-protocol |
-The protocol (TCP or UDP) which traffic must match. If not specified, this field defaults to TCP. |
-false |
-v1.Protocol |
- |
-
-
-port |
-The port on the given protocol. This can either be a numerical or named port on a pod. If this field is not provided, this matches all port names and numbers. |
-false |
+name |
+name of the process that is responsible for initializing this object. |
+true |
string |
|
@@ -946,9 +1187,9 @@ v1.NetworkPolicyPort
-
v1.IPBlock
+
v1.NetworkPolicySpec
-
IPBlock describes a particular CIDR (Ex. "192.168.1.1/24") that is allowed to the pods matched by a NetworkPolicySpec’s podSelector. The except entry describes CIDRs that should not be included within this rule.
+
NetworkPolicySpec provides the specification of a NetworkPolicy
@@ -969,17 +1210,31 @@ v1.IPBlock
-cidr |
-CIDR is a string representing the IP Block Valid examples are "192.168.1.1/24" |
+podSelector |
+Selects the pods to which this NetworkPolicy object applies. The array of ingress rules is applied to any pods selected by this field. Multiple network policies can select the same set of pods. In this case, the ingress rules for each are combined additively. This field is NOT optional and follows standard label selector semantics. An empty podSelector matches all pods in this namespace. |
true |
-string |
+v1.LabelSelector |
|
-except |
-Except is a slice of CIDRs that should not be included within an IP Block Valid examples are "192.168.1.1/24" Except values will be rejected if they are outside the CIDR range |
+ingress |
+List of ingress rules to be applied to the selected pods. Traffic is allowed to a pod if there are no NetworkPolicies selecting the pod (and cluster policy otherwise allows the traffic), OR if the traffic source is the pod’s local node, OR if the traffic matches at least one ingress rule across all of the NetworkPolicy objects whose podSelector matches the pod. If this field is empty then this NetworkPolicy does not allow any traffic (and serves solely to ensure that the pods it selects are isolated by default) |
false |
-string array |
+v1.NetworkPolicyIngressRule array |
+ |
+
+
+egress |
+List of egress rules to be applied to the selected pods. Outgoing traffic is allowed if there are no NetworkPolicies selecting the pod (and cluster policy otherwise allows the traffic), OR if the traffic matches at least one egress rule across all of the NetworkPolicy objects whose podSelector matches the pod. If this field is empty then this NetworkPolicy limits all outgoing traffic (and serves solely to ensure that the pods it selects are isolated by default). This field is beta-level in 1.8 |
+false |
+v1.NetworkPolicyEgressRule array |
+ |
+
+
+policyTypes |
+List of rule types that the NetworkPolicy relates to. Valid options are Ingress, Egress, or Ingress,Egress. If this field is not specified, it will default based on the existence of Ingress or Egress rules; policies that contain an Egress section are assumed to affect Egress, and all policies (whether or not they contain an Ingress section) are assumed to affect Ingress. If you want to write an egress-only policy, you must explicitly specify policyTypes [ "Egress" ]. Likewise, if you want to write a policy that specifies that no egress is allowed, you must specify a policyTypes value that include "Egress" (since such a policy would not include an Egress section and would otherwise default to just [ "Ingress" ]). This field is beta-level in 1.8 |
+false |
+v1.PolicyType array |
|
@@ -987,9 +1242,9 @@ v1.IPBlock
-
v1.LabelSelector
+
v1.OwnerReference
-
A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.
+
OwnerReference contains enough information to let you identify an owning object. Currently, an owning object must be in the same namespace, so there is no namespace field.
@@ -1007,21 +1262,49 @@ v1.LabelSelector
Schema |
Default |
-
-
+
+
+
+apiVersion |
+API version of the referent. |
+true |
+string |
+ |
+
+
+kind |
+Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds |
+true |
+string |
+ |
+
+
+name |
+Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names |
+true |
+string |
+ |
+
+
+uid |
+UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids |
+true |
+string |
+ |
+
-matchLabels |
-matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. |
+controller |
+If true, this reference points to the managing controller. |
+false |
+boolean |
false |
-object |
- |
-matchExpressions |
-matchExpressions is a list of label selector requirements. The requirements are ANDed. |
+blockOwnerDeletion |
+If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned. |
+false |
+boolean |
false |
-v1.LabelSelectorRequirement array |
- |
@@ -1183,167 +1466,9 @@
-
v1.OwnerReference
-
-
OwnerReference contains enough information to let you identify an owning object. Currently, an owning object must be in the same namespace, so there is no namespace field.
-
-
-
-
-
-
-
-
-
-
-
-Name |
-Description |
-Required |
-Schema |
-Default |
-
-
-
-
-apiVersion |
-API version of the referent. |
-true |
-string |
- |
-
-
-kind |
-Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds |
-true |
-string |
- |
-
-
-name |
-Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names |
-true |
-string |
- |
-
-
-uid |
-UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids |
-true |
-string |
- |
-
-
-controller |
-If true, this reference points to the managing controller. |
-false |
-boolean |
-false |
-
-
-blockOwnerDeletion |
-If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned. |
-false |
-boolean |
-false |
-
-
-
-
-
-
-
v1.NetworkPolicySpec
-
-
NetworkPolicySpec provides the specification of a NetworkPolicy
-
-
-
-
-
-
-
-
-
-
-
-Name |
-Description |
-Required |
-Schema |
-Default |
-
-
-
-
-podSelector |
-Selects the pods to which this NetworkPolicy object applies. The array of ingress rules is applied to any pods selected by this field. Multiple network policies can select the same set of pods. In this case, the ingress rules for each are combined additively. This field is NOT optional and follows standard label selector semantics. An empty podSelector matches all pods in this namespace. |
-true |
-v1.LabelSelector |
- |
-
-
-ingress |
-List of ingress rules to be applied to the selected pods. Traffic is allowed to a pod if there are no NetworkPolicies selecting the pod (and cluster policy otherwise allows the traffic), OR if the traffic source is the pod’s local node, OR if the traffic matches at least one ingress rule across all of the NetworkPolicy objects whose podSelector matches the pod. If this field is empty then this NetworkPolicy does not allow any traffic (and serves solely to ensure that the pods it selects are isolated by default) |
-false |
-v1.NetworkPolicyIngressRule array |
- |
-
-
-
-
-
-
-
v1.LabelSelectorRequirement
-
-
A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
-
-
-
-
-
-
-
-
-
-
-
-Name |
-Description |
-Required |
-Schema |
-Default |
-
-
-
-
-key |
-key is the label key that the selector applies to. |
-true |
-string |
- |
-
-
-operator |
-operator represents a key’s relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. |
-true |
-string |
- |
-
-
-values |
-values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. |
-false |
-string array |
- |
-
-
-
-
-
-
-
v1.NetworkPolicy
+
v1.NetworkPolicyEgressRule
-
NetworkPolicy describes what network traffic is allowed for a set of Pods
+
NetworkPolicyEgressRule describes a particular set of traffic that is allowed out of pods matched by a NetworkPolicySpec’s podSelector. The traffic must match both ports and to. This type is beta-level in 1.8
@@ -1364,31 +1489,17 @@ v1.NetworkPolicy
-kind |
-Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds |
-false |
-string |
- |
-
-
-apiVersion |
-APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources |
-false |
-string |
- |
-
-
-metadata |
-Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata |
+ports |
+List of destination ports for outgoing traffic. Each item in this list is combined using a logical OR. If this field is empty or missing, this rule matches all ports (traffic not restricted by port). If this field is present and contains at least one item, then this rule allows traffic only if the traffic matches at least one port in the list. |
false |
-v1.ObjectMeta |
+v1.NetworkPolicyPort array |
|
-spec |
-Specification of the desired behavior for this NetworkPolicy. |
+to |
+List of destinations for outgoing traffic of pods selected for this rule. Items in this list are combined using a logical OR operation. If this field is empty or missing, this rule matches all destinations (traffic not restricted by destination). If this field is present and contains at least one item, this rule allows traffic only if the traffic matches at least one item in the to list. |
false |
-v1.NetworkPolicySpec |
+v1.NetworkPolicyPeer array |
|
@@ -1484,54 +1595,6 @@ v1.APIResource
-
-
-
v1.NetworkPolicyPeer
-
-
NetworkPolicyPeer describes a peer to allow traffic from. Exactly one of its fields must be specified.
-
-
-
-
-
-
-
-
-
-
-
-Name |
-Description |
-Required |
-Schema |
-Default |
-
-
-
-
-podSelector |
-This is a label selector which selects Pods in this namespace. This field follows standard label selector semantics. If present but empty, this selector selects all pods in this namespace. |
-false |
-v1.LabelSelector |
- |
-
-
-namespaceSelector |
-Selects Namespaces using cluster scoped-labels. This matches all pods in all namespaces selected by this label selector. This field follows standard label selector semantics. If present but empty, this selector selects all namespaces. |
-false |
-v1.LabelSelector |
- |
-
-
-ipBlock |
-IPBlock defines policy on a particular IPBlock |
-false |
-v1.IPBlock |
- |
-
-
-
-
types.UID
@@ -1588,10 +1651,6 @@ v1.StatusCause
-
-
-
v1.DeletionPropagation
-
v1.NetworkPolicyList
diff --git a/hack/.golint_failures b/hack/.golint_failures
index 4f5a61cac89b..9c5e704aff5f 100644
--- a/hack/.golint_failures
+++ b/hack/.golint_failures
@@ -121,7 +121,6 @@ pkg/apis/imagepolicy
pkg/apis/imagepolicy/v1alpha1
pkg/apis/meta/v1
pkg/apis/networking
-pkg/apis/networking/v1
pkg/apis/policy
pkg/apis/policy/v1alpha1
pkg/apis/policy/v1beta1
diff --git a/pkg/api/defaulting_test.go b/pkg/api/defaulting_test.go
index 0350a19926c8..f592b10a88a0 100644
--- a/pkg/api/defaulting_test.go
+++ b/pkg/api/defaulting_test.go
@@ -109,6 +109,8 @@ func TestDefaulting(t *testing.T) {
{Group: "apps", Version: "v1beta2", Kind: "ReplicaSetList"}: {},
{Group: "extensions", Version: "v1beta1", Kind: "ReplicaSet"}: {},
{Group: "extensions", Version: "v1beta1", Kind: "ReplicaSetList"}: {},
+ {Group: "extensions", Version: "v1beta1", Kind: "NetworkPolicy"}: {},
+ {Group: "extensions", Version: "v1beta1", Kind: "NetworkPolicyList"}: {},
{Group: "rbac.authorization.k8s.io", Version: "v1alpha1", Kind: "ClusterRoleBinding"}: {},
{Group: "rbac.authorization.k8s.io", Version: "v1alpha1", Kind: "ClusterRoleBindingList"}: {},
{Group: "rbac.authorization.k8s.io", Version: "v1alpha1", Kind: "RoleBinding"}: {},
diff --git a/pkg/apis/extensions/v1beta1/conversion.go b/pkg/apis/extensions/v1beta1/conversion.go
index 62167b6f201a..04aa3a316e0f 100644
--- a/pkg/apis/extensions/v1beta1/conversion.go
+++ b/pkg/apis/extensions/v1beta1/conversion.go
@@ -62,6 +62,8 @@ func addConversionFuncs(scheme *runtime.Scheme) error {
Convert_extensions_PodSecurityPolicySpec_To_v1beta1_PodSecurityPolicySpec,
Convert_v1beta1_IPBlock_To_networking_IPBlock,
Convert_networking_IPBlock_To_v1beta1_IPBlock,
+ Convert_networking_NetworkPolicyEgressRule_To_v1beta1_NetworkPolicyEgressRule,
+ Convert_v1beta1_NetworkPolicyEgressRule_To_networking_NetworkPolicyEgressRule,
)
if err != nil {
return err
@@ -283,6 +285,21 @@ func Convert_v1beta1_NetworkPolicySpec_To_networking_NetworkPolicySpec(in *exten
return err
}
}
+ out.Egress = make([]networking.NetworkPolicyEgressRule, len(in.Egress))
+ for i := range in.Egress {
+ if err := Convert_v1beta1_NetworkPolicyEgressRule_To_networking_NetworkPolicyEgressRule(&in.Egress[i], &out.Egress[i], s); err != nil {
+ return err
+ }
+ }
+ if in.PolicyTypes != nil {
+ in, out := &in.PolicyTypes, &out.PolicyTypes
+ *out = make([]networking.PolicyType, len(*in))
+ for i := range *in {
+ if err := s.Convert(&(*in)[i], &(*out)[i], 0); err != nil {
+ return err
+ }
+ }
+ }
return nil
}
@@ -296,6 +313,21 @@ func Convert_networking_NetworkPolicySpec_To_v1beta1_NetworkPolicySpec(in *netwo
return err
}
}
+ out.Egress = make([]extensionsv1beta1.NetworkPolicyEgressRule, len(in.Egress))
+ for i := range in.Egress {
+ if err := Convert_networking_NetworkPolicyEgressRule_To_v1beta1_NetworkPolicyEgressRule(&in.Egress[i], &out.Egress[i], s); err != nil {
+ return err
+ }
+ }
+ if in.PolicyTypes != nil {
+ in, out := &in.PolicyTypes, &out.PolicyTypes
+ *out = make([]extensionsv1beta1.PolicyType, len(*in))
+ for i := range *in {
+ if err := s.Convert(&(*in)[i], &(*out)[i], 0); err != nil {
+ return err
+ }
+ }
+ }
return nil
}
@@ -331,6 +363,38 @@ func Convert_networking_NetworkPolicyIngressRule_To_v1beta1_NetworkPolicyIngress
return nil
}
+func Convert_v1beta1_NetworkPolicyEgressRule_To_networking_NetworkPolicyEgressRule(in *extensionsv1beta1.NetworkPolicyEgressRule, out *networking.NetworkPolicyEgressRule, s conversion.Scope) error {
+ out.Ports = make([]networking.NetworkPolicyPort, len(in.Ports))
+ for i := range in.Ports {
+ if err := Convert_v1beta1_NetworkPolicyPort_To_networking_NetworkPolicyPort(&in.Ports[i], &out.Ports[i], s); err != nil {
+ return err
+ }
+ }
+ out.To = make([]networking.NetworkPolicyPeer, len(in.To))
+ for i := range in.To {
+ if err := Convert_v1beta1_NetworkPolicyPeer_To_networking_NetworkPolicyPeer(&in.To[i], &out.To[i], s); err != nil {
+ return err
+ }
+ }
+ return nil
+}
+
+func Convert_networking_NetworkPolicyEgressRule_To_v1beta1_NetworkPolicyEgressRule(in *networking.NetworkPolicyEgressRule, out *extensionsv1beta1.NetworkPolicyEgressRule, s conversion.Scope) error {
+ out.Ports = make([]extensionsv1beta1.NetworkPolicyPort, len(in.Ports))
+ for i := range in.Ports {
+ if err := Convert_networking_NetworkPolicyPort_To_v1beta1_NetworkPolicyPort(&in.Ports[i], &out.Ports[i], s); err != nil {
+ return err
+ }
+ }
+ out.To = make([]extensionsv1beta1.NetworkPolicyPeer, len(in.To))
+ for i := range in.To {
+ if err := Convert_networking_NetworkPolicyPeer_To_v1beta1_NetworkPolicyPeer(&in.To[i], &out.To[i], s); err != nil {
+ return err
+ }
+ }
+ return nil
+}
+
func Convert_v1beta1_NetworkPolicyPeer_To_networking_NetworkPolicyPeer(in *extensionsv1beta1.NetworkPolicyPeer, out *networking.NetworkPolicyPeer, s conversion.Scope) error {
if in.PodSelector != nil {
out.PodSelector = new(metav1.LabelSelector)
diff --git a/pkg/apis/extensions/v1beta1/defaults.go b/pkg/apis/extensions/v1beta1/defaults.go
index 9fea0ee06dbf..c653e812becc 100644
--- a/pkg/apis/extensions/v1beta1/defaults.go
+++ b/pkg/apis/extensions/v1beta1/defaults.go
@@ -133,4 +133,12 @@ func SetDefaults_NetworkPolicy(obj *extensionsv1beta1.NetworkPolicy) {
}
}
}
+
+ if len(obj.Spec.PolicyTypes) == 0 {
+ // Any policy that does not specify policyTypes implies at least "Ingress".
