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NATIP" - } - ] - } - }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" @@ -19739,47 +22584,46 @@ "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" } ] + }, + "spec": { + "default": {}, + "allOf": [ + { + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkIDSpec" + } + ] } }, "x-kubernetes-group-version-kind": [ { "group": "core.apinet.ironcore.dev", - "kind": "NATTable", + "kind": "NetworkID", "version": "v1alpha1" } ] }, - "com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NATTableIPTargetRef": { + "com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkIDClaimRef": { "type": "object", - "required": [ - "uid", - "name", - "nodeRef" - ], "properties": { + "group": { + "type": "string" + }, "name": { - "description": "Name is the name of the target.", - "type": "string", - "default": "" + "type": "string" }, - "nodeRef": { - "description": "NodeRef references the node the destination network interface is on.", - "default": {}, - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.api.core.v1.LocalObjectReference" - } - ] + "namespace": { + "type": "string" + }, + "resource": { + "type": "string" }, "uid": { - "description": "UID is the UID of the target.", - "type": "string", - "default": "" + "type": "string" } } }, - "com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NATTableList": { - "description": "NATTableList contains a list of NATTable.", + "com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkIDList": { + "description": "NetworkIDList contains a list of NetworkID.", "type": "object", "required": [ "items" @@ -19795,7 +22639,7 @@ "default": {}, "allOf": [ { - "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NATTable" + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkID" } ] } @@ -19816,13 +22660,29 @@ "x-kubernetes-group-version-kind": [ { "group": "core.apinet.ironcore.dev", - "kind": "NATTableList", + "kind": "NetworkIDList", "version": "v1alpha1" } ] }, - "com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Network": { - "description": "Network is the schema for the networks API.", + "com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkIDSpec": { + "type": "object", + "required": [ + "claimRef" + ], + "properties": { + "claimRef": { + "default": {}, + "allOf": [ + { + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkIDClaimRef" + } + ] + } + } + }, + "com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkInterface": { + "description": "NetworkInterface is the schema for the networkinterfaces API.", "type": "object", "properties": { "apiVersion": { @@ -19845,7 +22705,7 @@ "default": {}, "allOf": [ { - "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkSpec" + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkInterfaceSpec" } ] }, @@ -19853,7 +22713,7 @@ "default": {}, "allOf": [ { - "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkStatus" + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkInterfaceStatus" } ] } @@ -19861,70 +22721,229 @@ "x-kubernetes-group-version-kind": [ { "group": "core.apinet.ironcore.dev", - "kind": "Network", + "kind": "NetworkInterface", "version": "v1alpha1" } ] }, - "com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkID": { - "description": "NetworkID is the schema for the networkids API.", + "com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkInterfaceList": { + "description": "NetworkInterfaceList contains a list of NetworkInterface.", "type": "object", + "required": [ + "items" + ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" + "items": { + "type": "array", + "items": { + "default": {}, + "allOf": [ + { + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkInterface" + } + ] + } + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "default": {}, + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ] + } + }, + "x-kubernetes-group-version-kind": [ + { + "group": "core.apinet.ironcore.dev", + "kind": "NetworkInterfaceList", + "version": "v1alpha1" + } + ] + }, + "com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkInterfaceNAT": { + "type": "object", + "required": [ + "ipFamily", + "claimRef" + ], + "properties": { + "claimRef": { + "description": "ClaimRef references the NAT claim handling the network interface's NAT.", + "default": {}, + "allOf": [ + { + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkInterfaceNATClaimRef" + } + ] + }, + "ipFamily": { + "description": "IPFamily is the IP family of the handling NAT gateway.\n\nPossible enum values:\n - `\"\"` indicates that this IP is unknown protocol\n - `\"IPv4\"` indicates that this IP is IPv4 protocol\n - `\"IPv6\"` indicates that this IP is IPv6 protocol", + "type": "string", + "default": "", + "enum": [ + "", + "IPv4", + "IPv6" + ] + } + } + }, + "com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkInterfaceNATClaimRef": { + "type": "object", + "required": [ + "name", + "uid" + ], + "properties": { + "name": { + "description": "Name is the name of the claiming NAT gateway.", + "type": "string", + "default": "" + }, + "uid": { + "description": "UID is the uid of the claiming NAT gateway.", + "type": "string", + "default": "" + } + } + }, + "com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkInterfacePublicIP": { + "type": "object", + "required": [ + "name" + ], + "properties": { + "ip": { + "description": "IP specifies a specific IP to allocate. If empty, a random ephemeral IP will be allocated.", + "allOf": [ + { + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.apimachinery.api.net.IP" + } + ] + }, + "ipFamily": { + "description": "IPFamily is the IP family of the IP. Has to match IP if specified. If unspecified and IP is specified, will be defaulted by using the IP family of IP. If only IPFamily is specified, a random IP of that family will be allocated if possible.\n\nPossible enum values:\n - `\"\"` indicates that this IP is unknown protocol\n - `\"IPv4\"` indicates that this IP is IPv4 protocol\n - `\"IPv6\"` indicates that this IP is IPv6 protocol", + "type": "string", + "enum": [ + "", + "IPv4", + "IPv6" + ] + }, + "name": { + "description": "Name is the semantic name of the network interface public IP.", + "type": "string", + "default": "" + } + } + }, + "com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkInterfaceSpec": { + "type": "object", + "required": [ + "nodeRef", + "networkRef" + ], + "properties": { + "ips": { + "description": "IPs are the internal IPs of the network interface.", + "type": "array", + "items": { + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.apimachinery.api.net.IP" + } + }, + "natGateways": { + "description": "NATs specify the NAT of the network interface IP family. Can only be set if there is no matching IP family in PublicIPs.", + "type": "array", + "items": { + "default": {}, + "allOf": [ + { + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkInterfaceNAT" + } + ] + } }, - "metadata": { + "networkRef": { + "description": "NetworkRef references the network that the network interface is in.", "default": {}, "allOf": [ { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + "$ref": "#/components/schemas/io.k8s.api.core.v1.LocalObjectReference" } ] }, - "spec": { + "nodeRef": { + "description": "NodeRef is the node the network interface is hosted on.", "default": {}, "allOf": [ { - "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkIDSpec" + "$ref": "#/components/schemas/io.k8s.api.core.v1.LocalObjectReference" } ] + }, + "prefixes": { + "description": "Prefixes are additional prefixes to route to the network interface.", + "type": "array", + "items": { + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.apimachinery.api.net.IPPrefix" + } + }, + "publicIPs": { + "description": "PublicIPs are the public IPs the network interface should have.", + "type": "array", + "items": { + "default": {}, + "allOf": [ + { + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkInterfacePublicIP" + } + ] + }, + "x-kubernetes-patch-merge-key": "name", + "x-kubernetes-patch-strategy": "merge,retainKeys" } - }, - "x-kubernetes-group-version-kind": [ - { - "group": "core.apinet.ironcore.dev", - "kind": "NetworkID", - "version": "v1alpha1" - } - ] + } }, - "com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkIDClaimRef": { + "com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkInterfaceStatus": { "type": "object", "properties": { - "group": { - "type": "string" + "natIPs": { + "type": "array", + "items": { + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.apimachinery.api.net.IP" + } }, - "name": { - "type": "string" + "pciAddress": { + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.PCIAddress" }, - "namespace": { - "type": "string" + "prefixes": { + "type": "array", + "items": { + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.apimachinery.api.net.IPPrefix" + } }, - "resource": { - "type": "string" + "publicIPs": { + "type": "array", + "items": { + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.apimachinery.api.net.IP" + } }, - "uid": { + "state": { "type": "string" } } }, - "com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkIDList": { - "description": "NetworkIDList contains a list of NetworkID.", + "com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkList": { + "description": "NetworkList contains a list of Network.", "type": "object", "required": [ "items" @@ -19940,7 +22959,7 @@ "default": {}, "allOf": [ { - "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkID" + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Network" } ] } @@ -19961,29 +22980,52 @@ "x-kubernetes-group-version-kind": [ { "group": "core.apinet.ironcore.dev", - "kind": "NetworkIDList", + "kind": "NetworkList", "version": "v1alpha1" } ] }, - "com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkIDSpec": { + "com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkPeering": { + "description": "NetworkPeering defines a network peering with another network.", "type": "object", "required": [ - "claimRef" + "name", + "id" ], "properties": { - "claimRef": { - "default": {}, - "allOf": [ - { - "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkIDClaimRef" - } - ] + "id": { + "description": "ID is the ID of the network to peer with.", + "type": "string", + "default": "" + }, + "name": { + "description": "Name is the semantical name of the network peering.", + "type": "string", + "default": "" } } }, - "com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkInterface": { - "description": "NetworkInterface is the schema for the networkinterfaces API.", + "com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkPeeringStatus": { + "description": "NetworkPeeringStatus is the status of a network peering.", + "type": "object", + "required": [ + "id" + ], + "properties": { + "id": { + "description": "ID is the ID of network", + "type": "integer", + "format": "int32", + "default": 0 + }, + "state": { + "description": "State represents the network peering state", + "type": "string" + } + } + }, + "com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkPolicy": { + "description": "NetworkPolicy is the Schema for the networkpolicies API.", "type": "object", "properties": { "apiVersion": { @@ -20006,15 +23048,7 @@ "default": {}, "allOf": [ { - "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkInterfaceSpec" - } - ] - }, - "status": { - "default": {}, - "allOf": [ - { - "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkInterfaceStatus" + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkPolicySpec" } ] } @@ -20022,13 +23056,73 @@ "x-kubernetes-group-version-kind": [ { "group": "core.apinet.ironcore.dev", - "kind": "NetworkInterface", + "kind": "NetworkPolicy", "version": "v1alpha1" } ] }, - "com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkInterfaceList": { - "description": "NetworkInterfaceList contains a list of NetworkInterface.", + "com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkPolicyEgressRule": { + "description": "NetworkPolicyEgressRule describes a rule to regulate egress traffic with.", + "type": "object", + "properties": { + "ports": { + "description": "Ports specifies the list of destination ports that can be called with this rule. Each item in this list is combined using a logical OR. Empty matches all ports. As soon as a single item is present, only these ports are allowed.", + "type": "array", + "items": { + "default": {}, + "allOf": [ + { + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkPolicyPort" + } + ] + } + }, + "to": { + "description": "To specifies the list of destinations which the selected network interfaces should be able to send traffic to. Fields are combined using a logical OR. Empty matches all destinations. As soon as a single item is present, only these peers are allowed.", + "type": "array", + "items": { + "default": {}, + "allOf": [ + { + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkPolicyPeer" + } + ] + } + } + } + }, + "com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkPolicyIngressRule": { + "description": "NetworkPolicyIngressRule describes a rule to regulate ingress traffic with.", + "type": "object", + "properties": { + "from": { + "description": "From specifies the list of sources which should be able to send traffic to the selected network interfaces. Fields are combined using a logical OR. Empty matches all sources. As soon as a single item is present, only these peers are allowed.", + "type": "array", + "items": { + "default": {}, + "allOf": [ + { + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkPolicyPeer" + } + ] + } + }, + "ports": { + "description": "Ports specifies the list of ports which should be made accessible for this rule. Each item in this list is combined using a logical OR. Empty matches all ports. As soon as a single item is present, only these ports are allowed.", + "type": "array", + "items": { + "default": {}, + "allOf": [ + { + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkPolicyPort" + } + ] + } + } + } + }, + "com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkPolicyList": { + "description": "NetworkPolicyList contains a list of NetworkPolicy.", "type": "object", "required": [ "items" @@ -20044,7 +23138,7 @@ "default": {}, "allOf": [ { - "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkInterface" + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkPolicy" } ] } @@ -20065,186 +23159,142 @@ "x-kubernetes-group-version-kind": [ { "group": "core.apinet.ironcore.dev", - "kind": "NetworkInterfaceList", + "kind": "NetworkPolicyList", "version": "v1alpha1" } ] }, - "com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkInterfaceNAT": { + "com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkPolicyPeer": { + "description": "NetworkPolicyPeer describes a peer to allow traffic to / from.", "type": "object", - "required": [ - "ipFamily", - "claimRef" - ], "properties": { - "claimRef": { - "description": "ClaimRef references the NAT claim handling the network interface's NAT.", - "default": {}, + "ipBlock": { + "description": "IPBlock specifies the ip block from or to which network traffic may come.", "allOf": [ { - "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkInterfaceNATClaimRef" + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.IPBlock" } ] }, - "ipFamily": { - "description": "IPFamily is the IP family of the handling NAT gateway.\n\nPossible enum values:\n - `\"\"` indicates that this IP is unknown protocol\n - `\"IPv4\"` indicates that this IP is IPv4 protocol\n - `\"IPv6\"` indicates that this IP is IPv6 protocol", - "type": "string", - "default": "", - "enum": [ - "", - "IPv4", - "IPv6" + "objectSelector": { + "description": "ObjectSelector selects peers with the given kind matching the label selector. Exclusive with other peer specifiers.", + "allOf": [ + { + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.ObjectSelector" + } ] } } }, - "com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkInterfaceNATClaimRef": { + "com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkPolicyPort": { + "description": "NetworkPolicyPort describes a port to allow traffic on", "type": "object", - "required": [ - "name", - "uid" - ], "properties": { - "name": { - "description": "Name is the name of the claiming NAT gateway.", - "type": "string", - "default": "" + "endPort": { + "description": "EndPort indicates that the range of ports from Port to EndPort, inclusive, should be allowed by the policy. This field cannot be defined if the port field is not defined. The endPort must be equal or greater than port.", + "type": "integer", + "format": "int32" }, - "uid": { - "description": "UID is the uid of the claiming NAT gateway.", - "type": "string", - "default": "" - } - } - }, - "com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkInterfacePublicIP": { - "type": "object", - "required": [ - "name" - ], - "properties": { - "ip": { - "description": "IP specifies a specific IP to allocate. If empty, a random ephemeral IP will be allocated.", - "allOf": [ - { - "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.apimachinery.api.net.IP" - } - ] + "port": { + "description": "The port on the given protocol. If this field is not provided, this matches all port names and numbers. If present, only traffic on the specified protocol AND port will be matched.", + "type": "integer", + "format": "int32" }, - "ipFamily": { - "description": "IPFamily is the IP family of the IP. Has to match IP if specified. If unspecified and IP is specified, will be defaulted by using the IP family of IP. If only IPFamily is specified, a random IP of that family will be allocated if possible.