+ obj.Spec.PolicyTypes = []extensionsv1beta1.PolicyType{extensionsv1beta1.PolicyTypeIngress}
+ if len(obj.Spec.Egress) != 0 {
+ obj.Spec.PolicyTypes = append(obj.Spec.PolicyTypes, extensionsv1beta1.PolicyTypeEgress)
+ }
+ }
}
diff --git a/pkg/apis/extensions/v1beta1/defaults_test.go b/pkg/apis/extensions/v1beta1/defaults_test.go
index 9f62dd252de9..e208b51afd70 100644
--- a/pkg/apis/extensions/v1beta1/defaults_test.go
+++ b/pkg/apis/extensions/v1beta1/defaults_test.go
@@ -509,6 +509,210 @@ func TestDefaultRequestIsNotSetForReplicaSet(t *testing.T) {
}
}
+func TestSetDefaultNetworkPolicy(t *testing.T) {
+ tests := []struct {
+ original *extensionsv1beta1.NetworkPolicy
+ expected *extensionsv1beta1.NetworkPolicy
+ }{
+ { // Empty NetworkPolicy should be set to PolicyTypes Ingress
+ original: &extensionsv1beta1.NetworkPolicy{
+ Spec: extensionsv1beta1.NetworkPolicySpec{
+ PodSelector: metav1.LabelSelector{
+ MatchLabels: map[string]string{"a": "b"},
+ },
+ },
+ },
+ expected: &extensionsv1beta1.NetworkPolicy{
+ Spec: extensionsv1beta1.NetworkPolicySpec{
+ PodSelector: metav1.LabelSelector{
+ MatchLabels: map[string]string{"a": "b"},
+ },
+ PolicyTypes: []extensionsv1beta1.PolicyType{extensionsv1beta1.PolicyTypeIngress},
+ },
+ },
+ },
+ { // Empty Ingress NetworkPolicy should be set to PolicyTypes Ingress
+ original: &extensionsv1beta1.NetworkPolicy{
+ Spec: extensionsv1beta1.NetworkPolicySpec{
+ PodSelector: metav1.LabelSelector{
+ MatchLabels: map[string]string{"a": "b"},
+ },
+ Ingress: []extensionsv1beta1.NetworkPolicyIngressRule{},
+ },
+ },
+ expected: &extensionsv1beta1.NetworkPolicy{
+ Spec: extensionsv1beta1.NetworkPolicySpec{
+ PodSelector: metav1.LabelSelector{
+ MatchLabels: map[string]string{"a": "b"},
+ },
+ Ingress: []extensionsv1beta1.NetworkPolicyIngressRule{},
+ PolicyTypes: []extensionsv1beta1.PolicyType{extensionsv1beta1.PolicyTypeIngress},
+ },
+ },
+ },
+ { // Defined Ingress and Egress should be set to Ingress,Egress
+ original: &extensionsv1beta1.NetworkPolicy{
+ Spec: extensionsv1beta1.NetworkPolicySpec{
+ PodSelector: metav1.LabelSelector{
+ MatchLabels: map[string]string{"a": "b"},
+ },
+ Ingress: []extensionsv1beta1.NetworkPolicyIngressRule{
+ {
+ From: []extensionsv1beta1.NetworkPolicyPeer{
+ {
+ PodSelector: &metav1.LabelSelector{
+ MatchLabels: map[string]string{"c": "d"},
+ },
+ NamespaceSelector: &metav1.LabelSelector{
+ MatchLabels: map[string]string{"c": "d"},
+ },
+ },
+ },
+ },
+ },
+ Egress: []extensionsv1beta1.NetworkPolicyEgressRule{
+ {
+ To: []extensionsv1beta1.NetworkPolicyPeer{
+ {
+ NamespaceSelector: &metav1.LabelSelector{
+ MatchLabels: map[string]string{"c": "d"},
+ },
+ },
+ },
+ },
+ },
+ },
+ },
+ expected: &extensionsv1beta1.NetworkPolicy{
+ Spec: extensionsv1beta1.NetworkPolicySpec{
+ PodSelector: metav1.LabelSelector{
+ MatchLabels: map[string]string{"a": "b"},
+ },
+ Ingress: []extensionsv1beta1.NetworkPolicyIngressRule{
+ {
+ From: []extensionsv1beta1.NetworkPolicyPeer{
+ {
+ PodSelector: &metav1.LabelSelector{
+ MatchLabels: map[string]string{"c": "d"},
+ },
+ NamespaceSelector: &metav1.LabelSelector{
+ MatchLabels: map[string]string{"c": "d"},
+ },
+ },
+ },
+ },
+ },
+ Egress: []extensionsv1beta1.NetworkPolicyEgressRule{
+ {
+ To: []extensionsv1beta1.NetworkPolicyPeer{
+ {
+ NamespaceSelector: &metav1.LabelSelector{
+ MatchLabels: map[string]string{"c": "d"},
+ },
+ },
+ },
+ },
+ },
+ PolicyTypes: []extensionsv1beta1.PolicyType{extensionsv1beta1.PolicyTypeIngress, extensionsv1beta1.PolicyTypeEgress},
+ },
+ },
+ },
+ { // Egress only with unset PolicyTypes should be set to Ingress, Egress
+ original: &extensionsv1beta1.NetworkPolicy{
+ Spec: extensionsv1beta1.NetworkPolicySpec{
+ PodSelector: metav1.LabelSelector{
+ MatchLabels: map[string]string{"a": "b"},
+ },
+ Egress: []extensionsv1beta1.NetworkPolicyEgressRule{
+ {
+ To: []extensionsv1beta1.NetworkPolicyPeer{
+ {
+ NamespaceSelector: &metav1.LabelSelector{
+ MatchLabels: map[string]string{"c": "d"},
+ },
+ },
+ },
+ },
+ },
+ },
+ },
+ expected: &extensionsv1beta1.NetworkPolicy{
+ Spec: extensionsv1beta1.NetworkPolicySpec{
+ PodSelector: metav1.LabelSelector{
+ MatchLabels: map[string]string{"a": "b"},
+ },
+ Egress: []extensionsv1beta1.NetworkPolicyEgressRule{
+ {
+ To: []extensionsv1beta1.NetworkPolicyPeer{
+ {
+ NamespaceSelector: &metav1.LabelSelector{
+ MatchLabels: map[string]string{"c": "d"},
+ },
+ },
+ },
+ },
+ },
+ PolicyTypes: []extensionsv1beta1.PolicyType{extensionsv1beta1.PolicyTypeIngress, extensionsv1beta1.PolicyTypeEgress},
+ },
+ },
+ },
+ { // Egress only with PolicyTypes set to Egress should be set to only Egress
+ original: &extensionsv1beta1.NetworkPolicy{
+ Spec: extensionsv1beta1.NetworkPolicySpec{
+ PodSelector: metav1.LabelSelector{
+ MatchLabels: map[string]string{"a": "b"},
+ },
+ Egress: []extensionsv1beta1.NetworkPolicyEgressRule{
+ {
+ To: []extensionsv1beta1.NetworkPolicyPeer{
+ {
+ NamespaceSelector: &metav1.LabelSelector{
+ MatchLabels: map[string]string{"Egress": "only"},
+ },
+ },
+ },
+ },
+ },
+ PolicyTypes: []extensionsv1beta1.PolicyType{extensionsv1beta1.PolicyTypeEgress},
+ },
+ },
+ expected: &extensionsv1beta1.NetworkPolicy{
+ Spec: extensionsv1beta1.NetworkPolicySpec{
+ PodSelector: metav1.LabelSelector{
+ MatchLabels: map[string]string{"a": "b"},
+ },
+ Egress: []extensionsv1beta1.NetworkPolicyEgressRule{
+ {
+ To: []extensionsv1beta1.NetworkPolicyPeer{
+ {
+ NamespaceSelector: &metav1.LabelSelector{
+ MatchLabels: map[string]string{"Egress": "only"},
+ },
+ },
+ },
+ },
+ },
+ PolicyTypes: []extensionsv1beta1.PolicyType{extensionsv1beta1.PolicyTypeEgress},
+ },
+ },
+ },
+ }
+
+ for i, test := range tests {
+ original := test.original
+ expected := test.expected
+ obj2 := roundTrip(t, runtime.Object(original))
+ got, ok := obj2.(*extensionsv1beta1.NetworkPolicy)
+ if !ok {
+ t.Errorf("(%d) unexpected object: %v", i, got)
+ t.FailNow()
+ }
+ if !apiequality.Semantic.DeepEqual(got.Spec, expected.Spec) {
+ t.Errorf("(%d) got different than expected\ngot:\n\t%+v\nexpected:\n\t%+v", i, got.Spec, expected.Spec)
+ }
+ }
+}
+
func roundTrip(t *testing.T, obj runtime.Object) runtime.Object {
data, err := runtime.Encode(api.Codecs.LegacyCodec(SchemeGroupVersion), obj)
if err != nil {
diff --git a/pkg/apis/networking/fuzzer/fuzzer.go b/pkg/apis/networking/fuzzer/fuzzer.go
index 1325b9d336ce..3d36b7c97b2f 100644
--- a/pkg/apis/networking/fuzzer/fuzzer.go
+++ b/pkg/apis/networking/fuzzer/fuzzer.go
@@ -36,5 +36,13 @@ var Funcs = func(codecs runtimeserializer.CodecFactory) []interface{} {
}
}
},
+ func(np *networking.NetworkPolicy, c fuzz.Continue) {
+ c.FuzzNoCustom(np) // fuzz self without calling this function again
+ // TODO: Implement a fuzzer to generate valid keys, values and operators for
+ // selector requirements.
+ if len(np.Spec.PolicyTypes) == 0 {
+ np.Spec.PolicyTypes = []networking.PolicyType{networking.PolicyTypeIngress}
+ }
+ },
}
}
diff --git a/pkg/apis/networking/types.go b/pkg/apis/networking/types.go
index 74d818cd77f4..2109c3745268 100644
--- a/pkg/apis/networking/types.go
+++ b/pkg/apis/networking/types.go
@@ -36,6 +36,17 @@ type NetworkPolicy struct {
Spec NetworkPolicySpec
}
+// Policy Type string describes the NetworkPolicy type
+// This type is beta-level in 1.8
+type PolicyType string
+
+const (
+ // PolicyTypeIngress is a NetworkPolicy that affects ingress traffic on selected pods
+ PolicyTypeIngress PolicyType = "Ingress"
+ // PolicyTypeEgress is a NetworkPolicy that affects egress traffic on selected pods
+ PolicyTypeEgress PolicyType = "Egress"
+)
+
// NetworkPolicySpec provides the specification of a NetworkPolicy
type NetworkPolicySpec struct {
// Selects the pods to which this NetworkPolicy object applies. The array of
@@ -55,6 +66,29 @@ type NetworkPolicySpec struct {
// solely to ensure that the pods it selects are isolated by default)
// +optional
Ingress []NetworkPolicyIngressRule
+
+ // List of egress rules to be applied to the selected pods. Outgoing traffic is
+ // allowed if there are no NetworkPolicies selecting the pod (and cluster policy
+ // otherwise allows the traffic), OR if the traffic matches at least one egress rule
+ // across all of the NetworkPolicy objects whose podSelector matches the pod. If
+ // this field is empty then this NetworkPolicy limits all outgoing traffic (and serves
+ // solely to ensure that the pods it selects are isolated by default).
+ // This field is beta-level in 1.8
+ // +optional
+ Egress []NetworkPolicyEgressRule
+
+ // List of rule types that the NetworkPolicy relates to.
+ // Valid options are Ingress, Egress, or Ingress,Egress.
+ // If this field is not specified, it will default based on the existence of Ingress or Egress rules;
+ // policies that contain an Egress section are assumed to affect Egress, and all policies
+ // (whether or not they contain an Ingress section) are assumed to affect Ingress.
+ // If you want to write an egress-only policy, you must explicitly specify policyTypes [ "Egress" ].
+ // Likewise, if you want to write a policy that specifies that no egress is allowed,
+ // you must specify a policyTypes value that include "Egress" (since such a policy would not include
+ // an Egress section and would otherwise default to just [ "Ingress" ]).
+ // This field is beta-level in 1.8
+ // +optional
+ PolicyTypes []PolicyType
}
// NetworkPolicyIngressRule describes a particular set of traffic that is allowed to the pods
@@ -77,6 +111,27 @@ type NetworkPolicyIngressRule struct {
From []NetworkPolicyPeer
}
+// NetworkPolicyEgressRule describes a particular set of traffic that is allowed out of pods
+// matched by a NetworkPolicySpec's podSelector. The traffic must match both ports and to.
+// This type is beta-level in 1.8
+type NetworkPolicyEgressRule struct {
+ // List of destination ports for outgoing traffic.
+ // Each item in this list is combined using a logical OR. If this field is
+ // empty or missing, this rule matches all ports (traffic not restricted by port).
+ // If this field is present and contains at least one item, then this rule allows
+ // traffic only if the traffic matches at least one port in the list.
+ // +optional
+ Ports []NetworkPolicyPort
+
+ // List of destinations for outgoing traffic of pods selected for this rule.
+ // Items in this list are combined using a logical OR operation. If this field is
+ // empty or missing, this rule matches all destinations (traffic not restricted by
+ // destination). If this field is present and contains at least one item, this rule
+ // allows traffic only if the traffic matches at least one item in the to list.
+ // +optional
+ To []NetworkPolicyPeer
+}
+
// NetworkPolicyPort describes a port to allow traffic on
type NetworkPolicyPort struct {
// The protocol (TCP or UDP) which traffic must match. If not specified, this
diff --git a/pkg/apis/networking/v1/BUILD b/pkg/apis/networking/v1/BUILD
index 068600eb7bad..50fae6587d27 100644
--- a/pkg/apis/networking/v1/BUILD
+++ b/pkg/apis/networking/v1/BUILD
@@ -3,6 +3,7 @@ package(default_visibility = ["//visibility:public"])
load(
"@io_bazel_rules_go//go:def.bzl",
"go_library",
+ "go_test",
)
go_library(
@@ -39,3 +40,18 @@ filegroup(
srcs = [":package-srcs"],
tags = ["automanaged"],
)
+
+go_test(
+ name = "go_default_xtest",
+ srcs = ["defaults_test.go"],
+ deps = [
+ ":go_default_library",
+ "//pkg/api:go_default_library",
+ "//pkg/api/install:go_default_library",
+ "//pkg/apis/networking/install:go_default_library",
+ "//vendor/k8s.io/api/networking/v1:go_default_library",
+ "//vendor/k8s.io/apimachinery/pkg/api/equality:go_default_library",
+ "//vendor/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
+ "//vendor/k8s.io/apimachinery/pkg/runtime:go_default_library",
+ ],
+)
diff --git a/pkg/apis/networking/v1/defaults.go b/pkg/apis/networking/v1/defaults.go
index 71b7074b4e4a..fce71ce71141 100644
--- a/pkg/apis/networking/v1/defaults.go
+++ b/pkg/apis/networking/v1/defaults.go
@@ -33,3 +33,13 @@ func SetDefaults_NetworkPolicyPort(obj *networkingv1.NetworkPolicyPort) {
obj.Protocol = &proto
}
}
+
+func SetDefaults_NetworkPolicy(obj *networkingv1.NetworkPolicy) {
+ if len(obj.Spec.PolicyTypes) == 0 {
+ // Any policy that does not specify policyTypes implies at least "Ingress".
+ obj.Spec.PolicyTypes = []networkingv1.PolicyType{networkingv1.PolicyTypeIngress}
+ if len(obj.Spec.Egress) != 0 {
+ obj.Spec.PolicyTypes = append(obj.Spec.PolicyTypes, networkingv1.PolicyTypeEgress)
+ }
+ }
+}
diff --git a/pkg/apis/networking/v1/defaults_test.go b/pkg/apis/networking/v1/defaults_test.go
new file mode 100644
index 000000000000..3a86610d736e
--- /dev/null
+++ b/pkg/apis/networking/v1/defaults_test.go
@@ -0,0 +1,256 @@
+/*
+Copyright 2017 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1_test
+
+import (
+ "reflect"
+ "testing"
+
+ networkingv1 "k8s.io/api/networking/v1"
+
+ apiequality "k8s.io/apimachinery/pkg/api/equality"
+ metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+ "k8s.io/apimachinery/pkg/runtime"
+ "k8s.io/kubernetes/pkg/api"
+ _ "k8s.io/kubernetes/pkg/api/install"
+ _ "k8s.io/kubernetes/pkg/apis/networking/install"
+ . "k8s.io/kubernetes/pkg/apis/networking/v1"
+)
+
+func TestSetDefaultNetworkPolicy(t *testing.T) {
+ tests := []struct {
+ original *networkingv1.NetworkPolicy
+ expected *networkingv1.NetworkPolicy
+ }{
+ { // Empty NetworkPolicy should be set to PolicyTypes Ingress
+ original: &networkingv1.NetworkPolicy{
+ Spec: networkingv1.NetworkPolicySpec{
+ PodSelector: metav1.LabelSelector{
+ MatchLabels: map[string]string{"a": "b"},
+ },
+ },
+ },
+ expected: &networkingv1.NetworkPolicy{
+ Spec: networkingv1.NetworkPolicySpec{
+ PodSelector: metav1.LabelSelector{
+ MatchLabels: map[string]string{"a": "b"},
+ },
+ PolicyTypes: []networkingv1.PolicyType{networkingv1.PolicyTypeIngress},
+ },
+ },
+ },
+ { // Empty Ingress NetworkPolicy should be set to PolicyTypes Ingress
+ original: &networkingv1.NetworkPolicy{
+ Spec: networkingv1.NetworkPolicySpec{
+ PodSelector: metav1.LabelSelector{
+ MatchLabels: map[string]string{"a": "b"},
+ },
+ Ingress: []networkingv1.NetworkPolicyIngressRule{},
+ },
+ },
+ expected: &networkingv1.NetworkPolicy{
+ Spec: networkingv1.NetworkPolicySpec{
+ PodSelector: metav1.LabelSelector{
+ MatchLabels: map[string]string{"a": "b"},
+ },
+ Ingress: []networkingv1.NetworkPolicyIngressRule{},
+ PolicyTypes: []networkingv1.PolicyType{networkingv1.PolicyTypeIngress},
+ },
+ },
+ },
+ { // Defined Ingress and Egress should be set to Ingress,Egress
+ original: &networkingv1.NetworkPolicy{
+ Spec: networkingv1.NetworkPolicySpec{
+ PodSelector: metav1.LabelSelector{
+ MatchLabels: map[string]string{"a": "b"},
+ },
+ Ingress: []networkingv1.NetworkPolicyIngressRule{
+ {
+ From: []networkingv1.NetworkPolicyPeer{
+ {
+ PodSelector: &metav1.LabelSelector{
+ MatchLabels: map[string]string{"c": "d"},
+ },
+ NamespaceSelector: &metav1.LabelSelector{
+ MatchLabels: map[string]string{"c": "d"},
+ },
+ },
+ },
+ },
+ },
+ Egress: []networkingv1.NetworkPolicyEgressRule{
+ {
+ To: []networkingv1.NetworkPolicyPeer{
+ {
+ NamespaceSelector: &metav1.LabelSelector{
+ MatchLabels: map[string]string{"c": "d"},
+ },
+ },
+ },
+ },
+ },
+ },
+ },
+ expected: &networkingv1.NetworkPolicy{
+ Spec: networkingv1.NetworkPolicySpec{
+ PodSelector: metav1.LabelSelector{
+ MatchLabels: map[string]string{"a": "b"},
+ },
+ Ingress: []networkingv1.NetworkPolicyIngressRule{
+ {
+ From: []networkingv1.NetworkPolicyPeer{
+ {
+ PodSelector: &metav1.LabelSelector{
+ MatchLabels: map[string]string{"c": "d"},
+ },
+ NamespaceSelector: &metav1.LabelSelector{
+ MatchLabels: map[string]string{"c": "d"},
+ },
+ },
+ },
+ },
+ },
+ Egress: []networkingv1.NetworkPolicyEgressRule{
+ {
+ To: []networkingv1.NetworkPolicyPeer{
+ {
+ NamespaceSelector: &metav1.LabelSelector{
+ MatchLabels: map[string]string{"c": "d"},
+ },
+ },
+ },
+ },
+ },
+ PolicyTypes: []networkingv1.PolicyType{networkingv1.PolicyTypeIngress, networkingv1.PolicyTypeEgress},
+ },
+ },
+ },
+ { // Egress only with unset PolicyTypes should be set to Ingress, Egress
+ original: &networkingv1.NetworkPolicy{
+ Spec: networkingv1.NetworkPolicySpec{
+ PodSelector: metav1.LabelSelector{
+ MatchLabels: map[string]string{"a": "b"},
+ },
+ Egress: []networkingv1.NetworkPolicyEgressRule{
+ {
+ To: []networkingv1.NetworkPolicyPeer{
+ {
+ NamespaceSelector: &metav1.LabelSelector{
+ MatchLabels: map[string]string{"c": "d"},
+ },
+ },
+ },
+ },
+ },
+ },
+ },
+ expected: &networkingv1.NetworkPolicy{
+ Spec: networkingv1.NetworkPolicySpec{
+ PodSelector: metav1.LabelSelector{
+ MatchLabels: map[string]string{"a": "b"},
+ },
+ Egress: []networkingv1.NetworkPolicyEgressRule{
+ {
+ To: []networkingv1.NetworkPolicyPeer{
+ {
+ NamespaceSelector: &metav1.LabelSelector{
+ MatchLabels: map[string]string{"c": "d"},
+ },
+ },
+ },
+ },
+ },
+ PolicyTypes: []networkingv1.PolicyType{networkingv1.PolicyTypeIngress, networkingv1.PolicyTypeEgress},
+ },
+ },
+ },
+ { // Egress only with PolicyTypes set to Egress should be set to only Egress
+ original: &networkingv1.NetworkPolicy{
+ Spec: networkingv1.NetworkPolicySpec{
+ PodSelector: metav1.LabelSelector{
+ MatchLabels: map[string]string{"a": "b"},
+ },
+ Egress: []networkingv1.NetworkPolicyEgressRule{
+ {
+ To: []networkingv1.NetworkPolicyPeer{
+ {
+ NamespaceSelector: &metav1.LabelSelector{
+ MatchLabels: map[string]string{"Egress": "only"},
+ },
+ },
+ },
+ },
+ },
+ PolicyTypes: []networkingv1.PolicyType{networkingv1.PolicyTypeEgress},
+ },
+ },
+ expected: &networkingv1.NetworkPolicy{
+ Spec: networkingv1.NetworkPolicySpec{
+ PodSelector: metav1.LabelSelector{
+ MatchLabels: map[string]string{"a": "b"},
+ },
+ Egress: []networkingv1.NetworkPolicyEgressRule{
+ {
+ To: []networkingv1.NetworkPolicyPeer{
+ {
+ NamespaceSelector: &metav1.LabelSelector{
+ MatchLabels: map[string]string{"Egress": "only"},
+ },
+ },
+ },
+ },
+ },
+ PolicyTypes: []networkingv1.PolicyType{networkingv1.PolicyTypeEgress},
+ },
+ },
+ },
+ }
+
+ for i, test := range tests {
+ original := test.original
+ expected := test.expected
+ obj2 := roundTrip(t, runtime.Object(original))
+ got, ok := obj2.(*networkingv1.NetworkPolicy)
+ if !ok {
+ t.Errorf("(%d) unexpected object: %v", i, got)
+ t.FailNow()
+ }
+ if !apiequality.Semantic.DeepEqual(got.Spec, expected.Spec) {
+ t.Errorf("(%d) got different than expected\ngot:\n\t%+v\nexpected:\n\t%+v", i, got.Spec, expected.Spec)
+ }
+ }
+}
+
+func roundTrip(t *testing.T, obj runtime.Object) runtime.Object {
+ data, err := runtime.Encode(api.Codecs.LegacyCodec(SchemeGroupVersion), obj)
+ if err != nil {
+ t.Errorf("%v\n %#v", err, obj)
+ return nil
+ }
+ obj2, err := runtime.Decode(api.Codecs.UniversalDecoder(), data)
+ if err != nil {
+ t.Errorf("%v\nData: %s\nSource: %#v", err, string(data), obj)
+ return nil
+ }
+ obj3 := reflect.New(reflect.TypeOf(obj).Elem()).Interface().(runtime.Object)
+ err = api.Scheme.Convert(obj2, obj3, nil)
+ if err != nil {
+ t.Errorf("%v\nSource: %#v", err, obj2)
+ return nil
+ }
+ return obj3
+}
diff --git a/pkg/apis/networking/v1/zz_generated.conversion.go b/pkg/apis/networking/v1/zz_generated.conversion.go
index bc0f0fb2aaf5..67132df2c115 100644
--- a/pkg/apis/networking/v1/zz_generated.conversion.go
+++ b/pkg/apis/networking/v1/zz_generated.conversion.go
@@ -44,6 +44,8 @@ func RegisterConversions(scheme *runtime.Scheme) error {
Convert_networking_IPBlock_To_v1_IPBlock,
Convert_v1_NetworkPolicy_To_networking_NetworkPolicy,
Convert_networking_NetworkPolicy_To_v1_NetworkPolicy,
+ Convert_v1_NetworkPolicyEgressRule_To_networking_NetworkPolicyEgressRule,
+ Convert_networking_NetworkPolicyEgressRule_To_v1_NetworkPolicyEgressRule,
Convert_v1_NetworkPolicyIngressRule_To_networking_NetworkPolicyIngressRule,
Convert_networking_NetworkPolicyIngressRule_To_v1_NetworkPolicyIngressRule,
Convert_v1_NetworkPolicyList_To_networking_NetworkPolicyList,
@@ -105,6 +107,28 @@ func Convert_networking_NetworkPolicy_To_v1_NetworkPolicy(in *networking.Network
return autoConvert_networking_NetworkPolicy_To_v1_NetworkPolicy(in, out, s)
}
+func autoConvert_v1_NetworkPolicyEgressRule_To_networking_NetworkPolicyEgressRule(in *v1.NetworkPolicyEgressRule, out *networking.NetworkPolicyEgressRule, s conversion.Scope) error {
+ out.Ports = *(*[]networking.NetworkPolicyPort)(unsafe.Pointer(&in.Ports))
+ out.To = *(*[]networking.NetworkPolicyPeer)(unsafe.Pointer(&in.To))
+ return nil
+}
+
+// Convert_v1_NetworkPolicyEgressRule_To_networking_NetworkPolicyEgressRule is an autogenerated conversion function.
+func Convert_v1_NetworkPolicyEgressRule_To_networking_NetworkPolicyEgressRule(in *v1.NetworkPolicyEgressRule, out *networking.NetworkPolicyEgressRule, s conversion.Scope) error {
+ return autoConvert_v1_NetworkPolicyEgressRule_To_networking_NetworkPolicyEgressRule(in, out, s)
+}
+
+func autoConvert_networking_NetworkPolicyEgressRule_To_v1_NetworkPolicyEgressRule(in *networking.NetworkPolicyEgressRule, out *v1.NetworkPolicyEgressRule, s conversion.Scope) error {
+ out.Ports = *(*[]v1.NetworkPolicyPort)(unsafe.Pointer(&in.Ports))
+ out.To = *(*[]v1.NetworkPolicyPeer)(unsafe.Pointer(&in.To))
+ return nil
+}
+
+// Convert_networking_NetworkPolicyEgressRule_To_v1_NetworkPolicyEgressRule is an autogenerated conversion function.