\n\nPossible enum values:\n - `\"\"` indicates that this IP is unknown protocol\n - `\"IPv4\"` indicates that this IP is IPv4 protocol\n - `\"IPv6\"` indicates that this IP is IPv6 protocol", + "protocol": { + "description": "Protocol (TCP, UDP, or SCTP) which traffic must match. If not specified, this field defaults to TCP.\n\nPossible enum values:\n - `\"SCTP\"` is the SCTP protocol.\n - `\"TCP\"` is the TCP protocol.\n - `\"UDP\"` is the UDP protocol.", "type": "string", "enum": [ - "", - "IPv4", - "IPv6" - ] - }, - "name": { - "description": "Name is the semantic name of the network interface public IP.", - "type": "string", - "default": "" + "SCTP", + "TCP", + "UDP" + ] } } }, - "com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkInterfaceSpec": { + "com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkPolicyRule": { + "description": "NetworkPolicyRule is the schema for the networkpolicyrules API.", "type": "object", "required": [ - "nodeRef", "networkRef" ], "properties": { - "ips": { - "description": "IPs are the internal IPs of the network interface.", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "egressRule": { + "description": "EgressRules are the egress rules.", "type": "array", "items": { - "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.apimachinery.api.net.IP" + "default": {}, + "allOf": [ + { + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Rule" + } + ] } }, - "natGateways": { - "description": "NATs specify the NAT of the network interface IP family. Can only be set if there is no matching IP family in PublicIPs.", + "ingressRule": { + "description": "IngressRules are the ingress rules.", "type": "array", "items": { "default": {}, "allOf": [ { - "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkInterfaceNAT" + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Rule" } ] } }, - "networkRef": { - "description": "NetworkRef references the network that the network interface is in.", + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { "default": {}, "allOf": [ { - "$ref": "#/components/schemas/io.k8s.api.core.v1.LocalObjectReference" + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" } ] }, - "nodeRef": { - "description": "NodeRef is the node the network interface is hosted on.", + "networkRef": { + "description": "NetworkRef is the network the load balancer is assigned to.", "default": {}, "allOf": [ { - "$ref": "#/components/schemas/io.k8s.api.core.v1.LocalObjectReference" + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.LocalUIDReference" } ] }, - "prefixes": { - "description": "Prefixes are additional prefixes to route to the network interface.", - "type": "array", - "items": { - "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.apimachinery.api.net.IPPrefix" - } + "priority": { + "description": "Priority is an optional field that specifies the order in which the policy is applied.", + "type": "integer", + "format": "int32" }, - "publicIPs": { - "description": "PublicIPs are the public IPs the network interface should have.", + "targets": { + "description": "Targets are the targets of the network policy.", "type": "array", "items": { "default": {}, "allOf": [ { - "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkInterfacePublicIP" + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.TargetNetworkInterface" } ] - }, - "x-kubernetes-patch-merge-key": "name", - "x-kubernetes-patch-strategy": "merge,retainKeys" - } - } - }, - "com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkInterfaceStatus": { - "type": "object", - "properties": { - "natIPs": { - "type": "array", - "items": { - "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.apimachinery.api.net.IP" - } - }, - "pciAddress": { - "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.PCIAddress" - }, - "prefixes": { - "type": "array", - "items": { - "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.apimachinery.api.net.IPPrefix" } - }, - "publicIPs": { - "type": "array", - "items": { - "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.apimachinery.api.net.IP" - } - }, - "state": { - "type": "string" } - } + }, + "x-kubernetes-group-version-kind": [ + { + "group": "core.apinet.ironcore.dev", + "kind": "NetworkPolicyRule", + "version": "v1alpha1" + } + ] }, - "com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkList": { - "description": "NetworkList contains a list of Network.", + "com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkPolicyRuleList": { + "description": "NetworkPolicyRulesList contains a list of NetworkPolicyRule.", "type": "object", "required": [ "items" @@ -20260,7 +23310,7 @@ "default": {}, "allOf": [ { - "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Network" + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkPolicyRule" } ] } @@ -20281,22 +23331,112 @@ "x-kubernetes-group-version-kind": [ { "group": "core.apinet.ironcore.dev", - "kind": "NetworkList", + "kind": "NetworkPolicyRuleList", "version": "v1alpha1" } ] }, + "com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkPolicySpec": { + "type": "object", + "required": [ + "networkRef", + "networkInterfaceSelector" + ], + "properties": { + "egress": { + "description": "Egress specifies rules for egress traffic.", + "type": "array", + "items": { + "default": {}, + "allOf": [ + { + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkPolicyEgressRule" + } + ] + } + }, + "ingress": { + "description": "Ingress specifies rules for ingress traffic.", + "type": "array", + "items": { + "default": {}, + "allOf": [ + { + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkPolicyIngressRule" + } + ] + } + }, + "networkInterfaceSelector": { + "description": "NetworkInterfaceSelector selects the network interfaces that are subject to this policy.", + "default": {}, + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector" + } + ] + }, + "networkRef": { + "description": "NetworkRef is the network to regulate using this policy.", + "default": {}, + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.LocalObjectReference" + } + ] + }, + "policyTypes": { + "description": "PolicyTypes specifies the types of policies this network policy contains.", + "type": "array", + "items": { + "type": "string", + "default": "" + } + }, + "priority": { + "description": "Priority is an optional field that specifies the order in which the policy is applied. Policies with higher \"order\" are applied after those with lower order. If the order is omitted, it may be considered to be \"infinite\" - i.e. the policy will be applied last. Policies with identical order will be applied in alphanumerical order based on the Policy \"Name\".", + "type": "integer", + "format": "int32" + } + } + }, "com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkSpec": { "type": "object", "properties": { "id": { "description": "ID is the ID of the network.", "type": "string" + }, + "peerings": { + "description": "Peerings are the network peerings with this network", + "type": "array", + "items": { + "default": {}, + "allOf": [ + { + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkPeering" + } + ] + } } } }, "com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkStatus": { - "type": "object" + "type": "object", + "properties": { + "peerings": { + "description": "Peerings contains the states of the network peerings for the network.", + "type": "array", + "items": { + "default": {}, + "allOf": [ + { + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkPeeringStatus" + } + ] + } + } + } }, "com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Node": { "description": "Node is the schema for the nodes API.", @@ -20479,6 +23619,62 @@ "com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NodeStatus": { "type": "object" }, + "com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.ObjectIP": { + "type": "object", + "properties": { + "ipFamily": { + "description": "IPFamily is the IPFamily of the prefix. If unset but Prefix is set, this can be inferred.\n\nPossible enum values:\n - `\"\"` indicates that this IP is unknown protocol\n - `\"IPv4\"` indicates that this IP is IPv4 protocol\n - `\"IPv6\"` indicates that this IP is IPv6 protocol", + "type": "string", + "enum": [ + "", + "IPv4", + "IPv6" + ] + }, + "prefix": { + "description": "Prefix is the prefix of the IP.", + "allOf": [ + { + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.apimachinery.api.net.IPPrefix" + } + ] + } + } + }, + "com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.ObjectSelector": { + "description": "ObjectSelector specifies how to select objects of a certain kind.", + "type": "object", + "required": [ + "kind" + ], + "properties": { + "kind": { + "description": "Kind is the kind of object to select.", + "type": "string", + "default": "" + }, + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "type": "array", + "items": { + "default": {}, + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelectorRequirement" + } + ] + } + }, + "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object", + "additionalProperties": { + "type": "string", + "default": "" + } + } + } + }, "com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.PCIAddress": { "description": "PCIAddress is a PCI address.", "type": "object", @@ -20497,6 +23693,72 @@ } } }, + "com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.Rule": { + "type": "object", + "properties": { + "ipBlock": { + "description": "CIDRBlock specifies the CIDR block from which network traffic may come or go.", + "type": "array", + "items": { + "default": {}, + "allOf": [ + { + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.IPBlock" + } + ] + } + }, + "ips": { + "description": "ObjectIPs are the object IPs the rule applies to.", + "type": "array", + "items": { + "default": {}, + "allOf": [ + { + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.ObjectIP" + } + ] + } + }, + "networkPolicyPorts": { + "description": "NetworkPolicyPorts are the protocol type and ports.", + "type": "array", + "items": { + "default": {}, + "allOf": [ + { + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.NetworkPolicyPort" + } + ] + } + } + } + }, + "com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.TargetNetworkInterface": { + "description": "TargetNetworkInterface is the target of the network policy.", + "type": "object", + "required": [ + "ip" + ], + "properties": { + "ip": { + "description": "IP is the IP address of the target network interface.", + "allOf": [ + { + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.apimachinery.api.net.IP" + } + ] + }, + "targetRef": { + "description": "TargetRef is the target providing the destination.", + "allOf": [ + { + "$ref": "#/components/schemas/com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.LocalUIDReference" + } + ] + } + } + }, "com.github.ironcore-dev.ironcore-net.api.core.v1alpha1.TopologySpreadConstraint": { "description": "TopologySpreadConstraint specifies how to spread matching instances among the given topology.", "type": "object", diff --git a/go.sum b/go.sum index 45aee808..3ae81ea6 100644 --- a/go.sum +++ b/go.sum @@ -134,6 +134,8 @@ github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9G github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= +github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f h1:y5//uYreIhSUg3J1GEMiLbxo1LJaP8RfCpH6pymGZus= +github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw= github.com/onsi/ginkgo/v2 v2.19.0 h1:9Cnnf7UHo57Hy3k6/m5k3dRfGTMXGvxhHFvkDTCTpvA= github.com/onsi/ginkgo/v2 v2.19.0/go.mod h1:rlwLi9PilAFJ8jCg9UE1QP6VBpd6/xj3SRC0d6TU0To= github.com/onsi/gomega v1.33.1 h1:dsYjIxxSR755MDmKVsaFQTE22ChNBcuuTWgkUDSubOk= diff --git a/internal/apis/core/common_types.go b/internal/apis/core/common_types.go index 466b9092..a48574c2 100644 --- a/internal/apis/core/common_types.go +++ b/internal/apis/core/common_types.go @@ -3,6 +3,11 @@ package core +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/types" +) + const ( ReconcileRequestAnnotation = "reconcile.apinet.ironcore.dev/requestedAt" @@ -28,3 +33,20 @@ func APINetletCommonName(name string) string { func MetalnetletCommonName(name string) string { return MetalnetletUserNamePrefix + name } + +// ObjectSelector specifies how to select objects of a certain kind. +type ObjectSelector struct { + // Kind is the kind of object to select. + Kind string `json:"kind"` + // LabelSelector is the label selector to select objects of the specified Kind by. + metav1.LabelSelector `json:",inline"` +} + +// LocalUIDReference is a reference to another entity including its UID +// +structType=atomic +type LocalUIDReference struct { + // Name is the name of the referenced entity. + Name string `json:"name"` + // UID is the UID of the referenced entity. + UID types.UID `json:"uid"` +} diff --git a/internal/apis/core/networkpolicy_types.go b/internal/apis/core/networkpolicy_types.go new file mode 100644 index 00000000..5c262f37 --- /dev/null +++ b/internal/apis/core/networkpolicy_types.go @@ -0,0 +1,118 @@ +// SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and IronCore contributors +// SPDX-License-Identifier: Apache-2.0 + +package core + +import ( + "github.com/ironcore-dev/ironcore-net/apimachinery/api/net" + corev1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +type NetworkPolicySpec struct { + // NetworkRef is the network to regulate using this policy. + NetworkRef corev1.LocalObjectReference + // NetworkInterfaceSelector selects the network interfaces that are subject to this policy. + NetworkInterfaceSelector metav1.LabelSelector + // Priority is an optional field that specifies the order in which the policy is applied. + // Policies with higher "order" are applied after those with lower + // order. If the order is omitted, it may be considered to be "infinite" - i.e. the + // policy will be applied last. Policies with identical order will be applied in + // alphanumerical order based on the Policy "Name". + Priority *int32 + // Ingress specifies rules for ingress traffic. + Ingress []NetworkPolicyIngressRule + // Egress specifies rules for egress traffic. + Egress []NetworkPolicyEgressRule + // PolicyTypes specifies the types of policies this network policy contains. + PolicyTypes []PolicyType +} + +// NetworkPolicyPort describes a port to allow traffic on +type NetworkPolicyPort struct { + // Protocol (TCP, UDP, or SCTP) which traffic must match. If not specified, this + // field defaults to TCP. + Protocol *corev1.Protocol + + // The port on the given protocol. If this field is not provided, this matches + // all port names and numbers. + // If present, only traffic on the specified protocol AND port will be matched. + Port int32 + + // EndPort indicates that the range of ports from Port to EndPort, inclusive, + // should be allowed by the policy. This field cannot be defined if the port field + // is not defined. The endPort must be equal or greater than port. + EndPort *int32 +} + +// IPBlock specifies an ip block with optional exceptions. +type IPBlock struct { + // CIDR is a string representing the ip block. + CIDR net.IPPrefix + // Except is a slice of CIDRs that should not be included within the specified CIDR. + // Values will be rejected if they are outside CIDR. + Except []net.IPPrefix +} + +// NetworkPolicyPeer describes a peer to allow traffic to / from. +type NetworkPolicyPeer struct { + // ObjectSelector selects peers with the given kind matching the label selector. + // Exclusive with other peer specifiers. + ObjectSelector *ObjectSelector + // IPBlock specifies the ip block from or to which network traffic may come. + IPBlock *IPBlock +} + +// NetworkPolicyIngressRule describes a rule to regulate ingress traffic with. +type NetworkPolicyIngressRule struct { + // From specifies the list of sources which should be able to send traffic to the + // selected network interfaces. Fields are combined using a logical OR. Empty matches all sources. + // As soon as a single item is present, only these peers are allowed. + From []NetworkPolicyPeer + // Ports specifies the list of ports which should be made accessible for + // this rule. Each item in this list is combined using a logical OR. Empty matches all ports. + // As soon as a single item is present, only these ports are allowed. + Ports []NetworkPolicyPort +} + +// NetworkPolicyEgressRule describes a rule to regulate egress traffic with. +type NetworkPolicyEgressRule struct { + // Ports specifies the list of destination ports that can be called with + // this rule. Each item