+func Convert_networking_NetworkPolicyEgressRule_To_v1_NetworkPolicyEgressRule(in *networking.NetworkPolicyEgressRule, out *v1.NetworkPolicyEgressRule, s conversion.Scope) error {
+ return autoConvert_networking_NetworkPolicyEgressRule_To_v1_NetworkPolicyEgressRule(in, out, s)
+}
+
func autoConvert_v1_NetworkPolicyIngressRule_To_networking_NetworkPolicyIngressRule(in *v1.NetworkPolicyIngressRule, out *networking.NetworkPolicyIngressRule, s conversion.Scope) error {
out.Ports = *(*[]networking.NetworkPolicyPort)(unsafe.Pointer(&in.Ports))
out.From = *(*[]networking.NetworkPolicyPeer)(unsafe.Pointer(&in.From))
@@ -198,6 +222,8 @@ func Convert_networking_NetworkPolicyPort_To_v1_NetworkPolicyPort(in *networking
func autoConvert_v1_NetworkPolicySpec_To_networking_NetworkPolicySpec(in *v1.NetworkPolicySpec, out *networking.NetworkPolicySpec, s conversion.Scope) error {
out.PodSelector = in.PodSelector
out.Ingress = *(*[]networking.NetworkPolicyIngressRule)(unsafe.Pointer(&in.Ingress))
+ out.Egress = *(*[]networking.NetworkPolicyEgressRule)(unsafe.Pointer(&in.Egress))
+ out.PolicyTypes = *(*[]networking.PolicyType)(unsafe.Pointer(&in.PolicyTypes))
return nil
}
@@ -209,6 +235,8 @@ func Convert_v1_NetworkPolicySpec_To_networking_NetworkPolicySpec(in *v1.Network
func autoConvert_networking_NetworkPolicySpec_To_v1_NetworkPolicySpec(in *networking.NetworkPolicySpec, out *v1.NetworkPolicySpec, s conversion.Scope) error {
out.PodSelector = in.PodSelector
out.Ingress = *(*[]v1.NetworkPolicyIngressRule)(unsafe.Pointer(&in.Ingress))
+ out.Egress = *(*[]v1.NetworkPolicyEgressRule)(unsafe.Pointer(&in.Egress))
+ out.PolicyTypes = *(*[]v1.PolicyType)(unsafe.Pointer(&in.PolicyTypes))
return nil
}
diff --git a/pkg/apis/networking/v1/zz_generated.defaults.go b/pkg/apis/networking/v1/zz_generated.defaults.go
index 9e3a5206406a..0c7b575db98c 100644
--- a/pkg/apis/networking/v1/zz_generated.defaults.go
+++ b/pkg/apis/networking/v1/zz_generated.defaults.go
@@ -35,6 +35,7 @@ func RegisterDefaults(scheme *runtime.Scheme) error {
}
func SetObjectDefaults_NetworkPolicy(in *v1.NetworkPolicy) {
+ SetDefaults_NetworkPolicy(in)
for i := range in.Spec.Ingress {
a := &in.Spec.Ingress[i]
for j := range a.Ports {
@@ -42,6 +43,13 @@ func SetObjectDefaults_NetworkPolicy(in *v1.NetworkPolicy) {
SetDefaults_NetworkPolicyPort(b)
}
}
+ for i := range in.Spec.Egress {
+ a := &in.Spec.Egress[i]
+ for j := range a.Ports {
+ b := &a.Ports[j]
+ SetDefaults_NetworkPolicyPort(b)
+ }
+ }
}
func SetObjectDefaults_NetworkPolicyList(in *v1.NetworkPolicyList) {
diff --git a/pkg/apis/networking/validation/BUILD b/pkg/apis/networking/validation/BUILD
index c5d7dbdaa377..486af9391ae6 100644
--- a/pkg/apis/networking/validation/BUILD
+++ b/pkg/apis/networking/validation/BUILD
@@ -27,6 +27,7 @@ go_library(
"//pkg/apis/networking:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/apis/meta/v1/validation:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/util/intstr:go_default_library",
+ "//vendor/k8s.io/apimachinery/pkg/util/sets:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/util/validation:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/util/validation/field:go_default_library",
],
diff --git a/pkg/apis/networking/validation/validation.go b/pkg/apis/networking/validation/validation.go
index 780cc652905e..49f638f91f07 100644
--- a/pkg/apis/networking/validation/validation.go
+++ b/pkg/apis/networking/validation/validation.go
@@ -21,6 +21,7 @@ import (
unversionedvalidation "k8s.io/apimachinery/pkg/apis/meta/v1/validation"
"k8s.io/apimachinery/pkg/util/intstr"
+ "k8s.io/apimachinery/pkg/util/sets"
"k8s.io/apimachinery/pkg/util/validation"
"k8s.io/apimachinery/pkg/util/validation/field"
"k8s.io/kubernetes/pkg/api"
@@ -81,6 +82,62 @@ func ValidateNetworkPolicySpec(spec *networking.NetworkPolicySpec, fldPath *fiel
}
}
}
+ // Validate egress rules
+ for i, egress := range spec.Egress {
+ egressPath := fldPath.Child("egress").Index(i)
+ for i, port := range egress.Ports {
+ portPath := egressPath.Child("ports").Index(i)
+ if port.Protocol != nil && *port.Protocol != api.ProtocolTCP && *port.Protocol != api.ProtocolUDP {
+ allErrs = append(allErrs, field.NotSupported(portPath.Child("protocol"), *port.Protocol, []string{string(api.ProtocolTCP), string(api.ProtocolUDP)}))
+ }
+ if port.Port != nil {
+ if port.Port.Type == intstr.Int {
+ for _, msg := range validation.IsValidPortNum(int(port.Port.IntVal)) {
+ allErrs = append(allErrs, field.Invalid(portPath.Child("port"), port.Port.IntVal, msg))
+ }
+ } else {
+ for _, msg := range validation.IsValidPortName(port.Port.StrVal) {
+ allErrs = append(allErrs, field.Invalid(portPath.Child("port"), port.Port.StrVal, msg))
+ }
+ }
+ }
+ }
+ for i, to := range egress.To {
+ toPath := egressPath.Child("to").Index(i)
+ numTo := 0
+ if to.PodSelector != nil {
+ numTo++
+ allErrs = append(allErrs, unversionedvalidation.ValidateLabelSelector(to.PodSelector, toPath.Child("podSelector"))...)
+ }
+ if to.NamespaceSelector != nil {
+ numTo++
+ allErrs = append(allErrs, unversionedvalidation.ValidateLabelSelector(to.NamespaceSelector, toPath.Child("namespaceSelector"))...)
+ }
+ if to.IPBlock != nil {
+ numTo++
+ allErrs = append(allErrs, ValidateIPBlock(to.IPBlock, toPath.Child("ipBlock"))...)
+ }
+ if numTo == 0 {
+ allErrs = append(allErrs, field.Required(toPath, "must specify a to type"))
+ } else if numTo > 1 {
+ allErrs = append(allErrs, field.Forbidden(toPath, "may not specify more than 1 to type"))
+ }
+ }
+ }
+ // Validate PolicyTypes
+ allowed := sets.NewString(string(networking.PolicyTypeIngress), string(networking.PolicyTypeEgress))
+ if len(spec.PolicyTypes) > len(allowed) {
+ allErrs = append(allErrs, field.Invalid(fldPath.Child("policyTypes"), &spec.PolicyTypes, "may not specify more than two policyTypes"))
+ return allErrs
+ }
+ for i, pType := range spec.PolicyTypes {
+ policyPath := fldPath.Child("policyTypes").Index(i)
+ for _, p := range spec.PolicyTypes {
+ if !allowed.Has(string(p)) {
+ allErrs = append(allErrs, field.NotSupported(policyPath, pType, []string{string(networking.PolicyTypeIngress), string(networking.PolicyTypeEgress)}))
+ }
+ }
+ }
return allErrs
}
diff --git a/pkg/apis/networking/validation/validation_test.go b/pkg/apis/networking/validation/validation_test.go
index 0be1f0998c57..401eb43b6c7b 100644
--- a/pkg/apis/networking/validation/validation_test.go
+++ b/pkg/apis/networking/validation/validation_test.go
@@ -122,6 +122,37 @@ func TestValidateNetworkPolicy(t *testing.T) {
},
},
},
+ {
+ ObjectMeta: metav1.ObjectMeta{Name: "foo", Namespace: "bar"},
+ Spec: networking.NetworkPolicySpec{
+ PodSelector: metav1.LabelSelector{
+ MatchLabels: map[string]string{"a": "b"},
+ },
+ Egress: []networking.NetworkPolicyEgressRule{
+ {
+ To: []networking.NetworkPolicyPeer{
+ {
+ NamespaceSelector: &metav1.LabelSelector{
+ MatchLabels: map[string]string{"c": "d"},
+ },
+ },
+ },
+ },
+ },
+ Ingress: []networking.NetworkPolicyIngressRule{
+ {
+ From: []networking.NetworkPolicyPeer{
+ {
+ IPBlock: &networking.IPBlock{
+ CIDR: "192.168.0.0/16",
+ Except: []string{"192.168.3.0/24", "192.168.4.0/24"},
+ },
+ },
+ },
+ },
+ },
+ },
+ },
{
ObjectMeta: metav1.ObjectMeta{Name: "foo", Namespace: "bar"},
Spec: networking.NetworkPolicySpec{
@@ -142,6 +173,48 @@ func TestValidateNetworkPolicy(t *testing.T) {
},
},
},
+ {
+ ObjectMeta: metav1.ObjectMeta{Name: "foo", Namespace: "bar"},
+ Spec: networking.NetworkPolicySpec{
+ PodSelector: metav1.LabelSelector{
+ MatchLabels: map[string]string{"a": "b"},
+ },
+ Egress: []networking.NetworkPolicyEgressRule{
+ {
+ To: []networking.NetworkPolicyPeer{
+ {
+ IPBlock: &networking.IPBlock{
+ CIDR: "192.168.0.0/16",
+ Except: []string{"192.168.3.0/24", "192.168.4.0/24"},
+ },
+ },
+ },
+ },
+ },
+ PolicyTypes: []networking.PolicyType{networking.PolicyTypeEgress},
+ },
+ },
+ {
+ ObjectMeta: metav1.ObjectMeta{Name: "foo", Namespace: "bar"},
+ Spec: networking.NetworkPolicySpec{
+ PodSelector: metav1.LabelSelector{
+ MatchLabels: map[string]string{"a": "b"},
+ },
+ Egress: []networking.NetworkPolicyEgressRule{
+ {
+ To: []networking.NetworkPolicyPeer{
+ {
+ IPBlock: &networking.IPBlock{
+ CIDR: "192.168.0.0/16",
+ Except: []string{"192.168.3.0/24", "192.168.4.0/24"},
+ },
+ },
+ },
+ },
+ },
+ PolicyTypes: []networking.PolicyType{networking.PolicyTypeIngress, networking.PolicyTypeEgress},
+ },
+ },
}
// Success cases are expected to pass validation.
@@ -259,6 +332,23 @@ func TestValidateNetworkPolicy(t *testing.T) {
},
},
},
+ "invalid egress.to.podSelector": {
+ ObjectMeta: metav1.ObjectMeta{Name: "foo", Namespace: "bar"},
+ Spec: networking.NetworkPolicySpec{
+ PodSelector: metav1.LabelSelector{},
+ Egress: []networking.NetworkPolicyEgressRule{
+ {
+ To: []networking.NetworkPolicyPeer{
+ {
+ PodSelector: &metav1.LabelSelector{
+ MatchLabels: invalidSelector,
+ },
+ },
+ },
+ },
+ },
+ },
+ },
"invalid ingress.from.namespaceSelector": {
ObjectMeta: metav1.ObjectMeta{Name: "foo", Namespace: "bar"},
Spec: networking.NetworkPolicySpec{
@@ -353,6 +443,48 @@ func TestValidateNetworkPolicy(t *testing.T) {
},
},
},
+ "invalid policyTypes": {
+ ObjectMeta: metav1.ObjectMeta{Name: "foo", Namespace: "bar"},
+ Spec: networking.NetworkPolicySpec{
+ PodSelector: metav1.LabelSelector{
+ MatchLabels: map[string]string{"a": "b"},
+ },
+ Egress: []networking.NetworkPolicyEgressRule{
+ {
+ To: []networking.NetworkPolicyPeer{
+ {
+ IPBlock: &networking.IPBlock{
+ CIDR: "192.168.0.0/16",
+ Except: []string{"192.168.3.0/24", "192.168.4.0/24"},
+ },
+ },
+ },
+ },
+ },
+ PolicyTypes: []networking.PolicyType{"foo", "bar"},
+ },
+ },
+ "too many policyTypes": {
+ ObjectMeta: metav1.ObjectMeta{Name: "foo", Namespace: "bar"},
+ Spec: networking.NetworkPolicySpec{
+ PodSelector: metav1.LabelSelector{
+ MatchLabels: map[string]string{"a": "b"},
+ },
+ Egress: []networking.NetworkPolicyEgressRule{
+ {
+ To: []networking.NetworkPolicyPeer{
+ {
+ IPBlock: &networking.IPBlock{
+ CIDR: "192.168.0.0/16",
+ Except: []string{"192.168.3.0/24", "192.168.4.0/24"},
+ },
+ },
+ },
+ },
+ },
+ PolicyTypes: []networking.PolicyType{"foo", "bar", "baz"},
+ },
+ },
}
// Error cases are not expected to pass validation.
diff --git a/pkg/apis/networking/zz_generated.deepcopy.go b/pkg/apis/networking/zz_generated.deepcopy.go
index 6cc1fa4d3d60..da38fb5e8dbb 100644
--- a/pkg/apis/networking/zz_generated.deepcopy.go
+++ b/pkg/apis/networking/zz_generated.deepcopy.go
@@ -47,6 +47,10 @@ func RegisterDeepCopies(scheme *runtime.Scheme) error {
in.(*NetworkPolicy).DeepCopyInto(out.(*NetworkPolicy))
return nil
}, InType: reflect.TypeOf(&NetworkPolicy{})},
+ conversion.GeneratedDeepCopyFunc{Fn: func(in interface{}, out interface{}, c *conversion.Cloner) error {
+ in.(*NetworkPolicyEgressRule).DeepCopyInto(out.(*NetworkPolicyEgressRule))
+ return nil
+ }, InType: reflect.TypeOf(&NetworkPolicyEgressRule{})},
conversion.GeneratedDeepCopyFunc{Fn: func(in interface{}, out interface{}, c *conversion.Cloner) error {
in.(*NetworkPolicyIngressRule).DeepCopyInto(out.(*NetworkPolicyIngressRule))
return nil
@@ -119,6 +123,36 @@ func (in *NetworkPolicy) DeepCopyObject() runtime.Object {
}
}
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *NetworkPolicyEgressRule) DeepCopyInto(out *NetworkPolicyEgressRule) {
+ *out = *in
+ if in.Ports != nil {
+ in, out := &in.Ports, &out.Ports
+ *out = make([]NetworkPolicyPort, len(*in))
+ for i := range *in {
+ (*in)[i].DeepCopyInto(&(*out)[i])
+ }
+ }
+ if in.To != nil {
+ in, out := &in.To, &out.To
+ *out = make([]NetworkPolicyPeer, len(*in))
+ for i := range *in {
+ (*in)[i].DeepCopyInto(&(*out)[i])
+ }
+ }
+ return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkPolicyEgressRule.
+func (in *NetworkPolicyEgressRule) DeepCopy() *NetworkPolicyEgressRule {
+ if in == nil {
+ return nil
+ }
+ out := new(NetworkPolicyEgressRule)
+ in.DeepCopyInto(out)
+ return out
+}
+
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *NetworkPolicyIngressRule) DeepCopyInto(out *NetworkPolicyIngressRule) {
*out = *in
@@ -271,6 +305,18 @@ func (in *NetworkPolicySpec) DeepCopyInto(out *NetworkPolicySpec) {
(*in)[i].DeepCopyInto(&(*out)[i])
}
}
+ if in.Egress != nil {
+ in, out := &in.Egress, &out.Egress
+ *out = make([]NetworkPolicyEgressRule, len(*in))
+ for i := range *in {
+ (*in)[i].DeepCopyInto(&(*out)[i])
+ }
+ }
+ if in.PolicyTypes != nil {
+ in, out := &in.PolicyTypes, &out.PolicyTypes
+ *out = make([]PolicyType, len(*in))
+ copy(*out, *in)
+ }
return
}
diff --git a/staging/src/k8s.io/api/extensions/v1beta1/generated.pb.go b/staging/src/k8s.io/api/extensions/v1beta1/generated.pb.go
index 6e12f12956ab..63d492fc85fd 100644
--- a/staging/src/k8s.io/api/extensions/v1beta1/generated.pb.go
+++ b/staging/src/k8s.io/api/extensions/v1beta1/generated.pb.go
@@ -58,6 +58,7 @@ limitations under the License.
IngressStatus
IngressTLS
NetworkPolicy
+ NetworkPolicyEgressRule
NetworkPolicyIngressRule
NetworkPolicyList
NetworkPolicyPeer
@@ -254,125 +255,131 @@ func (m *NetworkPolicy) Reset() { *m = NetworkPolicy{} }
func (*NetworkPolicy) ProtoMessage() {}
func (*NetworkPolicy) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{32} }
+func (m *NetworkPolicyEgressRule) Reset() { *m = NetworkPolicyEgressRule{} }
+func (*NetworkPolicyEgressRule) ProtoMessage() {}
+func (*NetworkPolicyEgressRule) Descriptor() ([]byte, []int) {
+ return fileDescriptorGenerated, []int{33}
+}
+
func (m *NetworkPolicyIngressRule) Reset() { *m = NetworkPolicyIngressRule{} }
func (*NetworkPolicyIngressRule) ProtoMessage() {}
func (*NetworkPolicyIngressRule) Descriptor() ([]byte, []int) {
- return fileDescriptorGenerated, []int{33}
+ return fileDescriptorGenerated, []int{34}
}
func (m *NetworkPolicyList) Reset() { *m = NetworkPolicyList{} }
func (*NetworkPolicyList) ProtoMessage() {}
-func (*NetworkPolicyList) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{34} }
+func (*NetworkPolicyList) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{35} }
func (m *NetworkPolicyPeer) Reset() { *m = NetworkPolicyPeer{} }
func (*NetworkPolicyPeer) ProtoMessage() {}
-func (*NetworkPolicyPeer) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{35} }
+func (*NetworkPolicyPeer) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{36} }
func (m *NetworkPolicyPort) Reset() { *m = NetworkPolicyPort{} }
func (*NetworkPolicyPort) ProtoMessage() {}
-func (*NetworkPolicyPort) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{36} }
+func (*NetworkPolicyPort) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{37} }
func (m *NetworkPolicySpec) Reset() { *m = NetworkPolicySpec{} }
func (*NetworkPolicySpec) ProtoMessage() {}
-func (*NetworkPolicySpec) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{37} }
+func (*NetworkPolicySpec) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{38} }
func (m *PodSecurityPolicy) Reset() { *m = PodSecurityPolicy{} }
func (*PodSecurityPolicy) ProtoMessage() {}
-func (*PodSecurityPolicy) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{38} }
+func (*PodSecurityPolicy) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{39} }
func (m *PodSecurityPolicyList) Reset() { *m = PodSecurityPolicyList{} }
func (*PodSecurityPolicyList) ProtoMessage() {}
-func (*PodSecurityPolicyList) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{39} }
+func (*PodSecurityPolicyList) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{40} }
func (m *PodSecurityPolicySpec) Reset() { *m = PodSecurityPolicySpec{} }
func (*PodSecurityPolicySpec) ProtoMessage() {}
-func (*PodSecurityPolicySpec) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{40} }
+func (*PodSecurityPolicySpec) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{41} }
func (m *ReplicaSet) Reset() { *m = ReplicaSet{} }
func (*ReplicaSet) ProtoMessage() {}
-func (*ReplicaSet) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{41} }
+func (*ReplicaSet) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{42} }
func (m *ReplicaSetCondition) Reset() { *m = ReplicaSetCondition{} }
func (*ReplicaSetCondition) ProtoMessage() {}
-func (*ReplicaSetCondition) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{42} }
+func (*ReplicaSetCondition) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{43} }
func (m *ReplicaSetList) Reset() { *m = ReplicaSetList{} }
func (*ReplicaSetList) ProtoMessage() {}
-func (*ReplicaSetList) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{43} }
+func (*ReplicaSetList) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{44} }
func (m *ReplicaSetSpec) Reset() { *m = ReplicaSetSpec{} }
func (*ReplicaSetSpec) ProtoMessage() {}
-func (*ReplicaSetSpec) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{44} }
+func (*ReplicaSetSpec) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{45} }
func (m *ReplicaSetStatus) Reset() { *m = ReplicaSetStatus{} }
func (*ReplicaSetStatus) ProtoMessage() {}
-func (*ReplicaSetStatus) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{45} }
+func (*ReplicaSetStatus) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{46} }
func (m *ReplicationControllerDummy) Reset() { *m = ReplicationControllerDummy{} }
func (*ReplicationControllerDummy) ProtoMessage() {}
func (*ReplicationControllerDummy) Descriptor() ([]byte, []int) {
- return fileDescriptorGenerated, []int{46}
+ return fileDescriptorGenerated, []int{47}
}
func (m *RollbackConfig) Reset() { *m = RollbackConfig{} }
func (*RollbackConfig) ProtoMessage() {}
-func (*RollbackConfig) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{47} }
+func (*RollbackConfig) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{48} }
func (m *RollingUpdateDaemonSet) Reset() { *m = RollingUpdateDaemonSet{} }
func (*RollingUpdateDaemonSet) ProtoMessage() {}
-func (*RollingUpdateDaemonSet) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{48} }
+func (*RollingUpdateDaemonSet) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{49} }
func (m *RollingUpdateDeployment) Reset() { *m = RollingUpdateDeployment{} }
func (*RollingUpdateDeployment) ProtoMessage() {}
func (*RollingUpdateDeployment) Descriptor() ([]byte, []int) {
- return fileDescriptorGenerated, []int{49}
+ return fileDescriptorGenerated, []int{50}
}
func (m *RunAsUserStrategyOptions) Reset() { *m = RunAsUserStrategyOptions{} }
func (*RunAsUserStrategyOptions) ProtoMessage() {}
func (*RunAsUserStrategyOptions) Descriptor() ([]byte, []int) {
- return fileDescriptorGenerated, []int{50}
+ return fileDescriptorGenerated, []int{51}
}
func (m *SELinuxStrategyOptions) Reset() { *m = SELinuxStrategyOptions{} }
func (*SELinuxStrategyOptions) ProtoMessage() {}
-func (*SELinuxStrategyOptions) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{51} }
+func (*SELinuxStrategyOptions) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{52} }
func (m *Scale) Reset() { *m = Scale{} }
func (*Scale) ProtoMessage() {}
-func (*Scale) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{52} }
+func (*Scale) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{53} }
func (m *ScaleSpec) Reset() { *m = ScaleSpec{} }
func (*ScaleSpec) ProtoMessage() {}
-func (*ScaleSpec) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{53} }
+func (*ScaleSpec) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{54} }
func (m *ScaleStatus) Reset() { *m = ScaleStatus{} }
func (*ScaleStatus) ProtoMessage() {}
-func (*ScaleStatus) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{54} }
+func (*ScaleStatus) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{55} }
func (m *SupplementalGroupsStrategyOptions) Reset() { *m = SupplementalGroupsStrategyOptions{} }
func (*SupplementalGroupsStrategyOptions) ProtoMessage() {}
func (*SupplementalGroupsStrategyOptions) Descriptor() ([]byte, []int) {
- return fileDescriptorGenerated, []int{55}
+ return fileDescriptorGenerated, []int{56}
}
func (m *ThirdPartyResource) Reset() { *m = ThirdPartyResource{} }
func (*ThirdPartyResource) ProtoMessage() {}
-func (*ThirdPartyResource) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{56} }
+func (*ThirdPartyResource) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{57} }
func (m *ThirdPartyResourceData) Reset() { *m = ThirdPartyResourceData{} }
func (*ThirdPartyResourceData) ProtoMessage() {}
-func (*ThirdPartyResourceData) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{57} }
+func (*ThirdPartyResourceData) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{58} }
func (m *ThirdPartyResourceDataList) Reset() { *m = ThirdPartyResourceDataList{} }
func (*ThirdPartyResourceDataList) ProtoMessage() {}
func (*ThirdPartyResourceDataList) Descriptor() ([]byte, []int) {
- return fileDescriptorGenerated, []int{58}
+ return fileDescriptorGenerated, []int{59}
}
func (m *ThirdPartyResourceList) Reset() { *m = ThirdPartyResourceList{} }
func (*ThirdPartyResourceList) ProtoMessage() {}
-func (*ThirdPartyResourceList) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{59} }
+func (*ThirdPartyResourceList) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{60} }
func init() {
proto.RegisterType((*APIVersion)(nil), "k8s.io.api.extensions.v1beta1.APIVersion")
@@ -408,6 +415,7 @@ func init() {
proto.RegisterType((*IngressStatus)(nil), "k8s.io.api.extensions.v1beta1.IngressStatus")
proto.RegisterType((*IngressTLS)(nil), "k8s.io.api.extensions.v1beta1.IngressTLS")
proto.RegisterType((*NetworkPolicy)(nil), "k8s.io.api.extensions.v1beta1.NetworkPolicy")
+ proto.RegisterType((*NetworkPolicyEgressRule)(nil), "k8s.io.api.extensions.v1beta1.NetworkPolicyEgressRule")
proto.RegisterType((*NetworkPolicyIngressRule)(nil), "k8s.io.api.extensions.v1beta1.NetworkPolicyIngressRule")
proto.RegisterType((*NetworkPolicyList)(nil), "k8s.io.api.extensions.v1beta1.NetworkPolicyList")
proto.RegisterType((*NetworkPolicyPeer)(nil), "k8s.io.api.extensions.v1beta1.NetworkPolicyPeer")
@@ -1657,6 +1665,48 @@ func (m *NetworkPolicy) MarshalTo(dAtA []byte) (int, error) {
return i, nil
}