in this list is combined using a logical OR. Empty matches all ports. + // As soon as a single item is present, only these ports are allowed. + Ports []NetworkPolicyPort + // To specifies the list of destinations which the selected network interfaces should be + // able to send traffic to. Fields are combined using a logical OR. Empty matches all destinations. + // As soon as a single item is present, only these peers are allowed. + To []NetworkPolicyPeer +} + +// PolicyType is a type of policy. +type PolicyType string + +const ( + // PolicyTypeIngress is a policy that describes ingress traffic. + PolicyTypeIngress PolicyType = "Ingress" + // PolicyTypeEgress is a policy that describes egress traffic. + PolicyTypeEgress PolicyType = "Egress" +) + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +genclient + +// NetworkPolicy is the Schema for the networkpolicies API. +type NetworkPolicy struct { + metav1.TypeMeta + metav1.ObjectMeta + + Spec NetworkPolicySpec +} + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// NetworkPolicyList contains a list of NetworkPolicy. +type NetworkPolicyList struct { + metav1.TypeMeta + metav1.ListMeta + Items []NetworkPolicy +} diff --git a/internal/apis/core/networkpolicyrule_types.go b/internal/apis/core/networkpolicyrule_types.go new file mode 100644 index 00000000..386e2272 --- /dev/null +++ b/internal/apis/core/networkpolicyrule_types.go @@ -0,0 +1,64 @@ +// SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and IronCore contributors +// SPDX-License-Identifier: Apache-2.0 + +package core + +import ( + "github.com/ironcore-dev/ironcore-net/apimachinery/api/net" + corev1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +genclient + +// NetworkPolicyRule is the schema for the networkpolicyrules API. +type NetworkPolicyRule struct { + metav1.TypeMeta + metav1.ObjectMeta + + // NetworkRef is the network the load balancer is assigned to. + NetworkRef LocalUIDReference + // Targets are the targets of the network policy. + Targets []TargetNetworkInterface + // Priority is an optional field that specifies the order in which the policy is applied. + Priority *int32 + // IngressRules are the ingress rules. + IngressRules []Rule + // EgressRules are the egress rules. + EgressRules []Rule +} + +// TargetNetworkInterface is the target of the network policy. +type TargetNetworkInterface struct { + // IP is the IP address of the target network interface. + IP net.IP + // TargetRef is the target providing the destination. + TargetRef *LocalUIDReference +} + +type Rule struct { + // CIDRBlock specifies the CIDR block from which network traffic may come or go. + CIDRBlock []IPBlock + // ObjectIPs are the object IPs the rule applies to. + ObjectIPs []ObjectIP + // NetworkPolicyPorts are the protocol type and ports. + NetworkPolicyPorts []NetworkPolicyPort +} + +type ObjectIP struct { + // IPFamily is the IPFamily of the prefix. + // If unset but Prefix is set, this can be inferred. + IPFamily corev1.IPFamily + // Prefix is the prefix of the IP. + Prefix net.IPPrefix +} + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// NetworkPolicyRulesList contains a list of NetworkPolicyRule. +type NetworkPolicyRuleList struct { + metav1.TypeMeta + metav1.ListMeta + Items []NetworkPolicyRule +} diff --git a/internal/apis/core/register.go b/internal/apis/core/register.go index 5601229b..0d04f9f8 100644 --- a/internal/apis/core/register.go +++ b/internal/apis/core/register.go @@ -54,6 +54,10 @@ func addKnownTypes(scheme *runtime.Scheme) error { &NetworkIDList{}, &NetworkInterface{}, &NetworkInterfaceList{}, + &NetworkPolicy{}, + &NetworkPolicyList{}, + &NetworkPolicyRule{}, + &NetworkPolicyRuleList{}, &Node{}, &NodeList{}, ) diff --git a/internal/apis/core/v1alpha1/zz_generated.conversion.go b/internal/apis/core/v1alpha1/zz_generated.conversion.go index 8b88226c..faa379a7 100644 --- a/internal/apis/core/v1alpha1/zz_generated.conversion.go +++ b/internal/apis/core/v1alpha1/zz_generated.conversion.go @@ -128,6 +128,16 @@ func RegisterConversions(s *runtime.Scheme) error { }); err != nil { return err } + if err := s.AddGeneratedConversionFunc((*v1alpha1.IPBlock)(nil), (*core.IPBlock)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_v1alpha1_IPBlock_To_core_IPBlock(a.(*v1alpha1.IPBlock), b.(*core.IPBlock), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*core.IPBlock)(nil), (*v1alpha1.IPBlock)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_core_IPBlock_To_v1alpha1_IPBlock(a.(*core.IPBlock), b.(*v1alpha1.IPBlock), scope) + }); err != nil { + return err + } if err := s.AddGeneratedConversionFunc((*v1alpha1.IPClaimRef)(nil), (*core.IPClaimRef)(nil), func(a, b interface{}, scope conversion.Scope) error { return Convert_v1alpha1_IPClaimRef_To_core_IPClaimRef(a.(*v1alpha1.IPClaimRef), b.(*core.IPClaimRef), scope) }); err != nil { @@ -338,6 +348,16 @@ func RegisterConversions(s *runtime.Scheme) error { }); err != nil { return err } + if err := s.AddGeneratedConversionFunc((*v1alpha1.LocalUIDReference)(nil), (*core.LocalUIDReference)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_v1alpha1_LocalUIDReference_To_core_LocalUIDReference(a.(*v1alpha1.LocalUIDReference), b.(*core.LocalUIDReference), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*core.LocalUIDReference)(nil), (*v1alpha1.LocalUIDReference)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_core_LocalUIDReference_To_v1alpha1_LocalUIDReference(a.(*core.LocalUIDReference), b.(*v1alpha1.LocalUIDReference), scope) + }); err != nil { + return err + } if err := s.AddGeneratedConversionFunc((*v1alpha1.NATGateway)(nil), (*core.NATGateway)(nil), func(a, b interface{}, scope conversion.Scope) error { return Convert_v1alpha1_NATGateway_To_core_NATGateway(a.(*v1alpha1.NATGateway), b.(*core.NATGateway), scope) }); err != nil { @@ -628,6 +648,96 @@ func RegisterConversions(s *runtime.Scheme) error { }); err != nil { return err } + if err := s.AddGeneratedConversionFunc((*v1alpha1.NetworkPolicy)(nil), (*core.NetworkPolicy)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_v1alpha1_NetworkPolicy_To_core_NetworkPolicy(a.(*v1alpha1.NetworkPolicy), b.(*core.NetworkPolicy), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*core.NetworkPolicy)(nil), (*v1alpha1.NetworkPolicy)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_core_NetworkPolicy_To_v1alpha1_NetworkPolicy(a.(*core.NetworkPolicy), b.(*v1alpha1.NetworkPolicy), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*v1alpha1.NetworkPolicyEgressRule)(nil), (*core.NetworkPolicyEgressRule)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_v1alpha1_NetworkPolicyEgressRule_To_core_NetworkPolicyEgressRule(a.(*v1alpha1.NetworkPolicyEgressRule), b.(*core.NetworkPolicyEgressRule), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*core.NetworkPolicyEgressRule)(nil), (*v1alpha1.NetworkPolicyEgressRule)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_core_NetworkPolicyEgressRule_To_v1alpha1_NetworkPolicyEgressRule(a.(*core.NetworkPolicyEgressRule), b.(*v1alpha1.NetworkPolicyEgressRule), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*v1alpha1.NetworkPolicyIngressRule)(nil), (*core.NetworkPolicyIngressRule)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_v1alpha1_NetworkPolicyIngressRule_To_core_NetworkPolicyIngressRule(a.(*v1alpha1.NetworkPolicyIngressRule), b.(*core.NetworkPolicyIngressRule), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*core.NetworkPolicyIngressRule)(nil), (*v1alpha1.NetworkPolicyIngressRule)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_core_NetworkPolicyIngressRule_To_v1alpha1_NetworkPolicyIngressRule(a.(*core.NetworkPolicyIngressRule), b.(*v1alpha1.NetworkPolicyIngressRule), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*v1alpha1.NetworkPolicyList)(nil), (*core.NetworkPolicyList)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_v1alpha1_NetworkPolicyList_To_core_NetworkPolicyList(a.(*v1alpha1.NetworkPolicyList), b.(*core.NetworkPolicyList), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*core.NetworkPolicyList)(nil), (*v1alpha1.NetworkPolicyList)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_core_NetworkPolicyList_To_v1alpha1_NetworkPolicyList(a.(*core.NetworkPolicyList), b.(*v1alpha1.NetworkPolicyList), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*v1alpha1.NetworkPolicyPeer)(nil), (*core.NetworkPolicyPeer)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_v1alpha1_NetworkPolicyPeer_To_core_NetworkPolicyPeer(a.(*v1alpha1.NetworkPolicyPeer), b.(*core.NetworkPolicyPeer), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*core.NetworkPolicyPeer)(nil), (*v1alpha1.NetworkPolicyPeer)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_core_NetworkPolicyPeer_To_v1alpha1_NetworkPolicyPeer(a.(*core.NetworkPolicyPeer), b.(*v1alpha1.NetworkPolicyPeer), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*v1alpha1.NetworkPolicyPort)(nil), (*core.NetworkPolicyPort)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_v1alpha1_NetworkPolicyPort_To_core_NetworkPolicyPort(a.(*v1alpha1.NetworkPolicyPort), b.(*core.NetworkPolicyPort), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*core.NetworkPolicyPort)(nil), (*v1alpha1.NetworkPolicyPort)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_core_NetworkPolicyPort_To_v1alpha1_NetworkPolicyPort(a.(*core.NetworkPolicyPort), b.(*v1alpha1.NetworkPolicyPort), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*v1alpha1.NetworkPolicyRule)(nil), (*core.NetworkPolicyRule)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_v1alpha1_NetworkPolicyRule_To_core_NetworkPolicyRule(a.(*v1alpha1.NetworkPolicyRule), b.(*core.NetworkPolicyRule), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*core.NetworkPolicyRule)(nil), (*v1alpha1.NetworkPolicyRule)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_core_NetworkPolicyRule_To_v1alpha1_NetworkPolicyRule(a.(*core.NetworkPolicyRule), b.(*v1alpha1.NetworkPolicyRule), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*v1alpha1.NetworkPolicyRuleList)(nil), (*core.NetworkPolicyRuleList)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_v1alpha1_NetworkPolicyRuleList_To_core_NetworkPolicyRuleList(a.(*v1alpha1.NetworkPolicyRuleList), b.(*core.NetworkPolicyRuleList), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*core.NetworkPolicyRuleList)(nil), (*v1alpha1.NetworkPolicyRuleList)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_core_NetworkPolicyRuleList_To_v1alpha1_NetworkPolicyRuleList(a.(*core.NetworkPolicyRuleList), b.(*v1alpha1.NetworkPolicyRuleList), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*v1alpha1.NetworkPolicySpec)(nil), (*core.NetworkPolicySpec)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_v1alpha1_NetworkPolicySpec_To_core_NetworkPolicySpec(a.(*v1alpha1.NetworkPolicySpec), b.(*core.NetworkPolicySpec), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*core.NetworkPolicySpec)(nil), (*v1alpha1.NetworkPolicySpec)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_core_NetworkPolicySpec_To_v1alpha1_NetworkPolicySpec(a.(*core.NetworkPolicySpec), b.(*v1alpha1.NetworkPolicySpec), scope) + }); err != nil { + return err + } if err := s.AddGeneratedConversionFunc((*v1alpha1.NetworkSpec)(nil), (*core.NetworkSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { return Convert_v1alpha1_NetworkSpec_To_core_NetworkSpec(a.(*v1alpha1.NetworkSpec), b.(*core.NetworkSpec), scope) }); err != nil { @@ -728,6 +838,26 @@ func RegisterConversions(s *runtime.Scheme) error { }); err != nil { return err } + if err := s.AddGeneratedConversionFunc((*v1alpha1.ObjectIP)(nil), (*core.ObjectIP)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_v1alpha1_ObjectIP_To_core_ObjectIP(a.(*v1alpha1.ObjectIP), b.(*core.ObjectIP), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*core.ObjectIP)(nil), (*v1alpha1.ObjectIP)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_core_ObjectIP_To_v1alpha1_ObjectIP(a.(*core.ObjectIP), b.(*v1alpha1.ObjectIP), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*v1alpha1.ObjectSelector)(nil), (*core.ObjectSelector)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_v1alpha1_ObjectSelector_To_core_ObjectSelector(a.(*v1alpha1.ObjectSelector), b.(*core.ObjectSelector), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*core.ObjectSelector)(nil), (*v1alpha1.ObjectSelector)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_core_ObjectSelector_To_v1alpha1_ObjectSelector(a.(*core.ObjectSelector), b.(*v1alpha1.ObjectSelector), scope) + }); err != nil { + return err + } if err := s.AddGeneratedConversionFunc((*v1alpha1.PCIAddress)(nil), (*core.PCIAddress)(nil), func(a, b interface{}, scope conversion.Scope) error { return Convert_v1alpha1_PCIAddress_To_core_PCIAddress(a.(*v1alpha1.PCIAddress), b.(*core.PCIAddress), scope) }); err != nil { @@ -738,6 +868,26 @@ func RegisterConversions(s *runtime.Scheme) error { }); err != nil { return err } + if err := s.AddGeneratedConversionFunc((*v1alpha1.Rule)(nil), (*core.Rule)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_v1alpha1_Rule_To_core_Rule(a.(*v1alpha1.Rule), b.(*core.Rule), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*core.Rule)(nil), (*v1alpha1.Rule)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_core_Rule_To_v1alpha1_Rule(a.(*core.Rule), b.(*v1alpha1.Rule), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*v1alpha1.TargetNetworkInterface)(nil), (*core.TargetNetworkInterface)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_v1alpha1_TargetNetworkInterface_To_core_TargetNetworkInterface(a.(*v1alpha1.TargetNetworkInterface), b.(*core.TargetNetworkInterface), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*core.TargetNetworkInterface)(nil), (*v1alpha1.TargetNetworkInterface)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_core_TargetNetworkInterface_To_v1alpha1_TargetNetworkInterface(a.(*core.TargetNetworkInterface), b.(*v1alpha1.TargetNetworkInterface), scope) + }); err != nil { + return err + } if err := s.AddGeneratedConversionFunc((*v1alpha1.TopologySpreadConstraint)(nil), (*core.TopologySpreadConstraint)(nil), func(a, b interface{}, scope conversion.Scope) error { return Convert_v1alpha1_TopologySpreadConstraint_To_core_TopologySpreadConstraint(a.(*v1alpha1.TopologySpreadConstraint), b.(*core.TopologySpreadConstraint), scope) }); err != nil { @@ -1007,6 +1157,28 @@ func Convert_core_IPAddressSpec_To_v1alpha1_IPAddressSpec(in *core.IPAddressSpec return autoConvert_core_IPAddressSpec_To_v1alpha1_IPAddressSpec(in, out, s) } +func autoConvert_v1alpha1_IPBlock_To_core_IPBlock(in *v1alpha1.IPBlock, out *core.IPBlock, s conversion.Scope) error { + out.CIDR = in.CIDR + out.Except = *(*[]net.IPPrefix)(unsafe.Pointer(&in.Except)) + return nil +} + +// Convert_v1alpha1_IPBlock_To_core_IPBlock is an autogenerated conversion function. +func Convert_v1alpha1_IPBlock_To_core_IPBlock(in *v1alpha1.IPBlock, out *core.IPBlock, s conversion.Scope) error { + return autoConvert_v1alpha1_IPBlock_To_core_IPBlock(in, out, s) +} + +func autoConvert_core_IPBlock_To_v1alpha1_IPBlock(in *core.IPBlock, out *v1alpha1.IPBlock, s conversion.Scope) error { + out.CIDR = in.CIDR + out.Except = *(*[]net.IPPrefix)(unsafe.Pointer(&in.Except)) + return nil +} + +// Convert_core_IPBlock_To_v1alpha1_IPBlock is an autogenerated conversion function. +func Convert_core_IPBlock_To_v1alpha1_IPBlock(in *core.IPBlock, out *v1alpha1.IPBlock, s conversion.Scope) error { + return autoConvert_core_IPBlock_To_v1alpha1_IPBlock(in, out, s) +} + func autoConvert_v1alpha1_IPClaimRef_To_core_IPClaimRef(in *v1alpha1.IPClaimRef, out *core.IPClaimRef, s conversion.Scope) error { out.Group = in.Group out.Resource = in.Resource @@ -1523,6 +1695,28 @@ func Convert_core_LoadBalancerTargetRef_To_v1alpha1_LoadBalancerTargetRef(in *co return autoConvert_core_LoadBalancerTargetRef_To_v1alpha1_LoadBalancerTargetRef(in, out, s) } +func autoConvert_v1alpha1_LocalUIDReference_To_core_LocalUIDReference(in *v1alpha1.LocalUIDReference, out *core.LocalUIDReference, s conversion.Scope) error { + out.Name = in.Name + out.UID = types.UID(in.UID) + return nil +} + +// Convert_v1alpha1_LocalUIDReference_To_core_LocalUIDReference is an autogenerated conversion function. +func Convert_v1alpha1_LocalUIDReference_To_core_LocalUIDReference(in *v1alpha1.LocalUIDReference, out *core.LocalUIDReference, s conversion.Scope) error { + return autoConvert_v1alpha1_LocalUIDReference_To_core_LocalUIDReference(in, out, s) +} + +func autoConvert_core_LocalUIDReference_To_v1alpha1_LocalUIDReference(in *core.LocalUIDReference, out *v1alpha1.LocalUIDReference, s conversion.Scope) error { + out.Name = in.Name + out.UID = types.UID(in.UID) + return nil +} + +// Convert_core_LocalUIDReference_To_v1alpha1_LocalUIDReference is an autogenerated conversion function. +func Convert_core_LocalUIDReference_To_v1alpha1_LocalUIDReference(in *core.LocalUIDReference, out *v1alpha1.LocalUIDReference, s conversion.Scope) error { + return autoConvert_core_LocalUIDReference_To_v1alpha1_LocalUIDReference(in, out, s) +} + func autoConvert_v1alpha1_NATGateway_To_core_NATGateway(in *v1alpha1.NATGateway, out *core.NATGateway, s conversion.Scope) error { out.ObjectMeta = in.ObjectMeta if err := Convert_v1alpha1_NATGatewaySpec_To_core_NATGatewaySpec(&in.Spec, &out.Spec, s); err != nil { @@ -2241,6 +2435,230 @@ func Convert_core_NetworkPeeringStatus_To_v1alpha1_NetworkPeeringStatus(in *core return autoConvert_core_NetworkPeeringStatus_To_v1alpha1_NetworkPeeringStatus(in, out, s) } +func autoConvert_v1alpha1_NetworkPolicy_To_core_NetworkPolicy(in *v1alpha1.NetworkPolicy, out *core.NetworkPolicy, s conversion.Scope) error { + out.ObjectMeta = in.ObjectMeta + if err := Convert_v1alpha1_NetworkPolicySpec_To_core_NetworkPolicySpec(&in.Spec, &out.Spec, s); err != nil { + return err + } + return nil +} + +// Convert_v1alpha1_NetworkPolicy_To_core_NetworkPolicy is an autogenerated conversion function. +func Convert_v1alpha1_NetworkPolicy_To_core_NetworkPolicy(in *v1alpha1.NetworkPolicy, out *core.NetworkPolicy, s conversion.Scope) error { + return autoConvert_v1alpha1_NetworkPolicy_To_core_NetworkPolicy(in, out, s) +} + +func autoConvert_core_NetworkPolicy_To_v1alpha1_NetworkPolicy(in *core.NetworkPolicy, out *v1alpha1.NetworkPolicy, s conversion.Scope) error { + out.ObjectMeta = in.ObjectMeta + if err := Convert_core_NetworkPolicySpec_To_v1alpha1_NetworkPolicySpec(&in.Spec, &out.Spec, s); err != nil { + return err + } + return nil +} + +// Convert_core_NetworkPolicy_To_v1alpha1_NetworkPolicy is an autogenerated conversion function. +func Convert_core_NetworkPolicy_To_v1alpha1_NetworkPolicy(in *core.NetworkPolicy, out *v1alpha1.NetworkPolicy, s conversion.Scope) error { + return autoConvert_core_NetworkPolicy_To_v1alpha1_NetworkPolicy(in, out, s) +} + +func autoConvert_v1alpha1_NetworkPolicyEgressRule_To_core_NetworkPolicyEgressRule(in *v1alpha1.NetworkPolicyEgressRule, out *core.NetworkPolicyEgressRule, s conversion.Scope) error { + out.Ports = *(*[]core.NetworkPolicyPort)(unsafe.Pointer(&in.Ports)) + out.To = *(*[]core.NetworkPolicyPeer)(unsafe.Pointer(&in.To)) + return nil +} + +// Convert_v1alpha1_NetworkPolicyEgressRule_To_core_NetworkPolicyEgressRule is an autogenerated conversion function. +func Convert_v1alpha1_NetworkPolicyEgressRule_To_core_NetworkPolicyEgressRule(in *v1alpha1.NetworkPolicyEgressRule, out *core.NetworkPolicyEgressRule, s conversion.Scope) error { + return autoConvert_v1alpha1_NetworkPolicyEgressRule_To_core_NetworkPolicyEgressRule(in, out, s) +} + +func autoConvert_core_NetworkPolicyEgressRule_To_v1alpha1_NetworkPolicyEgressRule(in *core.NetworkPolicyEgressRule, out *v1alpha1.NetworkPolicyEgressRule, s conversion.Scope) error { + out.Ports = *(*[]v1alpha1.NetworkPolicyPort)(unsafe.Pointer(&in.Ports)) + out.To = *(*[]v1alpha1.NetworkPolicyPeer)(unsafe.Pointer(&in.To)) + return nil +} + +// Convert_core_NetworkPolicyEgressRule_To_v1alpha1_NetworkPolicyEgressRule is an autogenerated conversion function. +func Convert_core_NetworkPolicyEgressRule_To_v1alpha1_NetworkPolicyEgressRule(in *core.NetworkPolicyEgressRule, out *v1alpha1.NetworkPolicyEgressRule, s conversion.Scope) error { + return autoConvert_core_NetworkPolicyEgressRule_To_v1alpha1_NetworkPolicyEgressRule(in, out, s) +} + +func autoConvert_v1alpha1_NetworkPolicyIngressRule_To_core_NetworkPolicyIngressRule(in *v1alpha1.NetworkPolicyIngressRule, out *core.NetworkPolicyIngressRule, s conversion.Scope) error { + out.From = *(*[]core.NetworkPolicyPeer)(unsafe.Pointer(&in.From)) + out.Ports = *(*[]core.NetworkPolicyPort)(unsafe.Pointer(&in.Ports)) + return nil +} + +// Convert_v1alpha1_NetworkPolicyIngressRule_To_core_NetworkPolicyIngressRule is an autogenerated conversion function. +func Convert_v1alpha1_NetworkPolicyIngressRule_To_core_NetworkPolicyIngressRule(in *v1alpha1.NetworkPolicyIngressRule, out *core.NetworkPolicyIngressRule, s conversion.Scope) error { + return autoConvert_v1alpha1_NetworkPolicyIngressRule_To_core_NetworkPolicyIngressRule(in, out, s) +} + +func autoConvert_core_NetworkPolicyIngressRule_To_v1alpha1_NetworkPolicyIngressRule(in *core.NetworkPolicyIngressRule, out *v1alpha1.NetworkPolicyIngressRule, s conversion.Scope) error { + out.From = *(*[]v1alpha1.NetworkPolicyPeer)(unsafe.Pointer(&in.From)) + out.Ports = *(*[]v1alpha1.NetworkPolicyPort)(unsafe.Pointer(&in.Ports)) + return nil +} + +// Convert_core_NetworkPolicyIngressRule_To_v1alpha1_NetworkPolicyIngressRule is an autogenerated conversion function. +func Convert_core_NetworkPolicyIngressRule_To_v1alpha1_NetworkPolicyIngressRule(in *core.NetworkPolicyIngressRule, out *v1alpha1.NetworkPolicyIngressRule, s conversion.Scope) error { + return autoConvert_core_NetworkPolicyIngressRule_To_v1alpha1_NetworkPolicyIngressRule(in, out, s) +} + +func autoConvert_v1alpha1_NetworkPolicyList_To_core_NetworkPolicyList(in *v1alpha1.NetworkPolicyList, out *core.NetworkPolicyList, s conversion.Scope) error { + out.ListMeta = in.ListMeta + out.Items = *(*[]core.NetworkPolicy)(unsafe.Pointer(&in.Items)) + return nil +} + +// Convert_v1alpha1_NetworkPolicyList_To_core_NetworkPolicyList is an autogenerated conversion function. +func Convert_v1alpha1_NetworkPolicyList_To_core_NetworkPolicyList(in *v1alpha1.NetworkPolicyList, out *core.NetworkPolicyList, s conversion.Scope) error { + return autoConvert_v1alpha1_NetworkPolicyList_To_core_NetworkPolicyList(in, out, s) +} + +func autoConvert_core_NetworkPolicyList_To_v1alpha1_NetworkPolicyList(in *core.NetworkPolicyList, out *v1alpha1.NetworkPolicyList, s conversion.Scope) error { + out.ListMeta = in.ListMeta + out.Items = *(*[]v1alpha1.NetworkPolicy)(unsafe.Pointer(&in.Items)) + return nil +} + +// Convert_core_NetworkPolicyList_To_v1alpha1_NetworkPolicyList is an autogenerated conversion function. +func Convert_core_NetworkPolicyList_To_v1alpha1_NetworkPolicyList(in *core.NetworkPolicyList, out *v1alpha1.NetworkPolicyList, s conversion.Scope) error { + return autoConvert_core_NetworkPolicyList_To_v1alpha1_NetworkPolicyList(in, out, s) +} + +func autoConvert_v1alpha1_NetworkPolicyPeer_To_core_NetworkPolicyPeer(in *v1alpha1.NetworkPolicyPeer, out *core.NetworkPolicyPeer, s conversion.Scope) error { + out.ObjectSelector = (*core.ObjectSelector)(unsafe.Pointer(in.ObjectSelector)) + out.IPBlock = (*core.IPBlock)(unsafe.Pointer(in.IPBlock)) + return nil +} + +// Convert_v1alpha1_NetworkPolicyPeer_To_core_NetworkPolicyPeer is an autogenerated conversion function. +func Convert_v1alpha1_NetworkPolicyPeer_To_core_NetworkPolicyPeer(in *v1alpha1.NetworkPolicyPeer, out *core.NetworkPolicyPeer, s conversion.Scope) error { + return autoConvert_v1alpha1_NetworkPolicyPeer_To_core_NetworkPolicyPeer(in, out, s) +} + +func autoConvert_core_NetworkPolicyPeer_To_v1alpha1_NetworkPolicyPeer(in *core.NetworkPolicyPeer, out *v1alpha1.NetworkPolicyPeer, s conversion.Scope) error { + out.ObjectSelector = (*v1alpha1.ObjectSelector)(unsafe.Pointer(in.ObjectSelector)) + out.IPBlock = (*v1alpha1.IPBlock)(unsafe.Pointer(in.IPBlock)) + return nil +} + +// Convert_core_NetworkPolicyPeer_To_v1alpha1_NetworkPolicyPeer is an autogenerated conversion function. +func Convert_core_NetworkPolicyPeer_To_v1alpha1_NetworkPolicyPeer(in *core.NetworkPolicyPeer, out *v1alpha1.NetworkPolicyPeer, s conversion.Scope) error { + return autoConvert_core_NetworkPolicyPeer_To_v1alpha1_NetworkPolicyPeer(in, out, s) +} + +func autoConvert_v1alpha1_NetworkPolicyPort_To_core_NetworkPolicyPort(in *v1alpha1.NetworkPolicyPort, out *core.NetworkPolicyPort, s conversion.Scope) error { + out.Protocol = (*corev1.Protocol)(unsafe.Pointer(in.Protocol)) + out.Port = in.Port + out.EndPort = (*int32)(unsafe.Pointer(in.EndPort)) + return nil +} + +// Convert_v1alpha1_NetworkPolicyPort_To_core_NetworkPolicyPort is an autogenerated conversion function. +func Convert_v1alpha1_NetworkPolicyPort_To_core_NetworkPolicyPort(in *v1alpha1.NetworkPolicyPort, out *core.NetworkPolicyPort, s conversion.Scope) error { + return autoConvert_v1alpha1_NetworkPolicyPort_To_core_NetworkPolicyPort(in, out, s) +} + +func autoConvert_core_NetworkPolicyPort_To_v1alpha1_NetworkPolicyPort(in *core.NetworkPolicyPort, out *v1alpha1.NetworkPolicyPort, s conversion.Scope) error { + out.Protocol = (*corev1.Protocol)(unsafe.Pointer(in.Protocol)) + out.Port = in.Port + out.EndPort = (*int32)(unsafe.Pointer(in.EndPort)) + return nil +} + +// Convert_core_NetworkPolicyPort_To_v1alpha1_NetworkPolicyPort is an autogenerated conversion function. +func Convert_core_NetworkPolicyPort_To_v1alpha1_NetworkPolicyPort(in *core.NetworkPolicyPort, out *v1alpha1.NetworkPolicyPort, s conversion.Scope) error { + return autoConvert_core_NetworkPolicyPort_To_v1alpha1_NetworkPolicyPort(in, out, s) +} + +func autoConvert_v1alpha1_NetworkPolicyRule_To_core_NetworkPolicyRule(in *v1alpha1.NetworkPolicyRule, out *core.NetworkPolicyRule, s conversion.Scope) error { + out.ObjectMeta = in.ObjectMeta + if err := Convert_v1alpha1_LocalUIDReference_To_core_LocalUIDReference(&in.NetworkRef, &out.NetworkRef, s); err != nil { + return err + } + out.Targets = *(*[]core.TargetNetworkInterface)(unsafe.Pointer(&in.Targets)) + out.Priority = (*int32)(unsafe.Pointer(in.Priority)) + out.IngressRules = *(*[]core.Rule)(unsafe.Pointer(&in.IngressRules)) + out.EgressRules = *(*[]core.Rule)(unsafe.Pointer(&in.EgressRules)) + return nil +} + +// Convert_v1alpha1_NetworkPolicyRule_To_core_NetworkPolicyRule is an autogenerated conversion function. +func Convert_v1alpha1_NetworkPolicyRule_To_core_NetworkPolicyRule(in *v1alpha1.NetworkPolicyRule, out *core.NetworkPolicyRule, s conversion.Scope) error { + return autoConvert_v1alpha1_NetworkPolicyRule_To_core_NetworkPolicyRule(in, out, s) +} + +func autoConvert_core_NetworkPolicyRule_To_v1alpha1_NetworkPolicyRule(in *core.NetworkPolicyRule, out *v1alpha1.NetworkPolicyRule, s conversion.Scope) error { + out.ObjectMeta = in.ObjectMeta + if err := Convert_core_LocalUIDReference_To_v1alpha1_LocalUIDReference(&in.NetworkRef, &out.NetworkRef, s); err != nil { + return err + } + out.Targets = *(*[]v1alpha1.TargetNetworkInterface)(unsafe.Pointer(&in.Targets)) + out.Priority = (*int32)(unsafe.Pointer(in.Priority)) + out.IngressRules = *(*[]v1alpha1.Rule)(unsafe.Pointer(&in.IngressRules)) + out.EgressRules = *(*[]v1alpha1.Rule)(unsafe.Pointer(&in.EgressRules)) + return nil +} + +// Convert_core_NetworkPolicyRule_To_v1alpha1_NetworkPolicyRule is an autogenerated conversion function. +func Convert_core_NetworkPolicyRule_To_v1alpha1_NetworkPolicyRule(in *core.NetworkPolicyRule, out *v1alpha1.NetworkPolicyRule, s conversion.Scope) error { + return autoConvert_core_NetworkPolicyRule_To_v1alpha1_NetworkPolicyRule(in, out, s) +} + +func autoConvert_v1alpha1_NetworkPolicyRuleList_To_core_NetworkPolicyRuleList(in *v1alpha1.NetworkPolicyRuleList, out *core.NetworkPolicyRuleList, s conversion.Scope) error { + out.ListMeta = in.ListMeta + out.Items = *(*[]core.NetworkPolicyRule)(unsafe.Pointer(&in.Items)) + return nil +} + +// Convert_v1alpha1_NetworkPolicyRuleList_To_core_NetworkPolicyRuleList is an autogenerated conversion function. +func Convert_v1alpha1_NetworkPolicyRuleList_To_core_NetworkPolicyRuleList(in *v1alpha1.NetworkPolicyRuleList, out *core.NetworkPolicyRuleList, s conversion.Scope) error { + return autoConvert_v1alpha1_NetworkPolicyRuleList_To_core_NetworkPolicyRuleList(in, out, s) +} + +func autoConvert_core_NetworkPolicyRuleList_To_v1alpha1_NetworkPolicyRuleList(in *core.NetworkPolicyRuleList, out *v1alpha1.NetworkPolicyRuleList, s conversion.Scope) error { + out.ListMeta = in.ListMeta + out.Items = *(*[]v1alpha1.NetworkPolicyRule)(unsafe.Pointer(&in.Items)) + return nil +} + +// Convert_core_NetworkPolicyRuleList_To_v1alpha1_NetworkPolicyRuleList is an autogenerated conversion function. +func Convert_core_NetworkPolicyRuleList_To_v1alpha1_NetworkPolicyRuleList(in *core.NetworkPolicyRuleList, out *v1alpha1.NetworkPolicyRuleList, s conversion.Scope) error { + return autoConvert_core_NetworkPolicyRuleList_To_v1alpha1_NetworkPolicyRuleList(in, out, s) +} + +func autoConvert_v1alpha1_NetworkPolicySpec_To_core_NetworkPolicySpec(in *v1alpha1.NetworkPolicySpec, out *core.NetworkPolicySpec, s conversion.Scope) error { + out.NetworkRef = in.NetworkRef + out.NetworkInterfaceSelector = in.NetworkInterfaceSelector + out.Priority = (*int32)(unsafe.Pointer(in.Priority)) + out.Ingress = *(*[]core.NetworkPolicyIngressRule)(unsafe.Pointer(&in.Ingress)) + out.Egress = *(*[]core.NetworkPolicyEgressRule)(unsafe.Pointer(&in.Egress)) + out.PolicyTypes = *(*[]core.PolicyType)(unsafe.Pointer(&in.PolicyTypes)) + return nil +} + +// Convert_v1alpha1_NetworkPolicySpec_To_core_NetworkPolicySpec is an autogenerated conversion function. +func Convert_v1alpha1_NetworkPolicySpec_To_core_NetworkPolicySpec(in *v1alpha1.NetworkPolicySpec, out *core.NetworkPolicySpec, s conversion.Scope) error { + return autoConvert_v1alpha1_NetworkPolicySpec_To_core_NetworkPolicySpec(in, out, s) +} + +func autoConvert_core_NetworkPolicySpec_To_v1alpha1_NetworkPolicySpec(in *core.NetworkPolicySpec, out *v1alpha1.NetworkPolicySpec, s conversion.Scope) error { + out.NetworkRef = in.NetworkRef + out.NetworkInterfaceSelector = in.NetworkInterfaceSelector + out.Priority = (*int32)(unsafe.Pointer(in.Priority)) + out.Ingress = *(*[]v1alpha1.NetworkPolicyIngressRule)(unsafe.Pointer(&in.Ingress)) + out.Egress = *(*[]v1alpha1.NetworkPolicyEgressRule)(unsafe.Pointer(&in.Egress)) + out.PolicyTypes = *(*[]v1alpha1.PolicyType)(unsafe.Pointer(&in.PolicyTypes)) + return nil +} + +// Convert_core_NetworkPolicySpec_To_v1alpha1_NetworkPolicySpec is an autogenerated conversion function. +func Convert_core_NetworkPolicySpec_To_v1alpha1_NetworkPolicySpec(in *core.NetworkPolicySpec, out *v1alpha1.NetworkPolicySpec, s conversion.Scope) error { + return autoConvert_core_NetworkPolicySpec_To_v1alpha1_NetworkPolicySpec(in, out, s) +} + func autoConvert_v1alpha1_NetworkSpec_To_core_NetworkSpec(in *v1alpha1.NetworkSpec, out *core.NetworkSpec, s conversion.Scope) error { out.ID = in.ID out.Peerings = *(*[]core.NetworkPeering)(unsafe.Pointer(&in.Peerings)) @@ -2459,6 +2877,50 @@ func Convert_core_NodeStatus_To_v1alpha1_NodeStatus(in *core.NodeStatus, out *v1 return autoConvert_core_NodeStatus_To_v1alpha1_NodeStatus(in, out, s) } +func autoConvert_v1alpha1_ObjectIP_To_core_ObjectIP(in *v1alpha1.ObjectIP, out *core.ObjectIP, s conversion.Scope) error { + out.IPFamily = corev1.IPFamily(in.IPFamily) + out.Prefix = in.Prefix + return nil +} + +// Convert_v1alpha1_ObjectIP_To_core_ObjectIP is an autogenerated conversion function. +func Convert_v1alpha1_ObjectIP_To_core_ObjectIP(in *v1alpha1.ObjectIP, out *core.ObjectIP, s conversion.Scope) error { + return autoConvert_v1alpha1_ObjectIP_To_core_ObjectIP(in, out, s) +} + +func autoConvert_core_ObjectIP_To_v1alpha1_ObjectIP(in *core.ObjectIP, out *v1alpha1.ObjectIP, s conversion.Scope) error { + out.IPFamily = corev1.IPFamily(in.IPFamily) + out.Prefix = in.Prefix + return nil +} + +// Convert_core_ObjectIP_To_v1alpha1_ObjectIP is an autogenerated conversion function. +func Convert_core_ObjectIP_To_v1alpha1_ObjectIP(in *core.ObjectIP, out *v1alpha1.ObjectIP, s conversion.Scope) error { + return autoConvert_core_ObjectIP_To_v1alpha1_ObjectIP(in, out, s) +} + +func autoConvert_v1alpha1_ObjectSelector_To_core_ObjectSelector(in *v1alpha1.ObjectSelector, out *core.ObjectSelector, s conversion.Scope) error { + out.Kind = in.Kind + out.LabelSelector = in.LabelSelector + return nil +} + +// Convert_v1alpha1_ObjectSelector_To_core_ObjectSelector is an autogenerated conversion function. +func Convert_v1alpha1_ObjectSelector_To_core_ObjectSelector(in *v1alpha1.ObjectSelector, out *core.ObjectSelector, s conversion.Scope) error { + return autoConvert_v1alpha1_ObjectSelector_To_core_ObjectSelector(in, out, s) +} + +func autoConvert_core_ObjectSelector_To_v1alpha1_ObjectSelector(in *core.ObjectSelector, out *v1alpha1.ObjectSelector, s conversion.Scope) error { + out.Kind = in.Kind + out.LabelSelector = in.LabelSelector + return nil +} + +// Convert_core_ObjectSelector_To_v1alpha1_ObjectSelector is an autogenerated conversion function. +func Convert_core_ObjectSelector_To_v1alpha1_ObjectSelector(in *core.ObjectSelector, out *v1alpha1.ObjectSelector, s conversion.Scope) error { + return autoConvert_core_ObjectSelector_To_v1alpha1_ObjectSelector(in, out, s) +} + func autoConvert_v1alpha1_PCIAddress_To_core_PCIAddress(in *v1alpha1.PCIAddress, out *core.PCIAddress, s conversion.Scope) error { out.Domain = in.Domain out.Bus = in.Bus @@ -2485,6 +2947,52 @@ func Convert_core_PCIAddress_To_v1alpha1_PCIAddress(in *core.PCIAddress, out *v1 return autoConvert_core_PCIAddress_To_v1alpha1_PCIAddress(in, out, s) } +func autoConvert_v1alpha1_Rule_To_core_Rule(in *v1alpha1.Rule, out *core.Rule, s conversion.Scope) error { + out.CIDRBlock = *(*[]core.IPBlock)(unsafe.Pointer(&in.CIDRBlock)) + out.ObjectIPs = *(*[]core.ObjectIP)(unsafe.Pointer(&in.ObjectIPs)) + out.NetworkPolicyPorts = *(*[]core.NetworkPolicyPort)(unsafe.Pointer(&in.NetworkPolicyPorts)) + return nil +} + +// Convert_v1alpha1_Rule_To_core_Rule is an autogenerated conversion function. +func