+func (m *NetworkPolicyEgressRule) Marshal() (dAtA []byte, err error) {
+ size := m.Size()
+ dAtA = make([]byte, size)
+ n, err := m.MarshalTo(dAtA)
+ if err != nil {
+ return nil, err
+ }
+ return dAtA[:n], nil
+}
+
+func (m *NetworkPolicyEgressRule) MarshalTo(dAtA []byte) (int, error) {
+ var i int
+ _ = i
+ var l int
+ _ = l
+ if len(m.Ports) > 0 {
+ for _, msg := range m.Ports {
+ dAtA[i] = 0xa
+ i++
+ i = encodeVarintGenerated(dAtA, i, uint64(msg.Size()))
+ n, err := msg.MarshalTo(dAtA[i:])
+ if err != nil {
+ return 0, err
+ }
+ i += n
+ }
+ }
+ if len(m.To) > 0 {
+ for _, msg := range m.To {
+ dAtA[i] = 0x12
+ i++
+ i = encodeVarintGenerated(dAtA, i, uint64(msg.Size()))
+ n, err := msg.MarshalTo(dAtA[i:])
+ if err != nil {
+ return 0, err
+ }
+ i += n
+ }
+ }
+ return i, nil
+}
+
func (m *NetworkPolicyIngressRule) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
@@ -1854,6 +1904,33 @@ func (m *NetworkPolicySpec) MarshalTo(dAtA []byte) (int, error) {
i += n
}
}
+ if len(m.Egress) > 0 {
+ for _, msg := range m.Egress {
+ dAtA[i] = 0x1a
+ i++
+ i = encodeVarintGenerated(dAtA, i, uint64(msg.Size()))
+ n, err := msg.MarshalTo(dAtA[i:])
+ if err != nil {
+ return 0, err
+ }
+ i += n
+ }
+ }
+ if len(m.PolicyTypes) > 0 {
+ for _, s := range m.PolicyTypes {
+ dAtA[i] = 0x22
+ i++
+ l = len(s)
+ for l >= 1<<7 {
+ dAtA[i] = uint8(uint64(l)&0x7f | 0x80)
+ l >>= 7
+ i++
+ }
+ dAtA[i] = uint8(l)
+ i++
+ i += copy(dAtA[i:], s)
+ }
+ }
return i, nil
}
@@ -3262,6 +3339,24 @@ func (m *NetworkPolicy) Size() (n int) {
return n
}
+func (m *NetworkPolicyEgressRule) Size() (n int) {
+ var l int
+ _ = l
+ if len(m.Ports) > 0 {
+ for _, e := range m.Ports {
+ l = e.Size()
+ n += 1 + l + sovGenerated(uint64(l))
+ }
+ }
+ if len(m.To) > 0 {
+ for _, e := range m.To {
+ l = e.Size()
+ n += 1 + l + sovGenerated(uint64(l))
+ }
+ }
+ return n
+}
+
func (m *NetworkPolicyIngressRule) Size() (n int) {
var l int
_ = l
@@ -3337,6 +3432,18 @@ func (m *NetworkPolicySpec) Size() (n int) {
n += 1 + l + sovGenerated(uint64(l))
}
}
+ if len(m.Egress) > 0 {
+ for _, e := range m.Egress {
+ l = e.Size()
+ n += 1 + l + sovGenerated(uint64(l))
+ }
+ }
+ if len(m.PolicyTypes) > 0 {
+ for _, s := range m.PolicyTypes {
+ l = len(s)
+ n += 1 + l + sovGenerated(uint64(l))
+ }
+ }
return n
}
@@ -4079,6 +4186,17 @@ func (this *NetworkPolicy) String() string {
}, "")
return s
}
+func (this *NetworkPolicyEgressRule) String() string {
+ if this == nil {
+ return "nil"
+ }
+ s := strings.Join([]string{`&NetworkPolicyEgressRule{`,
+ `Ports:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.Ports), "NetworkPolicyPort", "NetworkPolicyPort", 1), `&`, ``, 1) + `,`,
+ `To:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.To), "NetworkPolicyPeer", "NetworkPolicyPeer", 1), `&`, ``, 1) + `,`,
+ `}`,
+ }, "")
+ return s
+}
func (this *NetworkPolicyIngressRule) String() string {
if this == nil {
return "nil"
@@ -4131,6 +4249,8 @@ func (this *NetworkPolicySpec) String() string {
s := strings.Join([]string{`&NetworkPolicySpec{`,
`PodSelector:` + strings.Replace(strings.Replace(this.PodSelector.String(), "LabelSelector", "k8s_io_apimachinery_pkg_apis_meta_v1.LabelSelector", 1), `&`, ``, 1) + `,`,
`Ingress:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.Ingress), "NetworkPolicyIngressRule", "NetworkPolicyIngressRule", 1), `&`, ``, 1) + `,`,
+ `Egress:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.Egress), "NetworkPolicyEgressRule", "NetworkPolicyEgressRule", 1), `&`, ``, 1) + `,`,
+ `PolicyTypes:` + fmt.Sprintf("%v", this.PolicyTypes) + `,`,
`}`,
}, "")
return s
@@ -8625,6 +8745,118 @@ func (m *NetworkPolicy) Unmarshal(dAtA []byte) error {
}
return nil
}
+func (m *NetworkPolicyEgressRule) Unmarshal(dAtA []byte) error {
+ l := len(dAtA)
+ iNdEx := 0
+ for iNdEx < l {
+ preIndex := iNdEx
+ var wire uint64
+ for shift := uint(0); ; shift += 7 {
+ if shift >= 64 {
+ return ErrIntOverflowGenerated
+ }
+ if iNdEx >= l {
+ return io.ErrUnexpectedEOF
+ }
+ b := dAtA[iNdEx]
+ iNdEx++
+ wire |= (uint64(b) & 0x7F) << shift
+ if b < 0x80 {
+ break
+ }
+ }
+ fieldNum := int32(wire >> 3)
+ wireType := int(wire & 0x7)
+ if wireType == 4 {
+ return fmt.Errorf("proto: NetworkPolicyEgressRule: wiretype end group for non-group")
+ }
+ if fieldNum <= 0 {
+ return fmt.Errorf("proto: NetworkPolicyEgressRule: illegal tag %d (wire type %d)", fieldNum, wire)
+ }
+ switch fieldNum {
+ case 1:
+ if wireType != 2 {
+ return fmt.Errorf("proto: wrong wireType = %d for field Ports", wireType)
+ }
+ var msglen int
+ for shift := uint(0); ; shift += 7 {
+ if shift >= 64 {
+ return ErrIntOverflowGenerated
+ }
+ if iNdEx >= l {
+ return io.ErrUnexpectedEOF
+ }
+ b := dAtA[iNdEx]
+ iNdEx++
+ msglen |= (int(b) & 0x7F) << shift
+ if b < 0x80 {
+ break
+ }
+ }
+ if msglen < 0 {
+ return ErrInvalidLengthGenerated
+ }
+ postIndex := iNdEx + msglen
+ if postIndex > l {
+ return io.ErrUnexpectedEOF
+ }
+ m.Ports = append(m.Ports, NetworkPolicyPort{})
+ if err := m.Ports[len(m.Ports)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+ return err
+ }
+ iNdEx = postIndex
+ case 2:
+ if wireType != 2 {
+ return fmt.Errorf("proto: wrong wireType = %d for field To", wireType)
+ }
+ var msglen int
+ for shift := uint(0); ; shift += 7 {
+ if shift >= 64 {
+ return ErrIntOverflowGenerated
+ }
+ if iNdEx >= l {
+ return io.ErrUnexpectedEOF
+ }
+ b := dAtA[iNdEx]
+ iNdEx++
+ msglen |= (int(b) & 0x7F) << shift
+ if b < 0x80 {
+ break
+ }
+ }
+ if msglen < 0 {
+ return ErrInvalidLengthGenerated
+ }
+ postIndex := iNdEx + msglen
+ if postIndex > l {
+ return io.ErrUnexpectedEOF
+ }
+ m.To = append(m.To, NetworkPolicyPeer{})
+ if err := m.To[len(m.To)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+ return err
+ }
+ iNdEx = postIndex
+ default:
+ iNdEx = preIndex
+ skippy, err := skipGenerated(dAtA[iNdEx:])
+ if err != nil {
+ return err
+ }
+ if skippy < 0 {
+ return ErrInvalidLengthGenerated
+ }
+ if (iNdEx + skippy) > l {
+ return io.ErrUnexpectedEOF
+ }
+ iNdEx += skippy
+ }
+ }
+
+ if iNdEx > l {
+ return io.ErrUnexpectedEOF
+ }
+ return nil
+}
func (m *NetworkPolicyIngressRule) Unmarshal(dAtA []byte) error {
l := len(dAtA)
iNdEx := 0
@@ -9200,6 +9432,66 @@ func (m *NetworkPolicySpec) Unmarshal(dAtA []byte) error {
return err
}
iNdEx = postIndex
+ case 3:
+ if wireType != 2 {
+ return fmt.Errorf("proto: wrong wireType = %d for field Egress", wireType)
+ }
+ var msglen int
+ for shift := uint(0); ; shift += 7 {
+ if shift >= 64 {
+ return ErrIntOverflowGenerated
+ }
+ if iNdEx >= l {
+ return io.ErrUnexpectedEOF
+ }
+ b := dAtA[iNdEx]
+ iNdEx++
+ msglen |= (int(b) & 0x7F) << shift
+ if b < 0x80 {
+ break
+ }
+ }
+ if msglen < 0 {
+ return ErrInvalidLengthGenerated
+ }
+ postIndex := iNdEx + msglen
+ if postIndex > l {
+ return io.ErrUnexpectedEOF
+ }
+ m.Egress = append(m.Egress, NetworkPolicyEgressRule{})
+ if err := m.Egress[len(m.Egress)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+ return err
+ }
+ iNdEx = postIndex
+ case 4:
+ if wireType != 2 {
+ return fmt.Errorf("proto: wrong wireType = %d for field PolicyTypes", wireType)
+ }
+ var stringLen uint64
+ for shift := uint(0); ; shift += 7 {
+ if shift >= 64 {
+ return ErrIntOverflowGenerated
+ }
+ if iNdEx >= l {
+ return io.ErrUnexpectedEOF
+ }
+ b := dAtA[iNdEx]
+ iNdEx++
+ stringLen |= (uint64(b) & 0x7F) << shift
+ if b < 0x80 {
+ break
+ }
+ }
+ intStringLen := int(stringLen)
+ if intStringLen < 0 {
+ return ErrInvalidLengthGenerated
+ }
+ postIndex := iNdEx + intStringLen
+ if postIndex > l {
+ return io.ErrUnexpectedEOF
+ }
+ m.PolicyTypes = append(m.PolicyTypes, PolicyType(dAtA[iNdEx:postIndex]))
+ iNdEx = postIndex
default:
iNdEx = preIndex
skippy, err := skipGenerated(dAtA[iNdEx:])
@@ -12362,228 +12654,233 @@ func init() {
}
var fileDescriptorGenerated = []byte{
- // 3554 bytes of a gzipped FileDescriptorProto
- 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xdc, 0x5b, 0xcd, 0x6f, 0x1c, 0x47,
- 0x76, 0x57, 0xcf, 0x07, 0x67, 0xf8, 0x28, 0x7e, 0x15, 0x65, 0x6a, 0x4c, 0x59, 0x1c, 0xba, 0x0d,
- 0x28, 0x92, 0x23, 0xcd, 0x58, 0xb4, 0x65, 0x2b, 0x16, 0xe2, 0x84, 0x43, 0xea, 0x83, 0x0e, 0x3f,
- 0x46, 0x35, 0x43, 0x3a, 0x11, 0xac, 0xc4, 0xcd, 0x99, 0xe2, 0xb0, 0xc5, 0x9e, 0xee, 0x76, 0x7f,
- 0xd0, 0x9c, 0x4b, 0x90, 0x93, 0x81, 0x00, 0x09, 0x92, 0x1c, 0x1c, 0x38, 0x40, 0x0e, 0xf1, 0x25,
- 0xa7, 0x04, 0xf1, 0x2d, 0x39, 0x18, 0x01, 0x02, 0x38, 0x80, 0xb0, 0xf0, 0x2e, 0x7c, 0xda, 0xf5,
- 0x89, 0x58, 0xd3, 0xc7, 0xfd, 0x07, 0x16, 0x3a, 0x2c, 0x16, 0x55, 0x5d, 0xfd, 0xdd, 0xcd, 0x99,
- 0xa1, 0x25, 0x62, 0xb1, 0x37, 0x4e, 0xbd, 0xf7, 0x7e, 0xef, 0xd5, 0xab, 0xaa, 0xf7, 0x5e, 0xd5,
- 0x6b, 0xc2, 0xbd, 0xfd, 0xdb, 0x66, 0x45, 0xd6, 0xaa, 0xfb, 0xf6, 0x0e, 0x31, 0x54, 0x62, 0x11,
- 0xb3, 0x7a, 0x40, 0xd4, 0xb6, 0x66, 0x54, 0x39, 0x41, 0xd2, 0xe5, 0x2a, 0x39, 0xb4, 0x88, 0x6a,
- 0xca, 0x9a, 0x6a, 0x56, 0x0f, 0x6e, 0xee, 0x10, 0x4b, 0xba, 0x59, 0xed, 0x10, 0x95, 0x18, 0x92,
- 0x45, 0xda, 0x15, 0xdd, 0xd0, 0x2c, 0x0d, 0x5d, 0x76, 0xd8, 0x2b, 0x92, 0x2e, 0x57, 0x7c, 0xf6,
- 0x0a, 0x67, 0x9f, 0xbb, 0xd1, 0x91, 0xad, 0x3d, 0x7b, 0xa7, 0xd2, 0xd2, 0xba, 0xd5, 0x8e, 0xd6,