Convert_v1alpha1_Rule_To_core_Rule(in *v1alpha1.Rule, out *core.Rule, s conversion.Scope) error { + return autoConvert_v1alpha1_Rule_To_core_Rule(in, out, s) +} + +func autoConvert_core_Rule_To_v1alpha1_Rule(in *core.Rule, out *v1alpha1.Rule, s conversion.Scope) error { + out.CIDRBlock = *(*[]v1alpha1.IPBlock)(unsafe.Pointer(&in.CIDRBlock)) + out.ObjectIPs = *(*[]v1alpha1.ObjectIP)(unsafe.Pointer(&in.ObjectIPs)) + out.NetworkPolicyPorts = *(*[]v1alpha1.NetworkPolicyPort)(unsafe.Pointer(&in.NetworkPolicyPorts)) + return nil +} + +// Convert_core_Rule_To_v1alpha1_Rule is an autogenerated conversion function. +func Convert_core_Rule_To_v1alpha1_Rule(in *core.Rule, out *v1alpha1.Rule, s conversion.Scope) error { + return autoConvert_core_Rule_To_v1alpha1_Rule(in, out, s) +} + +func autoConvert_v1alpha1_TargetNetworkInterface_To_core_TargetNetworkInterface(in *v1alpha1.TargetNetworkInterface, out *core.TargetNetworkInterface, s conversion.Scope) error { + out.IP = in.IP + out.TargetRef = (*core.LocalUIDReference)(unsafe.Pointer(in.TargetRef)) + return nil +} + +// Convert_v1alpha1_TargetNetworkInterface_To_core_TargetNetworkInterface is an autogenerated conversion function. +func Convert_v1alpha1_TargetNetworkInterface_To_core_TargetNetworkInterface(in *v1alpha1.TargetNetworkInterface, out *core.TargetNetworkInterface, s conversion.Scope) error { + return autoConvert_v1alpha1_TargetNetworkInterface_To_core_TargetNetworkInterface(in, out, s) +} + +func autoConvert_core_TargetNetworkInterface_To_v1alpha1_TargetNetworkInterface(in *core.TargetNetworkInterface, out *v1alpha1.TargetNetworkInterface, s conversion.Scope) error { + out.IP = in.IP + out.TargetRef = (*v1alpha1.LocalUIDReference)(unsafe.Pointer(in.TargetRef)) + return nil +} + +// Convert_core_TargetNetworkInterface_To_v1alpha1_TargetNetworkInterface is an autogenerated conversion function. +func Convert_core_TargetNetworkInterface_To_v1alpha1_TargetNetworkInterface(in *core.TargetNetworkInterface, out *v1alpha1.TargetNetworkInterface, s conversion.Scope) error { + return autoConvert_core_TargetNetworkInterface_To_v1alpha1_TargetNetworkInterface(in, out, s) +} + func autoConvert_v1alpha1_TopologySpreadConstraint_To_core_TopologySpreadConstraint(in *v1alpha1.TopologySpreadConstraint, out *core.TopologySpreadConstraint, s conversion.Scope) error { out.MaxSkew = in.MaxSkew out.TopologyKey = in.TopologyKey diff --git a/internal/apis/core/validation/common.go b/internal/apis/core/validation/common.go index 39cdb1fd..b01add48 100644 --- a/internal/apis/core/validation/common.go +++ b/internal/apis/core/validation/common.go @@ -8,7 +8,9 @@ import ( "sort" "github.com/ironcore-dev/ironcore-net/apimachinery/api/net" + "github.com/ironcore-dev/ironcore-net/apimachinery/equality" corev1 "k8s.io/api/core/v1" + "k8s.io/apimachinery/pkg/api/validation" "k8s.io/apimachinery/pkg/util/sets" "k8s.io/apimachinery/pkg/util/validation/field" ) @@ -35,6 +37,12 @@ var IPFamilies = sets.New( corev1.IPv6Protocol, ) +var supportedProtocols = sets.New( + corev1.ProtocolTCP, + corev1.ProtocolUDP, + corev1.ProtocolSCTP, +) + func ValidateIPFamily(ipFamily corev1.IPFamily, fldPath *field.Path) field.ErrorList { return ValidateEnum(IPFamilies, ipFamily, fldPath, "must specify IP family") } @@ -46,3 +54,15 @@ func ValidateIPMatchesFamily(ip net.IP, ipFamily corev1.IPFamily, fldPath *field } return allErrs } + +func ValidateImmutableField(newVal, oldVal interface{}, fldPath *field.Path) field.ErrorList { + var allErrs field.ErrorList + if !equality.Semantic.DeepEqual(oldVal, newVal) { + allErrs = append(allErrs, field.Forbidden(fldPath, validation.FieldImmutableErrorMsg)) + } + return allErrs +} + +func ValidateProtocol(protocol corev1.Protocol, fldPath *field.Path) field.ErrorList { + return ValidateEnum(supportedProtocols, protocol, fldPath, "must specify protocol") +} diff --git a/internal/apis/core/validation/networkpolicy.go b/internal/apis/core/validation/networkpolicy.go new file mode 100644 index 00000000..896ef857 --- /dev/null +++ b/internal/apis/core/validation/networkpolicy.go @@ -0,0 +1,250 @@ +// SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and IronCore contributors +// SPDX-License-Identifier: Apache-2.0 + +package validation + +import ( + "fmt" + + "github.com/ironcore-dev/ironcore-net/internal/apis/core" + + "go4.org/netipx" + corev1 "k8s.io/api/core/v1" + apivalidation "k8s.io/apimachinery/pkg/api/validation" + metav1validation "k8s.io/apimachinery/pkg/apis/meta/v1/validation" + "k8s.io/apimachinery/pkg/util/sets" + "k8s.io/apimachinery/pkg/util/validation" + "k8s.io/apimachinery/pkg/util/validation/field" +) + +func ValidateNetworkPolicy(networkPolicy *core.NetworkPolicy) field.ErrorList { + var allErrs field.ErrorList + + allErrs = append(allErrs, apivalidation.ValidateObjectMetaAccessor(networkPolicy, true, apivalidation.NameIsDNSLabel, field.NewPath("metadata"))...) + allErrs = append(allErrs, validateNetworkPolicySpec(&networkPolicy.Spec, field.NewPath("spec"))...) + + return allErrs +} + +func validateNetworkPolicySpec(spec *core.NetworkPolicySpec, fldPath *field.Path) field.ErrorList { + var allErrs field.ErrorList + + if spec.NetworkRef == (corev1.LocalObjectReference{}) { + allErrs = append(allErrs, field.Required(fldPath.Child("networkRef"), "must specify a network ref")) + } else { + for _, msg := range apivalidation.NameIsDNSLabel(spec.NetworkRef.Name, false) { + allErrs = append(allErrs, field.Invalid(fldPath.Child("networkRef").Child("name"), spec.NetworkRef.Name, msg)) + } + } + + allErrs = append(allErrs, metav1validation.ValidateLabelSelector(&spec.NetworkInterfaceSelector, metav1validation.LabelSelectorValidationOptions{}, fldPath.Child("networkInterfaceSelector"))...) + + if spec.Priority != nil && *spec.Priority < 0 { + allErrs = append(allErrs, field.Invalid(fldPath.Child("priority"), spec.Priority, "priority cannot be negative")) + } + + for i := range spec.Ingress { + ingressRule := &spec.Ingress[i] + fldPath := fldPath.Child("ingress").Index(i) + allErrs = append(allErrs, validateNetworkPolicyIngressRule(ingressRule, fldPath)...) + } + + for i := range spec.Egress { + egressRule := &spec.Egress[i] + fldPath := fldPath.Child("egress").Index(i) + allErrs = append(allErrs, validateNetworkPolicyEgressRule(egressRule, fldPath)...) + } + + if len(spec.PolicyTypes) == 0 { + allErrs = append(allErrs, field.Required(fldPath.Child("policyTypes"), "must specify policyTypes")) + } else { + allErrs = append(allErrs, validatePolicyTypes(spec.PolicyTypes, fldPath.Child("policyTypes"))...) + } + + return allErrs +} + +var supportedIngressObjectSelectorKinds = sets.New[string]( + "NetworkInterface", + "LoadBalancer", +) + +func validateNetworkPolicyIngressRule(rule *core.NetworkPolicyIngressRule, fldPath *field.Path) field.ErrorList { + var allErrs field.ErrorList + + for i := range rule.From { + from := &rule.From[i] + fldPath := fldPath.Child("from").Index(i) + allErrs = append(allErrs, validateNetworkPolicyPeer(from, supportedIngressObjectSelectorKinds, fldPath)...) + } + + for i := range rule.Ports { + port := &rule.Ports[i] + fldPath := fldPath.Child("ports").Index(i) + allErrs = append(allErrs, validateNetworkPolicyPort(port, fldPath)...) + } + + return allErrs +} + +var supportedEgressObjectSelectorKinds = sets.New[string]( + "NetworkInterface", + "LoadBalancer", +) + +func validateNetworkPolicyEgressRule(rule *core.NetworkPolicyEgressRule, fldPath *field.Path) field.ErrorList { + var allErrs field.ErrorList + + for i := range rule.To { + to := &rule.To[i] + fldPath := fldPath.Child("to").Index(i) + allErrs = append(allErrs, validateNetworkPolicyPeer(to, supportedEgressObjectSelectorKinds, fldPath)...) + } + + for i := range rule.Ports { + port := &rule.Ports[i] + fldPath := fldPath.Child("ports").Index(i) + allErrs = append(allErrs, validateNetworkPolicyPort(port, fldPath)...) + } + + return allErrs +} + +func validateNetworkPolicyPort(port *core.NetworkPolicyPort, fldPath *field.Path) field.ErrorList { + var allErrs field.ErrorList + + if port.Port != 0 { + if issues := validation.IsValidPortNum(int(port.Port)); len(issues) > 0 { + for _, issue := range issues { + allErrs = append(allErrs, field.Invalid(fldPath.Child("port"), port.Port, issue)) + } + } + } + + if endPort := port.EndPort; endPort != nil { + if port.Port == 0 { + allErrs = append(allErrs, field.Forbidden(fldPath.Child("endPort"), "must not specify endPort without port")) + } else { + if *endPort < port.Port { + allErrs = append(allErrs, field.Forbidden(fldPath.Child("endPort"), fmt.Sprintf("endPort %d must not be smaller than port %d", *endPort, port.Port))) + } + } + } + + if protocol := port.Protocol; protocol != nil { + allErrs = append(allErrs, ValidateProtocol(*protocol, fldPath.Child("protocol"))...) + } + + return allErrs +} + +func validateNetworkPolicyPeer(peer *core.NetworkPolicyPeer, supportedObjectSelectorKinds sets.Set[string], fldPath *field.Path) field.ErrorList { + var allErrs field.ErrorList + + var numPeers int + + if peer.ObjectSelector != nil { + if numPeers > 0 { + allErrs = append(allErrs, field.Forbidden(fldPath.Child("ipBlock"), "cannot specify multiple peers")) + } else { + numPeers++ + allErrs = append(allErrs, validateNetworkPolicyPeerObjectSelector(peer.ObjectSelector, supportedObjectSelectorKinds, fldPath.Child("objectSelector"))...) + } + } + + if peer.IPBlock != nil { + if numPeers > 0 { + allErrs = append(allErrs, field.Forbidden(fldPath.Child("ipBlock"), "cannot specify multiple peers")) + } else { + numPeers++ //nolint:ineffassign + allErrs = append(allErrs, validateIPBlock(peer.IPBlock, fldPath.Child("ipBlock"))...) + } + } + + return allErrs +} + +func validateNetworkPolicyPeerObjectSelector(sel *core.ObjectSelector, allowedKinds sets.Set[string], fldPath *field.Path) field.ErrorList { + var allErrs field.ErrorList + + allErrs = append(allErrs, ValidateEnum(allowedKinds, sel.Kind, fldPath.Child("kind"), "must specify kind")...) + allErrs = append(allErrs, metav1validation.ValidateLabelSelector(&sel.LabelSelector, metav1validation.LabelSelectorValidationOptions{}, fldPath)...) + + return allErrs +} + +func validateIPBlock(ipBlock *core.IPBlock, fldPath *field.Path) field.ErrorList { + var allErrs field.ErrorList + + if !ipBlock.CIDR.IsValid() { + allErrs = append(allErrs, field.Invalid(fldPath.Child("cidr"), ipBlock.CIDR, "must specify valid cidr")) + } else { + var bldr netipx.IPSetBuilder + bldr.AddPrefix(ipBlock.CIDR.Prefix) + ipSet, _ := bldr.IPSet() + + for i, except := range ipBlock.Except { + fldPath := fldPath.Child("except").Index(i) + if !except.IsValid() { + allErrs = append(allErrs, field.Invalid(fldPath, except, "must specify valid except value")) + } else { + if !ipSet.ContainsPrefix(except.Prefix) { + allErrs = append(allErrs, + field.Forbidden(fldPath, fmt.Sprintf("cidr %s does not contain except %s", + ipBlock.CIDR, except)), + ) + } + } + } + } + + return allErrs +} + +var supportedPolicyTypes = sets.New( + core.PolicyTypeIngress, + core.PolicyTypeEgress, +) + +func validatePolicyType(policyType core.PolicyType, fldPath *field.Path) field.ErrorList { + return ValidateEnum(supportedPolicyTypes, policyType, fldPath, "must specify type") +} + +func validatePolicyTypes(policyTypes []core.PolicyType, fldPath *field.Path) field.ErrorList { + var allErrs field.ErrorList + + seen := sets.New[core.PolicyType]() + + for i := range policyTypes { + policyType := policyTypes[i] + fldPath := fldPath.Index(i) + allErrs = append(allErrs, validatePolicyType(policyType, fldPath)...) + if seen.Has(policyType) { + allErrs = append(allErrs, field.Duplicate(fldPath, policyType)) + } else { + seen.Insert(policyType) + } + } + + return allErrs +} + +// ValidateNetworkPolicyUpdate validates a NetworkPolicy object before an update. +func ValidateNetworkPolicyUpdate(newNetworkPolicy, oldNetworkPolicy *core.NetworkPolicy) field.ErrorList { + var allErrs field.ErrorList + + allErrs = append(allErrs, apivalidation.ValidateObjectMetaAccessorUpdate(newNetworkPolicy, oldNetworkPolicy, field.NewPath("metadata"))...) + allErrs = append(allErrs, validateNetworkPolicySpecUpdate(&newNetworkPolicy.Spec, &oldNetworkPolicy.Spec, field.NewPath("spec"))...) + allErrs = append(allErrs, ValidateNetworkPolicy(newNetworkPolicy)...) + + return allErrs +} + +// validateNetworkPolicySpecUpdate validates the spec of a networkPolicy object before an update. +func validateNetworkPolicySpecUpdate(newSpec, oldSpec *core.NetworkPolicySpec, fldPath *field.Path) field.ErrorList { + var allErrs field.ErrorList + + allErrs = append(allErrs, ValidateImmutableField(newSpec.NetworkRef, oldSpec.NetworkRef, fldPath.Child("networkRef"))...) + + return allErrs +} diff --git a/internal/apis/core/validation/networkpolicyrule.go b/internal/apis/core/validation/networkpolicyrule.go new file mode 100644 index 00000000..e2b05a34 --- /dev/null +++ b/internal/apis/core/validation/networkpolicyrule.go @@ -0,0 +1,27 @@ +// SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and IronCore contributors +// SPDX-License-Identifier: Apache-2.0 + +package validation + +import ( + "github.com/ironcore-dev/ironcore-net/internal/apis/core" + "k8s.io/apimachinery/pkg/api/validation" + "k8s.io/apimachinery/pkg/util/validation/field" +) + +func ValidateNetworkPolicyRule(networkPolicyRule *core.NetworkPolicyRule) field.ErrorList { + var allErrs field.ErrorList + + allErrs = append(allErrs, validation.ValidateObjectMetaAccessor(networkPolicyRule, true, validation.NameIsDNSLabel, field.NewPath("metadata"))...) + + return allErrs +} + +func ValidateNetworkPolicyRuleUpdate(newNetworkPolicyRule, oldNetworkPolicyRule *core.NetworkPolicyRule) field.ErrorList { + var allErrs field.ErrorList + + allErrs = append(allErrs, validation.ValidateObjectMetaAccessorUpdate(newNetworkPolicyRule, oldNetworkPolicyRule, field.NewPath("metadata"))...) + allErrs = append(allErrs, ValidateNetworkPolicyRule(newNetworkPolicyRule)...) + + return allErrs +} diff --git a/internal/apis/core/zz_generated.deepcopy.go b/internal/apis/core/zz_generated.deepcopy.go index aa967534..b1b8dfa5 100644 --- a/internal/apis/core/zz_generated.deepcopy.go +++ b/internal/apis/core/zz_generated.deepcopy.go @@ -267,6 +267,30 @@ func (in *IPAddressSpec) DeepCopy() *IPAddressSpec { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IPBlock) DeepCopyInto(out *IPBlock) { + *out = *in + in.CIDR.DeepCopyInto(&out.CIDR) + if in.Except != nil { + in, out := &in.Except, &out.Except + *out = make([]net.IPPrefix, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IPBlock. +func (in *IPBlock) DeepCopy() *IPBlock { + if in == nil { + return nil + } + out := new(IPBlock) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *IPClaimRef) DeepCopyInto(out *IPClaimRef) { *out = *in @@ -820,6 +844,22 @@ func (in *LoadBalancerTargetRef) DeepCopy() *LoadBalancerTargetRef { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *LocalUIDReference) DeepCopyInto(out *LocalUIDReference) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LocalUIDReference. +func (in *LocalUIDReference) DeepCopy() *LocalUIDReference { + if in == nil { + return nil + } + out := new(LocalUIDReference) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *NATGateway) DeepCopyInto(out *NATGateway) { *out = *in @@ -1554,6 +1594,306 @@ func (in *NetworkPeeringStatus) DeepCopy() *NetworkPeeringStatus { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NetworkPolicy) DeepCopyInto(out *NetworkPolicy) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkPolicy. +func (in *NetworkPolicy) DeepCopy() *NetworkPolicy { + if in == nil { + return nil + } + out := new(NetworkPolicy) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *NetworkPolicy) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NetworkPolicyEgressRule) DeepCopyInto(out *NetworkPolicyEgressRule) { + *out = *in + if in.Ports != nil { + in, out := &in.Ports, &out.Ports + *out = make([]NetworkPolicyPort, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.To != nil { + in, out := &in.To, &out.To + *out = make([]NetworkPolicyPeer, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkPolicyEgressRule. +func (in *NetworkPolicyEgressRule) DeepCopy() *NetworkPolicyEgressRule { + if in == nil { + return nil + } + out := new(NetworkPolicyEgressRule) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NetworkPolicyIngressRule) DeepCopyInto(out *NetworkPolicyIngressRule) { + *out = *in + if in.From != nil { + in, out := &in.From, &out.From + *out = make([]NetworkPolicyPeer, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Ports != nil { + in, out := &in.Ports, &out.Ports + *out = make([]NetworkPolicyPort, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkPolicyIngressRule. +func (in *NetworkPolicyIngressRule) DeepCopy() *NetworkPolicyIngressRule { + if in == nil { + return nil + } + out := new(NetworkPolicyIngressRule) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NetworkPolicyList) DeepCopyInto(out *NetworkPolicyList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]NetworkPolicy, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkPolicyList. +func (in *NetworkPolicyList) DeepCopy() *NetworkPolicyList { + if in == nil { + return nil + } + out := new(NetworkPolicyList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *NetworkPolicyList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NetworkPolicyPeer) DeepCopyInto(out *NetworkPolicyPeer) { + *out = *in + if in.ObjectSelector != nil { + in, out := &in.ObjectSelector, &out.ObjectSelector + *out = new(ObjectSelector) + (*in).DeepCopyInto(*out) + } + if in.IPBlock != nil { + in, out := &in.IPBlock, &out.IPBlock + *out = new(IPBlock) + (*in).DeepCopyInto(*out) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkPolicyPeer. +func (in *NetworkPolicyPeer) DeepCopy() *NetworkPolicyPeer { + if in == nil { + return nil + } + out := new(NetworkPolicyPeer) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NetworkPolicyPort) DeepCopyInto(out *NetworkPolicyPort) { + *out = *in + if in.Protocol != nil { + in, out := &in.Protocol, &out.Protocol + *out = new(corev1.Protocol) + **out = **in + } + if in.EndPort != nil { + in, out := &in.EndPort, &out.EndPort + *out = new(int32) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkPolicyPort. +func (in *NetworkPolicyPort) DeepCopy() *NetworkPolicyPort { + if in == nil { + return nil + } + out := new(NetworkPolicyPort) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NetworkPolicyRule) DeepCopyInto(out *NetworkPolicyRule) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + out.NetworkRef = in.NetworkRef + if in.Targets != nil { + in, out := &in.Targets, &out.Targets + *out = make([]TargetNetworkInterface, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Priority != nil { + in, out := &in.Priority, &out.Priority + *out = new(int32) + **out = **in + } + if in.IngressRules != nil { + in, out := &in.IngressRules, &out.IngressRules + *out = make([]Rule, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.EgressRules != nil { + in, out := &in.EgressRules, &out.EgressRules + *out = make([]Rule, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkPolicyRule. +func (in *NetworkPolicyRule) DeepCopy() *NetworkPolicyRule { + if in == nil { + return nil + } + out := new(NetworkPolicyRule) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *NetworkPolicyRule) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NetworkPolicyRuleList) DeepCopyInto(out *NetworkPolicyRuleList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]NetworkPolicyRule, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkPolicyRuleList. +func (in *NetworkPolicyRuleList) DeepCopy() *NetworkPolicyRuleList { + if in == nil { + return nil + } + out := new(NetworkPolicyRuleList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *NetworkPolicyRuleList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NetworkPolicySpec) DeepCopyInto(out *NetworkPolicySpec) { + *out = *in + out.NetworkRef = in.NetworkRef + in.NetworkInterfaceSelector.DeepCopyInto(&out.NetworkInterfaceSelector) + if in.Priority != nil { + in, out := &in.Priority, &out.Priority + *out = new(int32) + **out = **in + } + if in.Ingress != nil { + in, out := &in.Ingress, &out.Ingress + *out = make([]NetworkPolicyIngressRule, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Egress != nil { + in, out := &in.Egress, &out.Egress + *out = make([]NetworkPolicyEgressRule, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.PolicyTypes != nil { + in, out := &in.PolicyTypes, &out.PolicyTypes + *out = make([]PolicyType, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkPolicySpec. +func (in *NetworkPolicySpec) DeepCopy() *NetworkPolicySpec { + if in == nil { + return nil + } + out := new(NetworkPolicySpec) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *NetworkSpec) DeepCopyInto(out *NetworkSpec) { *out = *in @@ -1784,6 +2124,40 @@ func (in *NodeStatus) DeepCopy() *NodeStatus { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ObjectIP) DeepCopyInto(out *ObjectIP) { + *out = *in + in.Prefix.DeepCopyInto(&out.Prefix) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ObjectIP. +func (in *ObjectIP) DeepCopy() *ObjectIP { + if in == nil { + return nil + } + out := new(ObjectIP) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ObjectSelector) DeepCopyInto(out *ObjectSelector) { + *out = *in + in.LabelSelector.DeepCopyInto(&out.LabelSelector) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ObjectSelector. +func (in *ObjectSelector) DeepCopy() *ObjectSelector { + if in == nil { + return nil + } + out := new(ObjectSelector) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *PCIAddress) DeepCopyInto(out *PCIAddress) { *out = *in @@ -1800,6 +2174,65 @@ func (in *PCIAddress) DeepCopy() *PCIAddress { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Rule) DeepCopyInto(out *Rule) { + *out = *in + if in.CIDRBlock != nil { + in, out := &in.CIDRBlock, &out.CIDRBlock + *out = make([]IPBlock, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.ObjectIPs != nil { + in, out := &in.ObjectIPs, &out.ObjectIPs + *out = make([]ObjectIP, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.NetworkPolicyPorts != nil { + in, out := &in.NetworkPolicyPorts, &out.NetworkPolicyPorts + *out = make([]NetworkPolicyPort, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Rule. +func (in *Rule) DeepCopy() *Rule { + if in == nil { + return nil + } + out := new(Rule) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TargetNetworkInterface) DeepCopyInto(out *TargetNetworkInterface) { + *out = *in + in.IP.DeepCopyInto(&out.IP) + if in.TargetRef != nil { + in, out := &in.TargetRef, &out.TargetRef + *out = new(LocalUIDReference) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TargetNetworkInterface. +func (in *TargetNetworkInterface) DeepCopy() *TargetNetworkInterface { + if in == nil { + return nil + } + out := new(TargetNetworkInterface) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *TopologySpreadConstraint) DeepCopyInto(out *TopologySpreadConstraint) { *out = *in diff --git a/internal/apiserver/apiserver.go b/internal/apiserver/apiserver.go index 344fbbfa..f028b9de 100644 --- a/internal/apiserver/apiserver.go +++ b/internal/apiserver/apiserver.go @@ -26,6 +26,8 @@ import ( "github.com/ironcore-dev/ironcore-net/internal/registry/network/networkidallocator" "github.com/ironcore-dev/ironcore-net/internal/registry/networkid" "github.com/ironcore-dev/ironcore-net/internal/registry/networkinterface" + "github.com/ironcore-dev/ironcore-net/internal/registry/networkpolicy" + "github.com/ironcore-dev/ironcore-net/internal/registry/networkpolicyrule" "github.com/ironcore-dev/ironcore-net/internal/registry/node" ironcoreserializer "github.com/ironcore-dev/ironcore-net/internal/serializer" corev1 "k8s.io/api/core/v1" @@ -214,6 +216,20 @@ func (c completedConfig) New() (*IronCoreServer, error) { v1alpha1storage["loadbalancerroutings"] = loadBalancerRoutingStorage.LoadBalancerRouting + networkPolicyStorage, err := networkpolicy.NewStorage(Scheme, c.GenericConfig.RESTOptionsGetter) + if err != nil { + return nil, err + } + + v1alpha1storage["networkpolicies"] = networkPolicyStorage.NetworkPolicy + + networkPolicyRuleStorage, err := networkpolicyrule.NewStorage(Scheme, c.GenericConfig.RESTOptionsGetter) + if err != nil { + return nil, err + } + + v1alpha1storage["networkpolicyrules"] = networkPolicyRuleStorage.NetworkPolicyRule + natGatewayStorage, err := natgateway.NewStorage(Scheme, c.GenericConfig.RESTOptionsGetter, ipAllocByFamily) if err != nil { return nil, err diff --git a/internal/controllers/networkpolicy_controller.go b/internal/controllers/networkpolicy_controller.go new file mode 100644 index 00000000..ed7acf1c --- /dev/null +++ b/internal/controllers/networkpolicy_controller.go @@ -0,0 +1,74 @@ +// SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and IronCore contributors +// SPDX-License-Identifier: Apache-2.0 + +package controllers + +import ( + "context" + "fmt" + + "github.com/go-logr/logr" + "github.com/ironcore-dev/ironcore-net/api/core/v1alpha1" + apierrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/client" +) + +type NetworkPolicyReconciler struct { + client.Client +} + +//+kubebuilder:rbac:groups=core.apinet.ironcore.dev,resources=networkpolicies,verbs=get;list;watch +//+kubebuilder:rbac:groups=core.apinet.ironcore.dev,resources=networkpolicyrules,verbs=get;list;watch;create;update;patch;delete + +func (r *NetworkPolicyReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) { + log := ctrl.LoggerFrom(ctx) + networkPolicy := &v1alpha1.NetworkPolicy{} + if err := r.Get(ctx, req.NamespacedName, networkPolicy); err != nil { + if !apierrors.IsNotFound(err) { + return ctrl.Result{}, err + } + + networkPolicyRule := &v1alpha1.NetworkPolicyRule{ + ObjectMeta: metav1.ObjectMeta{ + Namespace: req.Namespace, + Name: req.Name, + }, + } + if err := r.Delete(ctx, networkPolicyRule); client.IgnoreNotFound(err) != nil { + return ctrl.Result{}, fmt.Errorf("error deleting network policy rule: %w", err) + } + return ctrl.Result{}, nil + } + + return r.reconcileExists(ctx, log, networkPolicy) +} + +func (r *NetworkPolicyReconciler) reconcileExists(ctx context.Context, log logr.Logger, networkPolicy *v1alpha1.NetworkPolicy) (ctrl.Result, error) { + if !networkPolicy.DeletionTimestamp.IsZero() { + return r.delete(ctx, log, networkPolicy) + } + return r.reconcile(ctx, log, networkPolicy) +} + +func (r *NetworkPolicyReconciler) delete(ctx context.Context, log logr.Logger, networkPolicy *v1alpha1.NetworkPolicy) (ctrl.Result, error) { + _, _ = ctx, networkPolicy + log.V(1).Info("Delete") + log.V(1).Info("Deleted") + return ctrl.Result{}, nil +} + +func (r *NetworkPolicyReconciler) reconcile(_ context.Context, log logr.Logger, _ *v1alpha1.NetworkPolicy) (ctrl.Result, error) { + log.V(1).Info("Reconcile") + //reconcile logic + + log.V(1).Info("Reconciled") + return ctrl.Result{}, nil +} + +func (r *NetworkPolicyReconciler) SetupWithManager(mgr ctrl.Manager) error { + return ctrl.NewControllerManagedBy(mgr). + For(&v1alpha1.NetworkPolicy{}). + Complete(r) +} diff --git a/internal/registry/networkpolicy/storage.go b/internal/registry/networkpolicy/storage.go new file mode 100644 index 00000000..504c86ba --- /dev/null +++ b/internal/registry/networkpolicy/storage.go @@ -0,0 +1,87 @@ +// SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and IronCore contributors +// SPDX-License-Identifier: Apache-2.0 + +package networkpolicy + +import ( + "context" + + "github.com/ironcore-dev/ironcore-net/internal/apis/core" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apiserver/pkg/registry/generic" + genericregistry "k8s.io/apiserver/pkg/registry/generic/registry" + "k8s.io/apiserver/pkg/registry/rest" + "sigs.k8s.io/structured-merge-diff/v4/fieldpath" +) + +type NetworkPolicyStorage struct { + NetworkPolicy *REST + Status *StatusREST +} + +type REST struct { + *genericregistry.Store +} + +func (REST) ShortNames() []string { + return []string{"netpol"} +} + +func NewStorage(scheme *runtime.Scheme, optsGetter generic.RESTOptionsGetter) (NetworkPolicyStorage, error) { + strategy := NewStrategy(scheme) + statusStrategy := NewStatusStrategy(scheme) + store := &genericregistry.Store{ + NewFunc: func() runtime.Object { + return &core.NetworkPolicy{} + }, + NewListFunc: func() runtime.Object { + return &core.NetworkPolicyList{} + }, + PredicateFunc: MatchNetworkPolicy, + DefaultQualifiedResource: core.Resource("networkpolicies"), + SingularQualifiedResource: core.Resource("networkpolicy"), + + CreateStrategy: strategy, + UpdateStrategy: strategy, + DeleteStrategy: strategy, + + TableConvertor: newTableConvertor(), + } + + options := &generic.StoreOptions{RESTOptions: optsGetter, AttrFunc: GetAttrs} + if err := store.CompleteWithOptions(options); err != nil { + return NetworkPolicyStorage{}, err + } + + statusStore := *store + statusStore.UpdateStrategy = statusStrategy + statusStore.ResetFieldsStrategy = statusStrategy + + return NetworkPolicyStorage{ + NetworkPolicy: &REST{store}, + Status: &StatusREST{&statusStore}, + }, nil +} + +type StatusREST struct { + store *genericregistry.Store +} + +func (r *StatusREST) New() runtime.Object { + return &core.NetworkPolicy{} +} + +func (r *StatusREST) Get(ctx context.Context, name string, options *metav1.GetOptions) (runtime.Object, error) { + return r.store.Get(ctx, name, options) +} + +func (r *StatusREST) Update(ctx context.Context, name string, objInfo rest.UpdatedObjectInfo, createValidation rest.ValidateObjectFunc, updateValidation rest.ValidateObjectUpdateFunc, forceAllowCreate bool, options *metav1.UpdateOptions) (runtime.Object, bool, error) { + return r.store.Update(ctx, name, objInfo, createValidation, updateValidation, false, options) +} + +func (r *StatusREST) GetResetFields() map[fieldpath.APIVersion]*fieldpath.Set { + return r.store.GetResetFields() +} + +func (r *StatusREST) Destroy() {} diff --git a/internal/registry/networkpolicy/strategy.go b/internal/registry/networkpolicy/strategy.go new file mode 100644 index 00000000..b684cc23 --- /dev/null +++ b/internal/registry/networkpolicy/strategy.go @@ -0,0 +1,117 @@ +// SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and IronCore contributors +// SPDX-License-Identifier: Apache-2.0 + +package networkpolicy + +import ( + "context" + "fmt" + + "github.com/ironcore-dev/ironcore-net/internal/apis/core" + "github.com/ironcore-dev/ironcore-net/internal/apis/core/validation" + "k8s.io/apimachinery/pkg/fields" + "k8s.io/apimachinery/pkg/labels" + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/util/validation/field" + "k8s.io/apiserver/pkg/registry/generic" + apisrvstorage "k8s.io/apiserver/pkg/storage" + "k8s.io/apiserver/pkg/storage/names" + "sigs.k8s.io/structured-merge-diff/v4/fieldpath" +) + +func GetAttrs(obj runtime.Object) (labels.Set, fields.Set, error) { + networkPolicy, ok := obj.(*core.NetworkPolicy) + if !ok { + return nil, nil, fmt.Errorf("given object is not a NetworkPolicy") + } + return networkPolicy.Labels, SelectableFields(networkPolicy), nil +} + +func MatchNetworkPolicy(label labels.Selector, field fields.Selector) apisrvstorage.SelectionPredicate { + return apisrvstorage.SelectionPredicate{ + Label: label, + Field: field, + GetAttrs: GetAttrs, + } +} + +func SelectableFields(networkPolicy *core.NetworkPolicy) fields.Set { + return generic.ObjectMetaFieldsSet(&networkPolicy.ObjectMeta, true) +} + +type networkPolicyStrategy struct { + runtime.ObjectTyper + names.NameGenerator +} + +func NewStrategy(typer runtime.ObjectTyper) networkPolicyStrategy { + return networkPolicyStrategy{typer, names.SimpleNameGenerator} +} +func (networkPolicyStrategy) NamespaceScoped() bool { + return true +} + +func (networkPolicyStrategy) PrepareForCreate(ctx context.Context, obj runtime.Object) { + +} + +func (networkPolicyStrategy) PrepareForUpdate(ctx context.Context, obj, old runtime.Object) { +} + +func (networkPolicyStrategy) Validate(ctx context.Context, obj runtime.Object) field.ErrorList { + networkPolicy := obj.(*core.NetworkPolicy) + return validation.ValidateNetworkPolicy(networkPolicy) +} + +func (networkPolicyStrategy) WarningsOnCreate(ctx context.Context, obj runtime.Object) []string { + return nil +} + +func (networkPolicyStrategy) AllowCreateOnUpdate() bool { + return false +} + +func (networkPolicyStrategy) AllowUnconditionalUpdate() bool { + return false +} + +func (networkPolicyStrategy) Canonicalize(obj runtime.Object) { +} + +func (networkPolicyStrategy) ValidateUpdate(ctx context.Context, obj, old runtime.Object) field.ErrorList { + newNetworkPolicy := obj.(*core.NetworkPolicy) + oldNetworkPolicy := old.(*core.NetworkPolicy) + return validation.ValidateNetworkPolicyUpdate(newNetworkPolicy, oldNetworkPolicy) +} + +func (networkPolicyStrategy) WarningsOnUpdate(ctx context.Context, obj, old runtime.Object) []string { + return nil +} + +type networkPolicyStatusStrategy struct { + networkPolicyStrategy +} + +func NewStatusStrategy(typer runtime.ObjectTyper) networkPolicyStatusStrategy { + return networkPolicyStatusStrategy{NewStrategy(typer)} +} +func (networkPolicyStatusStrategy) GetResetFields() map[fieldpath.APIVersion]*fieldpath.Set { + return map[fieldpath.APIVersion]*fieldpath.Set{ + "apinet.ironcore.dev/v1alpha1": fieldpath.NewSet( + fieldpath.MakePathOrDie("spec"), + ), + } +} + +func (networkPolicyStatusStrategy) PrepareForUpdate(ctx context.Context, obj, old runtime.Object) { +} + +func (networkPolicyStatusStrategy) ValidateUpdate(ctx context.Context, obj, old runtime.Object) field.ErrorList { + newNetworkPolicy := obj.(*core.NetworkPolicy) + oldNetworkPolicy := old.(*core.NetworkPolicy) + return validation.ValidateNetworkPolicyUpdate(newNetworkPolicy, oldNetworkPolicy) +} + +func (networkPolicyStatusStrategy) WarningsOnUpdate(cxt context.Context, obj, old runtime.Object) []string { + return nil +} diff --git a/internal/registry/networkpolicy/tableconverter.go b/internal/registry/networkpolicy/tableconverter.go new file mode 100644 index 00000000..170e9843 --- /dev/null +++ b/internal/registry/networkpolicy/tableconverter.go @@ -0,0 +1,59 @@ +// SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and IronCore contributors +// SPDX-License-Identifier: Apache-2.0 + +package networkpolicy + +import ( + "context" + + "github.com/ironcore-dev/ironcore-net/internal/apis/core" + "k8s.io/apimachinery/pkg/api/meta" + "k8s.io/apimachinery/pkg/api/meta/table" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" +) + +type convertor struct{} + +var ( + objectMetaSwaggerDoc = metav1.ObjectMeta{}.SwaggerDoc() + + headers = []metav1.TableColumnDefinition{ + {Name: "Name", Type: "string", Format: "name", Description: objectMetaSwaggerDoc["name"]}, + {Name: "Network", Type: "string", Description: "The network this network policy affects"}, + {Name: "Nic-Selector", Type: "string", Description: "The selector for network interfaces"}, + {Name: "Age", Type: "string", Format: "date", Description: objectMetaSwaggerDoc["creationTimestamp"]}, + } +) + +func newTableConvertor() *convertor { + return &convertor{} +} + +func (c *convertor) ConvertToTable(ctx context.Context, obj runtime.Object, tableOptions runtime.Object) (*metav1.Table, error) { + tab := &metav1.Table{ + ColumnDefinitions: headers, + } + + if m, err := meta.ListAccessor(obj); err == nil { + tab.ResourceVersion = m.GetResourceVersion() + tab.Continue = m.GetContinue() + } else { + if m, err := meta.CommonAccessor(obj); err == nil { + tab.ResourceVersion = m.GetResourceVersion() + } + } + + var err error + tab.Rows, err = table.MetaToTableRow(obj, func(obj runtime.Object, m metav1.Object, name, age string) (cells []interface{}, err error) { + networkPolicy := obj.(*core.NetworkPolicy) + + cells = append(cells, name) + cells = append(cells, networkPolicy.Spec.NetworkRef.Name) + cells = append(cells, metav1.FormatLabelSelector(&networkPolicy.Spec.NetworkInterfaceSelector)) + cells = append(cells, age) + + return cells, nil + }) + return tab, err +} diff --git a/internal/registry/networkpolicyrule/storage.go b/internal/registry/networkpolicyrule/storage.go new file mode 100644 index 00000000..f2232361 --- /dev/null +++ b/internal/registry/networkpolicyrule/storage.go @@ -0,0 +1,77 @@ +// SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and IronCore contributors +// SPDX-License-Identifier: Apache-2.0 + +package networkpolicyrule + +import ( + "context" + + "github.com/ironcore-dev/ironcore-net/internal/apis/core" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apiserver/pkg/registry/generic" + genericregistry "k8s.io/apiserver/pkg/registry/generic/registry" + "k8s.io/apiserver/pkg/registry/rest" + "sigs.k8s.io/structured-merge-diff/v4/fieldpath" +) + +type NetworkPolicyRuleStorage struct { + NetworkPolicyRule *REST +} + +type REST struct { + *genericregistry.Store +} + +func NewStorage(scheme *runtime.Scheme, optsGetter generic.RESTOptionsGetter) (NetworkPolicyRuleStorage, error) { + strategy := NewStrategy(scheme) + + store := &genericregistry.Store{ + NewFunc: func() runtime.Object { + return &core.NetworkPolicyRule{} + }, + NewListFunc: func() runtime.Object { + return &core.NetworkPolicyRuleList{} + }, + PredicateFunc: MatchNetworkPolicyRule, + DefaultQualifiedResource: core.Resource("networkpolicyrules"), + SingularQualifiedResource: core.Resource("networkpolicyrule"), + + CreateStrategy: strategy, + UpdateStrategy: strategy, + DeleteStrategy: strategy, + + TableConvertor: newTableConvertor(), + } + + options := &generic.StoreOptions{RESTOptions: optsGetter, AttrFunc: GetAttrs} + if err := store.CompleteWithOptions(options); err != nil { + return NetworkPolicyRuleStorage{}, err + } + + return NetworkPolicyRuleStorage{ + NetworkPolicyRule: &REST{store}, + }, nil +} + +type StatusREST struct { + store *genericregistry.Store +} + +func (r *StatusREST) New() runtime.Object { + return &core.NetworkPolicyRule{} +} + +func (r *StatusREST) Get(ctx context.Context, name string, options *metav1.GetOptions) (runtime.Object, error) { + return r.store.Get(ctx, name, options) +} + +func (r *StatusREST) Update(ctx context.Context, name string, objInfo rest.UpdatedObjectInfo, createValidation rest.ValidateObjectFunc, updateValidation rest.ValidateObjectUpdateFunc, forceAllowCreate bool, options *metav1.UpdateOptions) (runtime.Object, bool, error) { + return r.store.Update(ctx, name, objInfo, createValidation, updateValidation, false, options) +} + +func (r *StatusREST) GetResetFields() map[fieldpath.APIVersion]*fieldpath.Set { + return r.store.GetResetFields() +} + +func (r *StatusREST) Destroy() {} diff --git a/internal/registry/networkpolicyrule/strategy.go b/internal/registry/networkpolicyrule/strategy.go new file mode 100644 index 00000000..315021f5 --- /dev/null +++ b/internal/registry/networkpolicyrule/strategy.go @@ -0,0 +1,88 @@ +// SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and IronCore contributors +// SPDX-License-Identifier: Apache-2.0 + +package networkpolicyrule + +import ( + "context" + "fmt" + + "github.com/ironcore-dev/ironcore-net/internal/apis/core" + "github.com/ironcore-dev/ironcore-net/internal/apis/core/validation" + "k8s.io/apimachinery/pkg/fields" + "k8s.io/apimachinery/pkg/labels" + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/util/validation/field" + "k8s.io/apiserver/pkg/registry/generic" + apisrvstorage "k8s.io/apiserver/pkg/storage" + "k8s.io/apiserver/pkg/storage/names" +) + +func GetAttrs(obj runtime.Object) (labels.Set, fields.Set, error) { + networkPolicyRule, ok := obj.(*core.NetworkPolicyRule) + if !ok { + return nil, nil, fmt.Errorf("given object is not a NetworkPolicyRule") + } + return networkPolicyRule.Labels, SelectableFields(networkPolicyRule), nil +} + +func MatchNetworkPolicyRule(label labels.Selector, field fields.Selector) apisrvstorage.SelectionPredicate { + return apisrvstorage.SelectionPredicate{ + Label: label, + Field: field, + GetAttrs: GetAttrs, + } +} + +func SelectableFields(networkPolicyRule *core.NetworkPolicyRule) fields.Set { + return generic.ObjectMetaFieldsSet(&networkPolicyRule.ObjectMeta, true) +} + +type networkPolicyRuleStrategy struct { + runtime.ObjectTyper + names.NameGenerator +} + +func NewStrategy(typer runtime.ObjectTyper) networkPolicyRuleStrategy { + return networkPolicyRuleStrategy{typer, names.SimpleNameGenerator} +} + +func (networkPolicyRuleStrategy) NamespaceScoped() bool { + return true +} + +func (networkPolicyRuleStrategy) PrepareForCreate(ctx context.Context, obj runtime.Object) { +} + +func (networkPolicyRuleStrategy) PrepareForUpdate(ctx context.Context, obj, old runtime.Object) { +} + +func (networkPolicyRuleStrategy) Validate(ctx context.Context, obj runtime.Object) field.ErrorList { + networkPolicyRule := obj.(*core.NetworkPolicyRule) + return validation.ValidateNetworkPolicyRule(networkPolicyRule) +} + +func (networkPolicyRuleStrategy) WarningsOnCreate(ctx context.Context, obj runtime.Object) []string { + return nil +} + +func (networkPolicyRuleStrategy) AllowCreateOnUpdate() bool { + return false +} + +func (networkPolicyRuleStrategy) AllowUnconditionalUpdate() bool { + return false +} + +func (networkPolicyRuleStrategy) Canonicalize(obj runtime.Object) { +} + +func (networkPolicyRuleStrategy) ValidateUpdate(ctx context.Context, obj, old runtime.Object) field.ErrorList { + newNetworkPolicyRule := obj.(*core.NetworkPolicyRule) + oldNetworkPolicyRule := old.(*core.NetworkPolicyRule) + return validation.ValidateNetworkPolicyRuleUpdate(newNetworkPolicyRule, oldNetworkPolicyRule) +} + +func (networkPolicyRuleStrategy) WarningsOnUpdate(ctx context.Context, obj, old runtime.Object) []string { + return nil +} diff --git a/internal/registry/networkpolicyrule/tableconvertor.go b/internal/registry/networkpolicyrule/tableconvertor.go new file mode 100644 index 00000000..22a43619 --- /dev/null +++ b/internal/registry/networkpolicyrule/tableconvertor.go @@ -0,0 +1,56 @@ +// SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and IronCore contributors +// SPDX-License-Identifier: Apache-2.0 + +package networkpolicyrule + +import ( + "context" + + "github.com/ironcore-dev/ironcore-net/internal/apis/core" + "k8s.io/apimachinery/pkg/api/meta" + "k8s.io/apimachinery/pkg/api/meta/table" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" +) + +type convertor struct{} + +var ( + objectMetaSwaggerDoc = metav1.ObjectMeta{}.SwaggerDoc() + + headers = []metav1.TableColumnDefinition{ + {Name: "Name", Type: "string", Format: "name", Description: objectMetaSwaggerDoc["name"]}, + {Name: "Age", Type: "string", Format: "date", Description: objectMetaSwaggerDoc["creationTimestamp"]}, + } +) + +func newTableConvertor() *convertor { + return &convertor{} +} + +func (c *convertor) ConvertToTable(ctx context.Context, obj runtime.Object, tableOptions runtime.Object) (*metav1.Table, error) { + tab := &metav1.Table{ + ColumnDefinitions: headers, + } + + if m, err := meta.ListAccessor(obj); err == nil { + tab.ResourceVersion = m.GetResourceVersion() + tab.Continue = m.GetContinue() + } else { + if m, err := meta.CommonAccessor(obj); err == nil { + tab.ResourceVersion = m.GetResourceVersion() + } + } + + var err error + tab.Rows, err = table.MetaToTableRow(obj, func(obj runtime.Object, m metav1.Object, name, age string) (cells []interface{}, err error) { + networkPolicyRule := obj.(*core.NetworkPolicyRule) + _ = networkPolicyRule + + cells = append(cells, name) + cells = append(cells, age) + + return cells, nil + }) + return tab, err +} diff --git a/metalnetlet/controllers/networkinterface_controller.go b/metalnetlet/controllers/networkinterface_controller.go index 6dc8be97..b0902566 100644 --- a/metalnetlet/controllers/networkinterface_controller.go +++ b/metalnetlet/controllers/networkinterface_controller.go @@ -8,17 +8,22 @@ import ( "fmt" "github.com/go-logr/logr" + "github.com/google/uuid" "github.com/ironcore-dev/controller-utils/clientutils" "github.com/ironcore-dev/ironcore-net/api/core/v1alpha1" "github.com/ironcore-dev/ironcore-net/apimachinery/api/net" metalnetletclient "github.com/ironcore-dev/ironcore-net/metalnetlet/client" utilhandler "github.com/ironcore-dev/ironcore-net/metalnetlet/handler" + netiputils "github.com/ironcore-dev/ironcore-net/utils/netip" + "github.com/ironcore-dev/ironcore/utils/generic" utilslices "github.com/ironcore-dev/ironcore/utils/slices" metalnetv1alpha1 "github.com/ironcore-dev/metalnet/api/v1alpha1" + "golang.org/x/exp/slices" corev1 "k8s.io/api/core/v1" apierrors "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/types" "k8s.io/apimachinery/pkg/util/sets" ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/builder" @@ -47,6 +52,8 @@ type NetworkInterfaceReconciler struct { //+kubebuilder:rbac:groups=core.apinet.ironcore.dev,resources=loadbalancers,verbs=get;list;watch //+kubebuilder:rbac:groups=core.apinet.ironcore.dev,resources=nattables,verbs=get;list;watch //+kubebuilder:rbac:groups=core.apinet.ironcore.dev,resources=natgateways,verbs=get;list;watch +//+kubebuilder:rbac:groups=core.apinet.ironcore.dev,resources=networkpolicies,verbs=get;list;watch +//+kubebuilder:rbac:groups=core.apinet.ironcore.dev,resources=networkpolicyrules,verbs=get;list;watch //+cluster=metalnet:kubebuilder:rbac:groups=networking.metalnet.ironcore.dev,resources=networkinterfaces,verbs=get;list;watch;create;update;patch;delete;deletecollection //+cluster=metalnet:kubebuilder:rbac:groups="",resources=nodes,verbs=get;list;watch @@ -161,6 +168,130 @@ func (r *NetworkInterfaceReconciler) getLoadBalancerTargetsForNetworkInterface(c return ips, nil } +func (r *NetworkInterfaceReconciler) getNetworkPolicyRulesForNetworkInterface(ctx context.Context, nic *v1alpha1.NetworkInterface) ([]metalnetv1alpha1.FirewallRule, error) { + var firewallRules []metalnetv1alpha1.FirewallRule + + npRuleList := &v1alpha1.NetworkPolicyRuleList{} + if err := r.List(ctx, npRuleList, + client.InNamespace(nic.Namespace), + ); err != nil { + return nil, fmt.Errorf("error listing network policy rules: %w", err) + } + + for _, npRule := range npRuleList.Items { + hasDst := slices.ContainsFunc(npRule.Targets, + func(target v1alpha1.TargetNetworkInterface) bool { + return slices.Contains(nic.Spec.IPs, target.IP) + }, + ) + if hasDst { + rules := getFirewallRulesFromNetworkPolicyRule(&npRule) + firewallRules = append(firewallRules, rules...) + } + } + + return firewallRules, nil +} + +func getFirewallRulesFromNetworkPolicyRule(npRule *v1alpha1.NetworkPolicyRule) []metalnetv1alpha1.FirewallRule { + var firewallRules []metalnetv1alpha1.FirewallRule + priority := npRule.Priority + + for _, ingressRule := range npRule.IngressRules { + rules := extractFirewallRulesFromRule(ingressRule, metalnetv1alpha1.FirewallRuleDirectionIngress, priority) + firewallRules = append(firewallRules, rules...) + } + + for _, egressRule := range npRule.EgressRules { + rules := extractFirewallRulesFromRule(egressRule, metalnetv1alpha1.FirewallRuleDirectionEgress, priority) + firewallRules = append(firewallRules, rules...) + } + + return firewallRules +} + +func extractFirewallRulesFromRule(rule v1alpha1.Rule, direction metalnetv1alpha1.FirewallRuleDirection, priority *int32) []metalnetv1alpha1.FirewallRule { + var firewallRules []metalnetv1alpha1.FirewallRule + + for _, port := range rule.NetworkPolicyPorts { + baseFirewallRule := metalnetv1alpha1.FirewallRule{ + Direction: direction, + Action: metalnetv1alpha1.FirewallRuleActionAccept, + Priority: priority, + ProtocolMatch: &metalnetv1alpha1.ProtocolMatch{}, + } + + switch *port.Protocol { + case corev1.ProtocolTCP: + baseFirewallRule.ProtocolMatch.ProtocolType = generic.Pointer(metalnetv1alpha1.FirewallRuleProtocolTypeTCP) + case corev1.ProtocolUDP: + baseFirewallRule.ProtocolMatch.ProtocolType = generic.Pointer(metalnetv1alpha1.FirewallRuleProtocolTypeUDP) + //TODO: no support for SCTP protocol in metalnetlet and metalnetlet FirewallRuleProtocolTypeICMP is not defined in ironcore + } + + if port.Port != 0 { + if direction == metalnetv1alpha1.FirewallRuleDirectionIngress { + baseFirewallRule.ProtocolMatch.PortRange = &metalnetv1alpha1.PortMatch{SrcPort: &port.Port} + } else { + baseFirewallRule.ProtocolMatch.PortRange = &metalnetv1alpha1.PortMatch{DstPort: &port.Port} + } + if port.EndPort != nil { + if direction == metalnetv1alpha1.FirewallRuleDirectionIngress { + baseFirewallRule.ProtocolMatch.PortRange.EndSrcPort = *port.EndPort + } else { + baseFirewallRule.ProtocolMatch.PortRange.EndDstPort = *port.EndPort + } + } + } + + for _, cidrBlock := range rule.CIDRBlock { + firewallRule := baseFirewallRule + firewallRule.FirewallRuleID = types.UID(uuid.New().String()) + firewallRule.IpFamily = netiputils.GetIPFamilyFromPrefix(cidrBlock.CIDR) + + if direction == metalnetv1alpha1.FirewallRuleDirectionIngress { + firewallRule.SourcePrefix = &metalnetv1alpha1.IPPrefix{Prefix: cidrBlock.CIDR.Prefix} + } else { + firewallRule.DestinationPrefix = &metalnetv1alpha1.IPPrefix{Prefix: cidrBlock.CIDR.Prefix} + } + + firewallRules = append(firewallRules, firewallRule) + + if len(cidrBlock.Except) > 0 { + for _, exceptCIDR := range cidrBlock.Except { + exceptFirewallRule := firewallRule + exceptFirewallRule.FirewallRuleID = types.UID(uuid.New().String()) + exceptFirewallRule.Action = metalnetv1alpha1.FirewallRuleActionDeny + + if direction == metalnetv1alpha1.FirewallRuleDirectionIngress { + exceptFirewallRule.SourcePrefix = &metalnetv1alpha1.IPPrefix{Prefix: exceptCIDR.Prefix} + } else { + exceptFirewallRule.DestinationPrefix = &metalnetv1alpha1.IPPrefix{Prefix: exceptCIDR.Prefix} + } + + firewallRules = append(firewallRules, exceptFirewallRule) + } + } + } + + for _, objectIP := range rule.ObjectIPs { + firewallRule := baseFirewallRule + firewallRule.FirewallRuleID = types.UID(uuid.New().String()) + firewallRule.IpFamily = netiputils.GetIPFamilyFromPrefix(objectIP.Prefix) + + if direction == metalnetv1alpha1.FirewallRuleDirectionIngress { + firewallRule.SourcePrefix = &metalnetv1alpha1.IPPrefix{Prefix: objectIP.Prefix.Prefix} + } else { + firewallRule.DestinationPrefix = &metalnetv1alpha1.IPPrefix{Prefix: objectIP.Prefix.Prefix} + } + + firewallRules = append(firewallRules, firewallRule) + } + } + + return firewallRules +} + func (r *NetworkInterfaceReconciler) getNATDetailsForNetworkInterface( ctx context.Context, nic *v1alpha1.NetworkInterface, @@ -345,6 +476,12 @@ func (r *NetworkInterfaceReconciler) applyMetalnetNic(ctx context.Context, log l return nil, false, fmt.Errorf("error getting load balancer targets: %w", err) } + log.V(1).Info("Getting network policy rules") + npRules, err := r.getNetworkPolicyRulesForNetworkInterface(ctx, nic) + if err != nil { + return nil, false, fmt.Errorf("error getting network policy rules: %w", err) + } + log.V(1).Info("Getting NAT IPs") natIPs, err := r.getNATDetailsForNetworkInterface(ctx, nic) if err != nil { @@ -370,6 +507,7 @@ func (r *NetworkInterfaceReconciler) applyMetalnetNic(ctx context.Context, log l LoadBalancerTargets: ipsToMetalnetIPPrefixes(targets), NAT: workaroundMetalnetNoIPv6NATDetailsToNATDetailsPointer(natIPs), NodeName: &metalnetNodeName, + FirewallRules: npRules, }, } log.V(1).Info("Applying metalnet network interface") @@ -475,6 +613,69 @@ func (r *NetworkInterfaceReconciler) enqueueByLoadBalancer() handler.EventHandle }) } +func (r *NetworkInterfaceReconciler) reconcileRequestsByNetworkPolicyRule( + ctx context.Context, + log logr.Logger, + networkPolicyRule *v1alpha1.NetworkPolicyRule, +) []ctrl.Request { + nicList := &v1alpha1.NetworkInterfaceList{} + if err := r.List(ctx, nicList, + client.InNamespace(networkPolicyRule.Namespace), + ); err != nil { + log.Error(err, "Error listing network interfaces") + return nil + } + + metalnetNodeList := &corev1.NodeList{} + if err := r.MetalnetClient.List(ctx, metalnetNodeList); err != nil { + log.Error(err, "Error listing metalnet nodes") + return nil + } + + targetIPs := utilslices.ToSetFunc(networkPolicyRule.Targets, + func(target v1alpha1.TargetNetworkInterface) net.IP { return target.IP }, + ) + + var reqs []ctrl.Request + for _, nic := range nicList.Items { + if _, err := ParseNodeName(r.PartitionName, nic.Spec.NodeRef.Name); err != nil { + continue + } + + if targetIPs.HasAny(nic.Spec.IPs...) { + reqs = append(reqs, ctrl.Request{NamespacedName: client.ObjectKeyFromObject(&nic)}) + } + } + return reqs +} + +func (r *NetworkInterfaceReconciler) enqueueByNetworkPolicyRule() handler.EventHandler { + return handler.EnqueueRequestsFromMapFunc(func(ctx context.Context, obj client.Object) []ctrl.Request { + networkPolicyRule := obj.