- 0xd1, 0xaa, 0x4c, 0x6a, 0xc7, 0xde, 0x65, 0xbf, 0xd8, 0x0f, 0xf6, 0x97, 0x83, 0x36, 0x27, 0x06,
- 0x94, 0xb7, 0x34, 0x83, 0x54, 0x0f, 0x62, 0x1a, 0xe7, 0xae, 0x05, 0x78, 0x74, 0x4d, 0x91, 0x5b,
- 0xbd, 0x34, 0xe3, 0xe6, 0xde, 0xf2, 0x59, 0xbb, 0x52, 0x6b, 0x4f, 0x56, 0x89, 0xd1, 0xab, 0xea,
- 0xfb, 0x1d, 0x26, 0x6b, 0x10, 0x53, 0xb3, 0x8d, 0x16, 0x19, 0x4a, 0xca, 0xac, 0x76, 0x89, 0x25,
- 0x25, 0x99, 0x55, 0x4d, 0x93, 0x32, 0x6c, 0xd5, 0x92, 0xbb, 0x71, 0x35, 0x6f, 0xf7, 0x13, 0x30,
- 0x5b, 0x7b, 0xa4, 0x2b, 0xc5, 0xe4, 0xde, 0x4c, 0x93, 0xb3, 0x2d, 0x59, 0xa9, 0xca, 0xaa, 0x65,
- 0x5a, 0x46, 0x54, 0x48, 0xac, 0x00, 0x2c, 0xd5, 0x57, 0xb7, 0x89, 0x41, 0x97, 0x07, 0x2d, 0x40,
- 0x4e, 0x95, 0xba, 0xa4, 0x24, 0x2c, 0x08, 0x57, 0x47, 0x6b, 0xe7, 0x9f, 0x1e, 0x95, 0xcf, 0x1d,
- 0x1f, 0x95, 0x73, 0x1b, 0x52, 0x97, 0x60, 0x46, 0x11, 0xef, 0xc2, 0xe4, 0x92, 0xa2, 0x68, 0x9f,
- 0x90, 0xf6, 0x03, 0xcd, 0xb4, 0xea, 0x92, 0xb5, 0x87, 0x16, 0x01, 0x74, 0xc9, 0xda, 0xab, 0x1b,
- 0x64, 0x57, 0x3e, 0xe4, 0xa2, 0x88, 0x8b, 0x42, 0xdd, 0xa3, 0xe0, 0x00, 0x97, 0xf8, 0x2f, 0x02,
- 0xbc, 0xbc, 0x6c, 0x9b, 0x96, 0xd6, 0x5d, 0x27, 0x96, 0x21, 0xb7, 0x96, 0x6d, 0xc3, 0x20, 0xaa,
- 0xd5, 0xb0, 0x24, 0xcb, 0x36, 0xfb, 0x9b, 0x81, 0x1e, 0x41, 0xfe, 0x40, 0x52, 0x6c, 0x52, 0xca,
- 0x2c, 0x08, 0x57, 0xc7, 0x16, 0x2b, 0x15, 0x7f, 0xb7, 0x79, 0x73, 0xaf, 0xe8, 0xfb, 0x1d, 0xb6,
- 0xfd, 0xdc, 0x05, 0xad, 0x3c, 0xb4, 0x25, 0xd5, 0x92, 0xad, 0x5e, 0xed, 0x02, 0x87, 0x3c, 0xcf,
- 0xf5, 0x6e, 0x53, 0x2c, 0xec, 0x40, 0x8a, 0x7f, 0x0d, 0x97, 0x53, 0x4d, 0x5b, 0x93, 0x4d, 0x0b,
- 0x3d, 0x86, 0xbc, 0x6c, 0x91, 0xae, 0x59, 0x12, 0x16, 0xb2, 0x57, 0xc7, 0x16, 0x6f, 0x57, 0x4e,
- 0xdc, 0xea, 0x95, 0x54, 0xb0, 0xda, 0x38, 0x37, 0x23, 0xbf, 0x4a, 0xe1, 0xb0, 0x83, 0x2a, 0xfe,
- 0x93, 0x00, 0x28, 0x28, 0xd3, 0x94, 0x8c, 0x0e, 0xb1, 0x06, 0x70, 0xca, 0x5f, 0xfc, 0x38, 0xa7,
- 0xcc, 0x70, 0xc8, 0x31, 0x47, 0x61, 0xc8, 0x27, 0x3a, 0xcc, 0xc6, 0x4d, 0x62, 0xce, 0xd8, 0x0e,
- 0x3b, 0xe3, 0xe6, 0x10, 0xce, 0x70, 0x50, 0x52, 0xbc, 0xf0, 0x59, 0x06, 0x46, 0x57, 0x24, 0xd2,
- 0xd5, 0xd4, 0x06, 0xb1, 0xd0, 0x47, 0x50, 0xa4, 0xe7, 0xab, 0x2d, 0x59, 0x12, 0x73, 0xc0, 0xd8,
- 0xe2, 0x1b, 0x27, 0xcd, 0xce, 0xac, 0x50, 0xee, 0xca, 0xc1, 0xcd, 0xca, 0xe6, 0xce, 0x13, 0xd2,
- 0xb2, 0xd6, 0x89, 0x25, 0xf9, 0x7b, 0xd2, 0x1f, 0xc3, 0x1e, 0x2a, 0xda, 0x80, 0x9c, 0xa9, 0x93,
- 0x16, 0xf7, 0xdd, 0xf5, 0x3e, 0xd3, 0xf0, 0x2c, 0x6b, 0xe8, 0xa4, 0xe5, 0x2f, 0x06, 0xfd, 0x85,
- 0x19, 0x0e, 0xda, 0x86, 0x11, 0x93, 0xad, 0x72, 0x29, 0x1b, 0x5b, 0x8d, 0x93, 0x11, 0x9d, 0xbd,
- 0x31, 0xc1, 0x31, 0x47, 0x9c, 0xdf, 0x98, 0xa3, 0x89, 0x5f, 0x09, 0x30, 0xee, 0xf1, 0xb2, 0x15,
- 0xf8, 0x30, 0xe6, 0x9b, 0xca, 0x60, 0xbe, 0xa1, 0xd2, 0xcc, 0x33, 0x53, 0x5c, 0x57, 0xd1, 0x1d,
- 0x09, 0xf8, 0x65, 0xdd, 0x5d, 0xdf, 0x0c, 0x5b, 0xdf, 0xab, 0x83, 0x4e, 0x23, 0x65, 0x59, 0xff,
- 0x39, 0x17, 0x30, 0x9f, 0xba, 0x0b, 0x3d, 0x86, 0xa2, 0x49, 0x14, 0xd2, 0xb2, 0x34, 0x83, 0x9b,
- 0xff, 0xe6, 0x80, 0xe6, 0x4b, 0x3b, 0x44, 0x69, 0x70, 0xd1, 0xda, 0x79, 0x6a, 0xbf, 0xfb, 0x0b,
- 0x7b, 0x90, 0xe8, 0x21, 0x14, 0x2d, 0xd2, 0xd5, 0x15, 0xc9, 0x72, 0xcf, 0xc5, 0x6b, 0xc1, 0x29,
- 0xd0, 0x64, 0x42, 0xc1, 0xea, 0x5a, 0xbb, 0xc9, 0xd9, 0xd8, 0x92, 0x7a, 0x2e, 0x71, 0x47, 0xb1,
- 0x07, 0x83, 0x0e, 0x60, 0xc2, 0xd6, 0xdb, 0x94, 0xd3, 0xa2, 0xa1, 0xb4, 0xd3, 0xe3, 0x4b, 0xfc,
- 0xf6, 0xa0, 0xbe, 0xd9, 0x0a, 0x49, 0xd7, 0x66, 0xb9, 0xae, 0x89, 0xf0, 0x38, 0x8e, 0x68, 0x41,
- 0x4b, 0x30, 0xd9, 0x95, 0x55, 0x4c, 0xa4, 0x76, 0xaf, 0x41, 0x5a, 0x9a, 0xda, 0x36, 0x4b, 0xb9,
- 0x05, 0xe1, 0x6a, 0xbe, 0x76, 0x91, 0x03, 0x4c, 0xae, 0x87, 0xc9, 0x38, 0xca, 0x8f, 0xde, 0x07,
- 0xe4, 0x4e, 0xe3, 0xbe, 0x93, 0x09, 0x64, 0x4d, 0x2d, 0xe5, 0x17, 0x84, 0xab, 0xd9, 0xda, 0x1c,
- 0x47, 0x41, 0xcd, 0x18, 0x07, 0x4e, 0x90, 0x42, 0x6b, 0x70, 0xc1, 0x20, 0x07, 0x32, 0x9d, 0xe3,
- 0x03, 0xd9, 0xb4, 0x34, 0xa3, 0xb7, 0x26, 0x77, 0x65, 0xab, 0x34, 0xc2, 0x6c, 0x2a, 0x1d, 0x1f,
- 0x95, 0x2f, 0xe0, 0x04, 0x3a, 0x4e, 0x94, 0x12, 0xbf, 0xcc, 0xc3, 0x64, 0xe4, 0x0c, 0xa0, 0x6d,
- 0x98, 0x6d, 0x39, 0x01, 0x73, 0xc3, 0xee, 0xee, 0x10, 0xa3, 0xd1, 0xda, 0x23, 0x6d, 0x5b, 0x21,
- 0x6d, 0xb6, 0x51, 0xf2, 0xb5, 0x79, 0x6e, 0xf1, 0xec, 0x72, 0x22, 0x17, 0x4e, 0x91, 0xa6, 0x5e,
- 0x50, 0xd9, 0xd0, 0xba, 0x6c, 0x9a, 0x1e, 0x66, 0x86, 0x61, 0x7a, 0x5e, 0xd8, 0x88, 0x71, 0xe0,
- 0x04, 0x29, 0x6a, 0x63, 0x9b, 0x98, 0xb2, 0x41, 0xda, 0x51, 0x1b, 0xb3, 0x61, 0x1b, 0x57, 0x12,
- 0xb9, 0x70, 0x8a, 0x34, 0xba, 0x05, 0x63, 0x8e, 0x36, 0xb6, 0x7e, 0x7c, 0xa1, 0xbd, 0x10, 0xbd,
- 0xe1, 0x93, 0x70, 0x90, 0x8f, 0x4e, 0x4d, 0xdb, 0x31, 0x89, 0x71, 0x40, 0xda, 0xe9, 0x0b, 0xbc,
- 0x19, 0xe3, 0xc0, 0x09, 0x52, 0x74, 0x6a, 0xce, 0x0e, 0x8c, 0x4d, 0x6d, 0x24, 0x3c, 0xb5, 0xad,
- 0x44, 0x2e, 0x9c, 0x22, 0x4d, 0xf7, 0xb1, 0x63, 0xf2, 0xd2, 0x81, 0x24, 0x2b, 0xd2, 0x8e, 0x42,
- 0x4a, 0x85, 0xf0, 0x3e, 0xde, 0x08, 0x93, 0x71, 0x94, 0x1f, 0xdd, 0x87, 0x69, 0x67, 0x68, 0x4b,
- 0x95, 0x3c, 0x90, 0x22, 0x03, 0x79, 0x99, 0x83, 0x4c, 0x6f, 0x44, 0x19, 0x70, 0x5c, 0x06, 0xbd,
- 0x0b, 0x13, 0x2d, 0x4d, 0x51, 0xd8, 0x7e, 0x5c, 0xd6, 0x6c, 0xd5, 0x2a, 0x8d, 0x32, 0x14, 0x44,
- 0xcf, 0xe3, 0x72, 0x88, 0x82, 0x23, 0x9c, 0xe2, 0x4f, 0x04, 0xb8, 0x98, 0x72, 0xa6, 0xd1, 0x9f,
- 0x40, 0xce, 0xea, 0xe9, 0x6e, 0xb6, 0xfe, 0x43, 0x37, 0x41, 0x34, 0x7b, 0x3a, 0x79, 0x76, 0x54,
- 0xbe, 0x94, 0x22, 0x46, 0xc9, 0x98, 0x09, 0x22, 0x15, 0xc6, 0x0d, 0xaa, 0x4e, 0xed, 0x38, 0x2c,
- 0x3c, 0x78, 0xdd, 0xea, 0x13, 0x63, 0x70, 0x50, 0xc6, 0x0f, 0xc6, 0xd3, 0xc7, 0x47, 0xe5, 0xf1,
- 0x10, 0x0d, 0x87, 0xe1, 0xc5, 0xcf, 0x33, 0x00, 0x2b, 0x44, 0x57, 0xb4, 0x5e, 0x97, 0xa8, 0x67,
- 0x91, 0x70, 0x37, 0x43, 0x09, 0xf7, 0x46, 0xbf, 0xd8, 0xe9, 0x99, 0x96, 0x9a, 0x71, 0x3f, 0x88,
- 0x64, 0xdc, 0xea, 0xe0, 0x90, 0x27, 0xa7, 0xdc, 0x5f, 0x64, 0x61, 0xc6, 0x67, 0x5e, 0xd6, 0xd4,
- 0xb6, 0xcc, 0xce, 0xc7, 0x9d, 0xd0, 0x1a, 0xff, 0x41, 0x64, 0x8d, 0x2f, 0x26, 0x88, 0x04, 0xd6,
- 0x77, 0xcd, 0xb3, 0x36, 0xc3, 0xc4, 0xdf, 0x0a, 0x2b, 0x7f, 0x76, 0x54, 0x4e, 0xb8, 0xf3, 0x54,
- 0x3c, 0xa4, 0xb0, 0x89, 0xe8, 0x0a, 0x8c, 0x18, 0x44, 0x32, 0x35, 0x95, 0x05, 0x8a, 0x51, 0x7f,
- 0x2a, 0x98, 0x8d, 0x62, 0x4e, 0x45, 0xd7, 0xa0, 0xd0, 0x25, 0xa6, 0x29, 0x75, 0x08, 0x8b, 0x09,
- 0xa3, 0xb5, 0x49, 0xce, 0x58, 0x58, 0x77, 0x86, 0xb1, 0x4b, 0x47, 0x4f, 0x60, 0x42, 0x91, 0x4c,
- 0xbe, 0x41, 0x9b, 0x72, 0x97, 0xb0, 0x53, 0x3f, 0xb6, 0xf8, 0xfa, 0x60, 0xfb, 0x80, 0x4a, 0xf8,
- 0x99, 0x6d, 0x2d, 0x84, 0x84, 0x23, 0xc8, 0xe8, 0x00, 0x10, 0x1d, 0x69, 0x1a, 0x92, 0x6a, 0x3a,
- 0x8e, 0xa2, 0xfa, 0x0a, 0x43, 0xeb, 0xf3, 0x22, 0xdc, 0x5a, 0x0c, 0x0d, 0x27, 0x68, 0x10, 0xff,
- 0x57, 0x80, 0x09, 0x7f, 0x99, 0xce, 0xa0, 0x9a, 0xda, 0x08, 0x57, 0x53, 0xd7, 0x06, 0xde, 0xa2,
- 0x29, 0xe5, 0xd4, 0xaf, 0x33, 0x80, 0x7c, 0x26, 0x7a, 0xc0, 0x77, 0xa4, 0xd6, 0xfe, 0x00, 0x77,
- 0x85, 0xcf, 0x04, 0x40, 0x3c, 0x3c, 0x2f, 0xa9, 0xaa, 0x66, 0xb1, 0x88, 0xef, 0x9a, 0xb5, 0x3a,
- 0xb0, 0x59, 0xae, 0xc6, 0xca, 0x56, 0x0c, 0xeb, 0xae, 0x6a, 0x19, 0x3d, 0x7f, 0x45, 0xe2, 0x0c,
- 0x38, 0xc1, 0x00, 0x24, 0x01, 0x18, 0x1c, 0xb3, 0xa9, 0xf1, 0x83, 0x7c, 0x63, 0x80, 0x98, 0x47,
- 0x05, 0x96, 0x35, 0x75, 0x57, 0xee, 0xf8, 0x61, 0x07, 0x7b, 0x40, 0x38, 0x00, 0x3a, 0x77, 0x17,
- 0x2e, 0xa6, 0x58, 0x8b, 0xa6, 0x20, 0xbb, 0x4f, 0x7a, 0x8e, 0xdb, 0x30, 0xfd, 0x13, 0x5d, 0x08,
- 0xde, 0xa9, 0x46, 0xf9, 0x75, 0xe8, 0xdd, 0xcc, 0x6d, 0x41, 0xfc, 0x2a, 0x1f, 0xdc, 0x3b, 0xac,
- 0x94, 0xbd, 0x0a, 0x45, 0x83, 0xe8, 0x8a, 0xdc, 0x92, 0x4c, 0x5e, 0xa1, 0xb0, 0xaa, 0x14, 0xf3,
- 0x31, 0xec, 0x51, 0x43, 0x45, 0x6f, 0xe6, 0xc5, 0x16, 0xbd, 0xd9, 0xe7, 0x53, 0xf4, 0xfe, 0x15,
- 0x14, 0x4d, 0xb7, 0xdc, 0xcd, 0x31, 0xc8, 0x9b, 0x43, 0xc4, 0x57, 0x5e, 0xe9, 0x7a, 0x0a, 0xbc,
- 0x1a, 0xd7, 0x03, 0x4d, 0xaa, 0x6e, 0xf3, 0x43, 0x56, 0xb7, 0xcf, 0xb5, 0x22, 0xa5, 0x31, 0x55,
- 0x97, 0x6c, 0x93, 0xb4, 0x59, 0x20, 0x2a, 0xfa, 0x31, 0xb5, 0xce, 0x46, 0x31, 0xa7, 0xa2, 0xc7,
- 0xa1, 0x2d, 0x5b, 0x3c, 0xcd, 0x96, 0x9d, 0x48, 0xdf, 0xae, 0x68, 0x0b, 0x2e, 0xea, 0x86, 0xd6,
- 0x31, 0x88, 0x69, 0xae, 0x10, 0xa9, 0xad, 0xc8, 0x2a, 0x71, 0xfd, 0xe3, 0x94, 0x2a, 0x97, 0x8e,
- 0x8f, 0xca, 0x17, 0xeb, 0xc9, 0x2c, 0x38, 0x4d, 0x56, 0x7c, 0x9a, 0x83, 0xa9, 0x68, 0x06, 0x4c,
- 0xa9, 0x1e, 0x85, 0x53, 0x55, 0x8f, 0xd7, 0x03, 0x87, 0xc1, 0x29, 0xad, 0xbd, 0xd5, 0x4f, 0x38,
- 0x10, 0x4b, 0x30, 0xc9, 0xa3, 0x81, 0x4b, 0xe4, 0xf5, 0xb3, 0xb7, 0xfa, 0x5b, 0x61, 0x32, 0x8e,
- 0xf2, 0xd3, 0x9a, 0xd0, 0x2f, 0xf5, 0x5c, 0x90, 0x5c, 0xb8, 0x26, 0x5c, 0x8a, 0x32, 0xe0, 0xb8,
- 0x0c, 0x5a, 0x87, 0x19, 0x5b, 0x8d, 0x43, 0x39, 0xbb, 0xf1, 0x12, 0x87, 0x9a, 0xd9, 0x8a, 0xb3,
- 0xe0, 0x24, 0x39, 0xb4, 0x0b, 0xd0, 0x72, 0xd3, 0xb6, 0x59, 0x1a, 0x61, 0x11, 0x76, 0x71, 0xe0,
- 0xb3, 0xe3, 0x65, 0x7c, 0x3f, 0xae, 0x79, 0x43, 0x26, 0x0e, 0x20, 0xa3, 0x3b, 0x30, 0x6e, 0xb0,
- 0x0b, 0x81, 0x6b, 0xb0, 0x53, 0x54, 0xbf, 0xc4, 0xc5, 0xc6, 0x71, 0x90, 0x88, 0xc3, 0xbc, 0x09,
- 0x75, 0x70, 0x71, 0xe0, 0x3a, 0xf8, 0xff, 0x84, 0x60, 0x12, 0xf2, 0x4a, 0xe0, 0x77, 0x43, 0xe5,
- 0xd1, 0x95, 0x48, 0x79, 0x34, 0x1b, 0x97, 0x08, 0x54, 0x47, 0x5a, 0x72, 0xf5, 0xfb, 0xf6, 0x50,