(*v1alpha1.NetworkPolicyRule) + log := ctrl.LoggerFrom(ctx) + + return r.reconcileRequestsByNetworkPolicyRule(ctx, log, networkPolicyRule) + }) +} + +func (r *NetworkInterfaceReconciler) enqueueByNetworkPolicy() handler.EventHandler { + return handler.EnqueueRequestsFromMapFunc(func(ctx context.Context, obj client.Object) []ctrl.Request { + networkPolicy := obj.(*v1alpha1.NetworkPolicy) + log := ctrl.LoggerFrom(ctx) + + networkPolicyKey := client.ObjectKeyFromObject(networkPolicy) + networkPolicyRule := &v1alpha1.NetworkPolicyRule{} + if err := r.Get(ctx, networkPolicyKey, networkPolicyRule); err != nil { + if !apierrors.IsNotFound(err) { + log.Error(err, "Error getting network policy rule") + } + return nil + } + + return r.reconcileRequestsByNetworkPolicyRule(ctx, log, networkPolicyRule) + }) +} + func (r *NetworkInterfaceReconciler) enqueueByMetalnetNode() handler.EventHandler { return handler.EnqueueRequestsFromMapFunc(func(ctx context.Context, obj client.Object) []ctrl.Request { metalnetNode := obj.(*corev1.Node) @@ -519,6 +720,14 @@ func (r *NetworkInterfaceReconciler) SetupWithManager(mgr ctrl.Manager, metalnet &v1alpha1.LoadBalancerRouting{}, r.enqueueByLoadBalancerRouting(), ). + Watches( + &v1alpha1.NetworkPolicy{}, + r.enqueueByNetworkPolicy(), + ). + Watches( + &v1alpha1.NetworkPolicyRule{}, + r.enqueueByNetworkPolicyRule(), + ). WatchesRawSource( source.Kind(metalnetCache, &metalnetv1alpha1.NetworkInterface{}), utilhandler.EnqueueRequestForSource(r.Scheme(), r.RESTMapper(), &v1alpha1.NetworkInterface{}), diff --git a/metalnetlet/controllers/networkinterface_controller_test.go b/metalnetlet/controllers/networkinterface_controller_test.go index 406db22f..696419ed 100644 --- a/metalnetlet/controllers/networkinterface_controller_test.go +++ b/metalnetlet/controllers/networkinterface_controller_test.go @@ -8,10 +8,13 @@ import ( "github.com/ironcore-dev/ironcore-net/api/core/v1alpha1" "github.com/ironcore-dev/ironcore-net/apimachinery/api/net" + "github.com/ironcore-dev/ironcore/utils/generic" . "github.com/ironcore-dev/ironcore/utils/testing" metalnetv1alpha1 "github.com/ironcore-dev/metalnet/api/v1alpha1" . "github.com/onsi/ginkgo/v2" . "github.com/onsi/gomega" + . "github.com/onsi/gomega/gstruct" + corev1 "k8s.io/api/core/v1" apierrors "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -26,7 +29,7 @@ var _ = Describe("NetworkInterfaceController", func() { metalnetNode := SetupMetalnetNode() network := SetupNetwork(ns) - It("should create a metalnet network for a network", func(ctx SpecContext) { + It("should create a metalnet network interface for a network interface", func(ctx SpecContext) { By("creating a network") By("creating a network interface") @@ -34,6 +37,9 @@ var _ = Describe("NetworkInterfaceController", func() { ObjectMeta: metav1.ObjectMeta{ Namespace: ns.Name, GenerateName: "nic-", + Labels: map[string]string{ + "app": "target", + }, }, Spec: v1alpha1.NetworkInterfaceSpec{ NodeRef: corev1.LocalObjectReference{ @@ -88,6 +94,84 @@ var _ = Describe("NetworkInterfaceController", func() { } Expect(k8sClient.Create(ctx, loadBalancerRouting)).To(Succeed()) + By("creating a network policy rule") + np := &v1alpha1.NetworkPolicyRule{ + ObjectMeta: metav1.ObjectMeta{ + Namespace: ns.Name, + GenerateName: "network-policy-", + }, + NetworkRef: v1alpha1.LocalUIDReference{Name: network.Name, UID: network.UID}, + Targets: []v1alpha1.TargetNetworkInterface{ + { + IP: net.MustParseIP("10.0.0.1"), + TargetRef: &v1alpha1.LocalUIDReference{ + UID: nic.UID, + Name: nic.Name, + }, + }, + }, + Priority: generic.Pointer(int32(3000)), + IngressRules: []v1alpha1.Rule{ + { + CIDRBlock: []v1alpha1.IPBlock{ + { + CIDR: net.IPPrefix{Prefix: netip.MustParsePrefix("192.168.1.0/24")}, + Except: []net.IPPrefix{ + {Prefix: netip.MustParsePrefix("192.168.2.100/32")}, + }, + }, + { + CIDR: net.IPPrefix{Prefix: netip.MustParsePrefix("2001:db8::/64")}, + Except: []net.IPPrefix{ + {Prefix: netip.MustParsePrefix("2001:db8::1234/128")}, + }, + }, + }, + ObjectIPs: []v1alpha1.ObjectIP{ + { + Prefix: net.IPPrefix{Prefix: netip.MustParsePrefix("192.168.2.0/24")}, + }, + }, + NetworkPolicyPorts: []v1alpha1.NetworkPolicyPort{ + { + Protocol: generic.Pointer(corev1.ProtocolTCP), + Port: 8080, + EndPort: generic.Pointer(int32(8090)), + }, + }, + }, + }, + EgressRules: []v1alpha1.Rule{ + { + CIDRBlock: []v1alpha1.IPBlock{ + { + CIDR: net.IPPrefix{Prefix: netip.MustParsePrefix("10.0.0.0/16")}, + }, + }, + ObjectIPs: []v1alpha1.ObjectIP{ + { + Prefix: net.IPPrefix{Prefix: netip.MustParsePrefix("192.168.178.60/32")}, + }, + { + Prefix: net.IPPrefix{Prefix: netip.MustParsePrefix("2001:db8:5678:abcd::60/128")}, + }, + }, + NetworkPolicyPorts: []v1alpha1.NetworkPolicyPort{ + { + Protocol: generic.Pointer(corev1.ProtocolTCP), + Port: 8095, + }, + { + Protocol: generic.Pointer(corev1.ProtocolTCP), + Port: 9000, + EndPort: generic.Pointer(int32(9010)), + }, + }, + }, + }, + } + Expect(k8sClient.Create(ctx, np)).To(Succeed()) + By("waiting for the network interface to have a finalizer") Eventually(Object(nic)).Should(HaveField("Finalizers", []string{PartitionFinalizer(partitionName)})) @@ -98,15 +182,240 @@ var _ = Describe("NetworkInterfaceController", func() { Name: string(nic.UID), }, } - Eventually(Object(metalnetNic)).Should(HaveField("Spec", metalnetv1alpha1.NetworkInterfaceSpec{ - NetworkRef: corev1.LocalObjectReference{Name: string(network.UID)}, - IPFamilies: []corev1.IPFamily{corev1.IPv4Protocol}, - IPs: []metalnetv1alpha1.IP{metalnetv1alpha1.MustParseIP("10.0.0.1")}, - LoadBalancerTargets: []metalnetv1alpha1.IPPrefix{ - {Prefix: netip.PrefixFrom(loadBalancer.Spec.IPs[0].IP.Addr, 32)}, - }, - NodeName: &metalnetNode.Name, - })) + + Eventually(Object(metalnetNic)).Should(SatisfyAll( + HaveField("Spec.NetworkRef", Equal(corev1.LocalObjectReference{Name: string(network.UID)})), + HaveField("Spec.IPFamilies", ConsistOf(corev1.IPv4Protocol)), + HaveField("Spec.IPs", ConsistOf(metalnetv1alpha1.MustParseIP("10.0.0.1"))), + HaveField("Spec.LoadBalancerTargets", ConsistOf( + MatchFields(IgnoreExtras, Fields{ + "Prefix": Equal(netip.PrefixFrom(loadBalancer.Spec.IPs[0].IP.Addr, 32)), + }), + )), + HaveField("Spec.NodeName", Equal(&metalnetNode.Name)), + HaveField("Spec.FirewallRules", ConsistOf( + MatchFields(IgnoreExtras, Fields{ + "FirewallRuleID": Not(BeEmpty()), + "Direction": Equal(metalnetv1alpha1.FirewallRuleDirectionIngress), + "Action": Equal(metalnetv1alpha1.FirewallRuleActionAccept), + "Priority": PointTo(Equal(int32(3000))), + "IpFamily": Equal(corev1.IPv4Protocol), + "SourcePrefix": PointTo(MatchFields(IgnoreExtras, Fields{ + "Prefix": Equal(netip.MustParsePrefix("192.168.1.0/24")), + })), + "DestinationPrefix": BeNil(), + "ProtocolMatch": PointTo(MatchFields(IgnoreExtras, Fields{ + "ProtocolType": PointTo(Equal(metalnetv1alpha1.FirewallRuleProtocolTypeTCP)), + "PortRange": PointTo(MatchFields(IgnoreExtras, Fields{ + "SrcPort": PointTo(Equal(int32(8080))), + "EndSrcPort": Equal(int32(8090)), + "DstPort": BeNil(), + "EndDstPort": BeEquivalentTo(0), + })), + })), + }), + MatchFields(IgnoreExtras, Fields{ + "FirewallRuleID": Not(BeEmpty()), + "Direction": Equal(metalnetv1alpha1.FirewallRuleDirectionIngress), + "Action": Equal(metalnetv1alpha1.FirewallRuleActionDeny), + "Priority": PointTo(Equal(int32(3000))), + "IpFamily": Equal(corev1.IPv4Protocol), + "SourcePrefix": PointTo(MatchFields(IgnoreExtras, Fields{ + "Prefix": Equal(netip.MustParsePrefix("192.168.2.100/32")), + })), + "DestinationPrefix": BeNil(), + "ProtocolMatch": PointTo(MatchFields(IgnoreExtras, Fields{ + "ProtocolType": PointTo(Equal(metalnetv1alpha1.FirewallRuleProtocolTypeTCP)), + "PortRange": PointTo(MatchFields(IgnoreExtras, Fields{ + "SrcPort": PointTo(Equal(int32(8080))), + "EndSrcPort": Equal(int32(8090)), + "DstPort": BeNil(), + "EndDstPort": BeEquivalentTo(0), + })), + })), + }), + MatchFields(IgnoreExtras, Fields{ + "FirewallRuleID": Not(BeEmpty()), + "Direction": Equal(metalnetv1alpha1.FirewallRuleDirectionIngress), + "Action": Equal(metalnetv1alpha1.FirewallRuleActionAccept), + "Priority": PointTo(Equal(int32(3000))), + "IpFamily": Equal(corev1.IPv6Protocol), + "SourcePrefix": PointTo(MatchFields(IgnoreExtras, Fields{ + "Prefix": Equal(netip.MustParsePrefix("2001:db8::/64")), + })), + "DestinationPrefix": BeNil(), + "ProtocolMatch": PointTo(MatchFields(IgnoreExtras, Fields{ + "ProtocolType": PointTo(Equal(metalnetv1alpha1.FirewallRuleProtocolTypeTCP)), + "PortRange": PointTo(MatchFields(IgnoreExtras, Fields{ + "SrcPort": PointTo(Equal(int32(8080))), + "EndSrcPort": Equal(int32(8090)), + "DstPort": BeNil(), + "EndDstPort": BeEquivalentTo(0), + })), + })), + }), + MatchFields(IgnoreExtras, Fields{ + "FirewallRuleID": Not(BeEmpty()), + "Direction": Equal(metalnetv1alpha1.FirewallRuleDirectionIngress), + "Action": Equal(metalnetv1alpha1.FirewallRuleActionDeny), + "Priority": PointTo(Equal(int32(3000))), + "IpFamily": Equal(corev1.IPv6Protocol), + "SourcePrefix": PointTo(MatchFields(IgnoreExtras, Fields{ + "Prefix": Equal(netip.MustParsePrefix("2001:db8::1234/128")), + })), + "DestinationPrefix": BeNil(), + "ProtocolMatch": PointTo(MatchFields(IgnoreExtras, Fields{ + "ProtocolType": PointTo(Equal(metalnetv1alpha1.FirewallRuleProtocolTypeTCP)), + "PortRange": PointTo(MatchFields(IgnoreExtras, Fields{ + "SrcPort": PointTo(Equal(int32(8080))), + "EndSrcPort": Equal(int32(8090)), + "DstPort": BeNil(), + "EndDstPort": BeEquivalentTo(0), + })), + })), + }), + MatchFields(IgnoreExtras, Fields{ + "FirewallRuleID": Not(BeEmpty()), + "Direction": Equal(metalnetv1alpha1.FirewallRuleDirectionIngress), + "Action": Equal(metalnetv1alpha1.FirewallRuleActionAccept), + "Priority": PointTo(Equal(int32(3000))), + "IpFamily": Equal(corev1.IPv4Protocol), + "SourcePrefix": PointTo(MatchFields(IgnoreExtras, Fields{ + "Prefix": Equal(netip.MustParsePrefix("192.168.2.0/24")), + })), + "DestinationPrefix": BeNil(), + "ProtocolMatch": PointTo(MatchFields(IgnoreExtras, Fields{ + "ProtocolType": PointTo(Equal(metalnetv1alpha1.FirewallRuleProtocolTypeTCP)), + "PortRange": PointTo(MatchFields(IgnoreExtras, Fields{ + "SrcPort": PointTo(Equal(int32(8080))), + "EndSrcPort": Equal(int32(8090)), + "DstPort": BeNil(), + "EndDstPort": BeEquivalentTo(0), + })), + })), + }), + MatchFields(IgnoreExtras, Fields{ + "FirewallRuleID": Not(BeEmpty()), + "Direction": Equal(metalnetv1alpha1.FirewallRuleDirectionEgress), + "Action": Equal(metalnetv1alpha1.FirewallRuleActionAccept), + "Priority": PointTo(Equal(int32(3000))), + "IpFamily": Equal(corev1.IPv4Protocol), + "SourcePrefix": BeNil(), + "DestinationPrefix": PointTo(MatchFields(IgnoreExtras, Fields{ + "Prefix": Equal(netip.MustParsePrefix("10.0.0.0/16")), + })), + "ProtocolMatch": PointTo(MatchFields(IgnoreExtras, Fields{ + "ProtocolType": PointTo(Equal(metalnetv1alpha1.FirewallRuleProtocolTypeTCP)), + "PortRange": PointTo(MatchFields(IgnoreExtras, Fields{ + "SrcPort": BeNil(), + "EndSrcPort": BeEquivalentTo(0), + "DstPort": PointTo(Equal(int32(8095))), + "EndDstPort": BeEquivalentTo(0), + })), + })), + }), + MatchFields(IgnoreExtras, Fields{ + "FirewallRuleID": Not(BeEmpty()), + "Direction": Equal(metalnetv1alpha1.FirewallRuleDirectionEgress), + "Action": Equal(metalnetv1alpha1.FirewallRuleActionAccept), + "Priority": PointTo(Equal(int32(3000))), + "IpFamily": Equal(corev1.IPv4Protocol), + "SourcePrefix": BeNil(), + "DestinationPrefix": PointTo(MatchFields(IgnoreExtras, Fields{ + "Prefix": Equal(netip.MustParsePrefix("10.0.0.0/16")), + })), + "ProtocolMatch": PointTo(MatchFields(IgnoreExtras, Fields{ + "ProtocolType": PointTo(Equal(metalnetv1alpha1.FirewallRuleProtocolTypeTCP)), + "PortRange": PointTo(MatchFields(IgnoreExtras, Fields{ + "SrcPort": BeNil(), + "EndSrcPort": BeEquivalentTo(0), + "DstPort": PointTo(Equal(int32(9000))), + "EndDstPort": Equal(int32(9010)), + })), + })), + }), + MatchFields(IgnoreExtras, Fields{ + "FirewallRuleID": Not(BeEmpty()), + "Direction": Equal(metalnetv1alpha1.FirewallRuleDirectionEgress), + "Action": Equal(metalnetv1alpha1.FirewallRuleActionAccept), + "Priority": PointTo(Equal(int32(3000))), + "IpFamily": Equal(corev1.IPv4Protocol), + "SourcePrefix": BeNil(), + "DestinationPrefix": PointTo(MatchFields(IgnoreExtras, Fields{ + "Prefix": Equal(netip.MustParsePrefix("192.168.178.60/32")), + })), + "ProtocolMatch": PointTo(MatchFields(IgnoreExtras, Fields{ + "ProtocolType": PointTo(Equal(metalnetv1alpha1.FirewallRuleProtocolTypeTCP)), + "PortRange": PointTo(MatchFields(IgnoreExtras, Fields{ + "SrcPort": BeNil(), + "EndSrcPort": BeEquivalentTo(0), + "DstPort": PointTo(Equal(int32(8095))), + "EndDstPort": BeEquivalentTo(0), + })), + })), + }), + MatchFields(IgnoreExtras, Fields{ + "FirewallRuleID": Not(BeEmpty()), + "Direction": Equal(metalnetv1alpha1.FirewallRuleDirectionEgress), + "Action": Equal(metalnetv1alpha1.FirewallRuleActionAccept), + "Priority": PointTo(Equal(int32(3000))), + "IpFamily": Equal(corev1.IPv4Protocol), + "SourcePrefix": BeNil(), + "DestinationPrefix": PointTo(MatchFields(IgnoreExtras, Fields{ + "Prefix": Equal(netip.MustParsePrefix("192.168.178.60/32")), + })), + "ProtocolMatch": PointTo(MatchFields(IgnoreExtras, Fields{ + "ProtocolType": PointTo(Equal(metalnetv1alpha1.FirewallRuleProtocolTypeTCP)), + "PortRange": PointTo(MatchFields(IgnoreExtras, Fields{ + "SrcPort": BeNil(), + "EndSrcPort": BeEquivalentTo(0), + "DstPort": PointTo(Equal(int32(9000))), + "EndDstPort": Equal(int32(9010)), + })), + })), + }), + MatchFields(IgnoreExtras, Fields{ + "FirewallRuleID": Not(BeEmpty()), + "Direction": Equal(metalnetv1alpha1.FirewallRuleDirectionEgress), + "Action": Equal(metalnetv1alpha1.FirewallRuleActionAccept), + "Priority": PointTo(Equal(int32(3000))), + "IpFamily": Equal(corev1.IPv6Protocol), + "SourcePrefix": BeNil(), + "DestinationPrefix": PointTo(MatchFields(IgnoreExtras, Fields{ + "Prefix": Equal(netip.MustParsePrefix("2001:db8:5678:abcd::60/128")), + })), + "ProtocolMatch": PointTo(MatchFields(IgnoreExtras, Fields{ + "ProtocolType": PointTo(Equal(metalnetv1alpha1.FirewallRuleProtocolTypeTCP)), + "PortRange": PointTo(MatchFields(IgnoreExtras, Fields{ + "SrcPort": BeNil(), + "EndSrcPort": BeEquivalentTo(0), + "DstPort": PointTo(Equal(int32(8095))), + "EndDstPort": BeEquivalentTo(0), + })), + })), + }), + MatchFields(IgnoreExtras, Fields{ + "FirewallRuleID": Not(BeEmpty()), + "Direction": Equal(metalnetv1alpha1.FirewallRuleDirectionEgress), + "Action": Equal(metalnetv1alpha1.FirewallRuleActionAccept), + "Priority": PointTo(Equal(int32(3000))), + "IpFamily": Equal(corev1.IPv6Protocol), + "SourcePrefix": BeNil(), + "DestinationPrefix": PointTo(MatchFields(IgnoreExtras, Fields{ + "Prefix": Equal(netip.MustParsePrefix("2001:db8:5678:abcd::60/128")), + })), + "ProtocolMatch": PointTo(MatchFields(IgnoreExtras, Fields{ + "ProtocolType": PointTo(Equal(metalnetv1alpha1.FirewallRuleProtocolTypeTCP)), + "PortRange": PointTo(MatchFields(IgnoreExtras, Fields{ + "SrcPort": BeNil(), + "EndSrcPort": BeEquivalentTo(0), + "DstPort": PointTo(Equal(int32(9000))), + "EndDstPort": Equal(int32(9010)), + })), + })), + }), + )), + )) By("updating the metalnet network interface's status") Eventually(UpdateStatus(metalnetNic, func() { diff --git a/utils/netip/netip.go b/utils/netip/netip.go index 95ab38aa..8cdf070f 100644 --- a/utils/netip/netip.go +++ b/utils/netip/netip.go @@ -8,6 +8,9 @@ import ( "math" "math/big" "net/netip" + + "github.com/ironcore-dev/ironcore-net/apimachinery/api/net" + corev1 "k8s.io/api/core/v1" ) func PrefixSize(p netip.Prefix) int64 { @@ -31,3 +34,10 @@ func AddOffsetAddress(address netip.Addr, offset uint64) (netip.Addr, error) { } return addr, nil } + +func GetIPFamilyFromPrefix(ipPrefix net.IPPrefix) corev1.IPFamily { + if ipPrefix.Addr().Is6() { + return corev1.IPv6Protocol + } + return corev1.IPv4Protocol +}