- 0xd5, 0xaf, 0x9f, 0x3c, 0xfb, 0x97, 0xbf, 0x5f, 0x08, 0x30, 0x7b, 0xaf, 0x71, 0xdf, 0xd0, 0x6c,
- 0xdd, 0x35, 0x67, 0x53, 0x77, 0xfc, 0xfa, 0x0e, 0xe4, 0x0c, 0x5b, 0x71, 0xe7, 0xf1, 0x9a, 0x3b,
- 0x0f, 0x6c, 0x2b, 0x74, 0x1e, 0x33, 0x11, 0x29, 0x67, 0x12, 0x54, 0x00, 0x6d, 0xc0, 0x88, 0x21,
- 0xa9, 0x1d, 0xe2, 0xa6, 0xd5, 0x2b, 0x7d, 0xac, 0x5f, 0x5d, 0xc1, 0x94, 0x3d, 0x50, 0xbc, 0x31,
- 0x69, 0xcc, 0x51, 0xc4, 0xbf, 0x17, 0x60, 0xf2, 0x41, 0xb3, 0x59, 0x5f, 0x55, 0xd9, 0x89, 0x66,
- 0x8f, 0xaf, 0x0b, 0x90, 0xd3, 0x25, 0x6b, 0x2f, 0x9a, 0xe9, 0x29, 0x0d, 0x33, 0x0a, 0xfa, 0x73,
- 0x28, 0xd0, 0x48, 0x42, 0xd4, 0xf6, 0x80, 0xa5, 0x36, 0x87, 0xaf, 0x39, 0x42, 0x7e, 0x85, 0xc8,
- 0x07, 0xb0, 0x0b, 0x27, 0xee, 0xc3, 0x85, 0x80, 0x39, 0xd4, 0x1f, 0xec, 0xcd, 0x10, 0x35, 0x20,
- 0x4f, 0x35, 0xbb, 0x4f, 0x82, 0xfd, 0x5e, 0xbe, 0x22, 0x53, 0xf2, 0x2b, 0x1d, 0xfa, 0xcb, 0xc4,
- 0x0e, 0x96, 0xb8, 0x0e, 0xe3, 0xec, 0xc5, 0x59, 0x33, 0x2c, 0xe6, 0x16, 0x74, 0x19, 0xb2, 0x5d,
- 0x59, 0xe5, 0x79, 0x76, 0x8c, 0xcb, 0x64, 0x69, 0x8e, 0xa0, 0xe3, 0x8c, 0x2c, 0x1d, 0xf2, 0xc8,
- 0xe3, 0x93, 0xa5, 0x43, 0x4c, 0xc7, 0xc5, 0xfb, 0x50, 0xe0, 0xee, 0x0e, 0x02, 0x65, 0x4f, 0x06,
- 0xca, 0x26, 0x00, 0x6d, 0x42, 0x61, 0xb5, 0x5e, 0x53, 0x34, 0xa7, 0xea, 0x6a, 0xc9, 0x6d, 0x23,
- 0xba, 0x16, 0xcb, 0xab, 0x2b, 0x18, 0x33, 0x0a, 0x12, 0x61, 0x84, 0x1c, 0xb6, 0x88, 0x6e, 0xb1,
- 0x1d, 0x31, 0x5a, 0x03, 0xba, 0xca, 0x77, 0xd9, 0x08, 0xe6, 0x14, 0xf1, 0x1f, 0x32, 0x50, 0xe0,
- 0xee, 0x38, 0x83, 0x5b, 0xd8, 0x5a, 0xe8, 0x16, 0xf6, 0xfa, 0x60, 0x5b, 0x23, 0xf5, 0x0a, 0xd6,
- 0x8c, 0x5c, 0xc1, 0xae, 0x0f, 0x88, 0x77, 0xf2, 0xfd, 0xeb, 0x4b, 0x01, 0x26, 0xc2, 0x9b, 0x12,
- 0xdd, 0x82, 0x31, 0x9a, 0x70, 0xe4, 0x16, 0xd9, 0xf0, 0xeb, 0x5c, 0xef, 0x75, 0xa4, 0xe1, 0x93,
- 0x70, 0x90, 0x0f, 0x75, 0x3c, 0x31, 0xba, 0x8f, 0xf8, 0xa4, 0xd3, 0x5d, 0x6a, 0x5b, 0xb2, 0x52,
- 0x71, 0x1a, 0x27, 0x95, 0x55, 0xd5, 0xda, 0x34, 0x1a, 0x96, 0x21, 0xab, 0x9d, 0x98, 0x22, 0xb6,
- 0x29, 0x83, 0xc8, 0xe2, 0xff, 0x08, 0x30, 0xc6, 0x4d, 0x3e, 0x83, 0x5b, 0xc5, 0x9f, 0x85, 0x6f,
- 0x15, 0x57, 0x06, 0x3c, 0xe0, 0xc9, 0x57, 0x8a, 0x7f, 0xf7, 0x4d, 0xa7, 0x47, 0x9a, 0xee, 0xea,
- 0x3d, 0xcd, 0xb4, 0xa2, 0xbb, 0x9a, 0x1e, 0x46, 0xcc, 0x28, 0xc8, 0x86, 0x29, 0x39, 0x12, 0x03,
- 0xb8, 0x6b, 0xab, 0x83, 0x59, 0xe2, 0x89, 0xd5, 0x4a, 0x1c, 0x7e, 0x2a, 0x4a, 0xc1, 0x31, 0x15,
- 0x22, 0x81, 0x18, 0x17, 0x7a, 0x08, 0xb9, 0x3d, 0xcb, 0xd2, 0x13, 0x1e, 0x92, 0xfb, 0x44, 0x1e,
- 0xdf, 0x84, 0x22, 0x9b, 0x5d, 0xb3, 0x59, 0xc7, 0x0c, 0x4a, 0xfc, 0x8d, 0xef, 0x8f, 0x86, 0xb3,
- 0xc7, 0xbd, 0x78, 0x2a, 0x9c, 0x26, 0x9e, 0x8e, 0x25, 0xc5, 0x52, 0xf4, 0x00, 0xb2, 0x96, 0x32,
- 0xe8, 0xb5, 0x90, 0x23, 0x36, 0xd7, 0x1a, 0x7e, 0x40, 0x6a, 0xae, 0x35, 0x30, 0x85, 0x40, 0x9b,
- 0x90, 0xa7, 0xd9, 0x87, 0x1e, 0xc1, 0xec, 0xe0, 0x47, 0x9a, 0xce, 0xdf, 0xdf, 0x10, 0xf4, 0x97,
- 0x89, 0x1d, 0x1c, 0xf1, 0x63, 0x18, 0x0f, 0x9d, 0x53, 0xf4, 0x11, 0x9c, 0x57, 0x34, 0xa9, 0x5d,
- 0x93, 0x14, 0x49, 0x6d, 0x11, 0xf7, 0xd5, 0xfe, 0x4a, 0xd2, 0x0d, 0x63, 0x2d, 0xc0, 0xc7, 0x4f,
- 0xb9, 0xd7, 0x7b, 0x0b, 0xd2, 0x70, 0x08, 0x51, 0x94, 0x00, 0xfc, 0x39, 0xa2, 0x32, 0xe4, 0xe9,
- 0x3e, 0x73, 0xf2, 0xc9, 0x68, 0x6d, 0x94, 0x5a, 0x48, 0xb7, 0x9f, 0x89, 0x9d, 0x71, 0xb4, 0x08,
- 0x60, 0x92, 0x96, 0x41, 0x2c, 0x16, 0x0c, 0x32, 0xe1, 0x0e, 0x64, 0xc3, 0xa3, 0xe0, 0x00, 0x97,
- 0xf8, 0xff, 0x02, 0x8c, 0x6f, 0x10, 0xeb, 0x13, 0xcd, 0xd8, 0xaf, 0xb3, 0x66, 0xf1, 0x19, 0x04,
- 0x5b, 0x1c, 0x0a, 0xb6, 0x6f, 0xf4, 0x59, 0x99, 0x90, 0x75, 0x69, 0x21, 0x97, 0xce, 0xa3, 0x14,
- 0xe2, 0x0c, 0x9e, 0xdd, 0x2d, 0xc8, 0xeb, 0x9a, 0x61, 0xb9, 0x99, 0x78, 0x28, 0x8d, 0x34, 0x8e,
- 0x05, 0x72, 0x31, 0x85, 0xc1, 0x0e, 0x1a, 0x9d, 0xc7, 0xae, 0xa1, 0x75, 0xf9, 0x6e, 0x1d, 0x0e,
- 0x95, 0x10, 0xc3, 0x9f, 0xc7, 0x3d, 0x43, 0xeb, 0x62, 0x86, 0x25, 0x7e, 0x2d, 0xc0, 0x74, 0x88,
- 0xf3, 0x0c, 0xe2, 0xe6, 0xc3, 0x70, 0xdc, 0xbc, 0x3e, 0xcc, 0x44, 0x52, 0xa2, 0xe7, 0xd7, 0x99,
- 0xc8, 0x34, 0xe8, 0x84, 0xd1, 0x2e, 0x8c, 0xe9, 0x5a, 0xbb, 0xf1, 0x1c, 0xda, 0x5c, 0x93, 0x34,
- 0xed, 0xd4, 0x7d, 0x2c, 0x1c, 0x04, 0x46, 0x87, 0x30, 0xad, 0x4a, 0x5d, 0x62, 0xea, 0x52, 0x8b,
- 0x34, 0x9e, 0xc3, 0xfb, 0xc2, 0x4b, 0xec, 0x1d, 0x3d, 0x8a, 0x88, 0xe3, 0x4a, 0xd0, 0x3a, 0x14,
- 0x64, 0x9d, 0x95, 0x41, 0x3c, 0xf5, 0xf7, 0x4d, 0x42, 0x4e, 0xd1, 0xe4, 0x84, 0x43, 0xfe, 0x03,
- 0xbb, 0x18, 0xe2, 0x7f, 0x44, 0x77, 0x03, 0xdd, 0x7f, 0xe8, 0x3e, 0x14, 0xd9, 0x57, 0x0b, 0x2d,
- 0x4d, 0x71, 0x1f, 0xd6, 0xe9, 0xca, 0xd6, 0xf9, 0xd8, 0xb3, 0xa3, 0xf2, 0xa5, 0x84, 0x37, 0x53,
- 0x97, 0x8c, 0x3d, 0x61, 0xb4, 0x01, 0x39, 0xfd, 0xc7, 0x14, 0x00, 0x2c, 0x47, 0xb0, 0xac, 0xcf,
- 0x70, 0xc4, 0x1f, 0xa2, 0xe6, 0xb2, 0x4c, 0xf1, 0xe4, 0xb9, 0xad, 0xba, 0x57, 0x70, 0xa4, 0xae,
- 0xfc, 0x0e, 0x14, 0x78, 0x82, 0xe4, 0x9b, 0xf9, 0x9d, 0x61, 0x36, 0x73, 0x30, 0x09, 0x78, 0xf5,
- 0xbe, 0x3b, 0xe8, 0x02, 0x8b, 0x3f, 0x15, 0x60, 0x9a, 0x19, 0xd0, 0xb2, 0x0d, 0xd9, 0xea, 0x9d,
- 0x59, 0xd8, 0xdc, 0x0e, 0x85, 0xcd, 0xb7, 0xfa, 0x4c, 0x2c, 0x66, 0x61, 0x6a, 0xe8, 0xfc, 0x46,
- 0x80, 0x97, 0x62, 0xdc, 0x67, 0x10, 0x76, 0xb6, 0xc2, 0x61, 0xe7, 0x8d, 0x61, 0x27, 0x94, 0x12,
- 0x7a, 0xfe, 0xf5, 0x7c, 0xc2, 0x74, 0xd8, 0x46, 0x5c, 0x04, 0xd0, 0x0d, 0xf9, 0x40, 0x56, 0x48,
- 0x87, 0xf7, 0x4e, 0x8b, 0x81, 0x2f, 0x74, 0x3c, 0x0a, 0x0e, 0x70, 0x21, 0x13, 0x66, 0xdb, 0x64,
- 0x57, 0xb2, 0x15, 0x6b, 0xa9, 0xdd, 0x5e, 0x96, 0x74, 0x69, 0x47, 0x56, 0x64, 0x4b, 0xe6, 0x97,
- 0xd9, 0xd1, 0xda, 0x1d, 0xa7, 0xa7, 0x99, 0xc4, 0xf1, 0xec, 0xa8, 0x7c, 0x39, 0xa9, 0x77, 0xe1,
- 0xb2, 0xf4, 0x70, 0x0a, 0x34, 0xea, 0x41, 0xc9, 0x20, 0x1f, 0xdb, 0xb2, 0x41, 0xda, 0x2b, 0x86,
- 0xa6, 0x87, 0xd4, 0x66, 0x99, 0xda, 0x3f, 0x3e, 0x3e, 0x2a, 0x97, 0x70, 0x0a, 0x4f, 0x7f, 0xc5,
- 0xa9, 0xf0, 0xe8, 0x09, 0xcc, 0x48, 0xce, 0x87, 0x4d, 0x21, 0xad, 0x39, 0xa6, 0xf5, 0xf6, 0xf1,
- 0x51, 0x79, 0x66, 0x29, 0x4e, 0xee, 0xaf, 0x30, 0x09, 0x14, 0x55, 0xa1, 0x70, 0xa0, 0x29, 0x76,
- 0x97, 0x98, 0xa5, 0x3c, 0xc3, 0xa7, 0x71, 0xb6, 0xb0, 0xed, 0x0c, 0x3d, 0x3b, 0x2a, 0x8f, 0xdc,
- 0x6b, 0xb0, 0x67, 0x04, 0x97, 0x8b, 0x5e, 0x77, 0x68, 0xa5, 0xc3, 0xcf, 0x2c, 0x7b, 0xcf, 0x2c,
- 0xfa, 0x41, 0xe1, 0x81, 0x4f, 0xc2, 0x41, 0x3e, 0xf4, 0x18, 0x46, 0xf7, 0xf8, 0x9d, 0xd9, 0x2c,
- 0x15, 0x06, 0xca, 0x71, 0xa1, 0x3b, 0x76, 0x6d, 0x9a, 0xab, 0x18, 0x75, 0x87, 0x4d, 0xec, 0x23,
- 0xa2, 0x6b, 0x50, 0x60, 0x3f, 0x56, 0x57, 0xd8, 0x63, 0x51, 0xd1, 0x0f, 0x1d, 0x0f, 0x9c, 0x61,
- 0xec, 0xd2, 0x5d, 0xd6, 0xd5, 0xfa, 0x32, 0x7b, 0xb4, 0x8c, 0xb0, 0xae, 0xd6, 0x97, 0xb1, 0x4b,
- 0x47, 0x1f, 0x41, 0xc1, 0x24, 0x6b, 0xb2, 0x6a, 0x1f, 0x96, 0x60, 0xa0, 0x96, 0x67, 0xe3, 0x2e,
- 0xe3, 0x8e, 0x3c, 0xdb, 0xf8, 0x1a, 0x38, 0x1d, 0xbb, 0xb0, 0x68, 0x0f, 0x46, 0x0d, 0x5b, 0x5d,
- 0x32, 0xb7, 0x4c, 0x62, 0x94, 0xc6, 0x98, 0x8e, 0x7e, 0xd1, 0x12, 0xbb, 0xfc, 0x51, 0x2d, 0x9e,
- 0x87, 0x3c, 0x0e, 0xec, 0x83, 0xa3, 0xbf, 0x13, 0x00, 0x99, 0xb6, 0xae, 0x2b, 0xa4, 0x4b, 0x54,
- 0x4b, 0x52, 0xd8, 0x4b, 0x91, 0x59, 0x3a, 0xcf, 0x74, 0xfe, 0x69, 0xbf, 0x79, 0xc5, 0x04, 0xa3,
- 0xca, 0xbd, 0x27, 0xd9, 0x38, 0x2b, 0x4e, 0xd0, 0x4b, 0x5d, 0xbb, 0x6b, 0xb2, 0xbf, 0x4b, 0xe3,
- 0x03, 0xb9, 0x36, 0xf9, 0x45, 0xcc, 0x77, 0x2d, 0xa7, 0x63, 0x17, 0x16, 0x6d, 0xc3, 0xac, 0x41,
- 0xa4, 0xf6, 0xa6, 0xaa, 0xf4, 0xb0, 0xa6, 0x59, 0xf7, 0x64, 0x85, 0x98, 0x3d, 0xd3, 0x22, 0xdd,
- 0xd2, 0x04, 0x5b, 0x76, 0xef, 0x93, 0x01, 0x9c, 0xc8, 0x85, 0x53, 0xa4, 0x51, 0x17, 0xca, 0x6e,
- 0xc8, 0xa0, 0xe7, 0xc9, 0x8b, 0x59, 0x77, 0xcd, 0x96, 0xa4, 0x38, 0xaf, 0xd4, 0x93, 0x4c, 0xc1,
- 0x6b, 0xc7, 0x47, 0xe5, 0xf2, 0xca, 0xc9, 0xac, 0xb8, 0x1f, 0x16, 0xfa, 0x10, 0x4a, 0x52, 0x9a,
- 0x9e, 0x29, 0xa6, 0x67, 0x81, 0x4f, 0xa4, 0x94, 0xaa, 0x24, 0x15, 0x01, 0x59, 0x30, 0x25, 0x85,
- 0xbf, 0xa1, 0x34, 0x4b, 0xd3, 0x03, 0x3d, 0x95, 0x45, 0x3e, 0xbd, 0xf4, 0xaf, 0xcb, 0x11, 0x82,
- 0x89, 0x63, 0x1a, 0x58, 0x83, 0x9f, 0x3f, 0xf7, 0x9e, 0xcd, 0x17, 0x75, 0xc3, 0x35, 0xf8, 0x7d,
- 0xd3, 0x9e, 0x5b, 0x83, 0x3f, 0x00, 0x79, 0xf2, 0x03, 0xd3, 0xaf, 0x32, 0x30, 0xe3, 0x33, 0x0f,
- 0xdc, 0xe0, 0x4f, 0x10, 0x79, 0x61, 0x0d, 0xfe, 0xe4, 0x0e, 0x79, 0xf6, 0x45, 0x77, 0xc8, 0x5f,
- 0xc0, 0x87, 0x05, 0xac, 0xe9, 0xee, 0xbb, 0xee, 0x77, 0xaf, 0xe9, 0xee, 0xdb, 0x96, 0x52, 0x68,
- 0xfd, 0x57, 0x26, 0x38, 0x81, 0xdf, 0xfb, 0xce, 0xef, 0x8f, 0xff, 0xec, 0x50, 0xfc, 0x26, 0x0b,
- 0x53, 0xd1, 0xd3, 0x18, 0x6a, 0x10, 0x0a, 0x7d, 0x1b, 0x84, 0x75, 0xb8, 0xb0, 0x6b, 0x2b, 0x4a,
- 0x8f, 0xb9, 0x21, 0xd0, 0x25, 0x74, 0x1e, 0xf8, 0x5f, 0xe1, 0x92, 0x17, 0xee, 0x25, 0xf0, 0xe0,
- 0x44, 0xc9, 0x94, 0x66, 0x67, 0xf6, 0x54, 0xcd, 0xce, 0x58, 0xef, 0x2d, 0x37, 0x44, 0xef, 0x2d,
- 0xb1, 0x71, 0x99, 0x3f, 0x45, 0xe3, 0xf2, 0x34, 0x9d, 0xc6, 0x84, 0x20, 0xd6, 0xaf, 0xd3, 0x28,
- 0xbe, 0x02, 0x73, 0x5c, 0xcc, 0x62, 0x4d, 0x40, 0xd5, 0x32, 0x34, 0x45, 0x21, 0xc6, 0x8a, 0xdd,
- 0xed, 0xf6, 0xc4, 0xf7, 0x60, 0x22, 0xdc, 0xde, 0x76, 0x56, 0xda, 0xe9, 0xb0, 0xf3, 0x36, 0x4b,
- 0x60, 0xa5, 0x9d, 0x71, 0xec, 0x71, 0x88, 0x9f, 0x0a, 0x30, 0x9b, 0xfc, 0x19, 0x1b, 0x52, 0x60,
- 0xa2, 0x2b, 0x1d, 0x06, 0xbf, 0xf9, 0x13, 0x4e, 0x79, 0x83, 0x67, 0x7d, 0xcd, 0xf5, 0x10, 0x16,
- 0x8e, 0x60, 0xd3, 0x5b, 0xfd, 0xc5, 0x94, 0x8e, 0xe2, 0xd9, 0x5a, 0x82, 0x1e, 0x41, 0xb1, 0x2b,
- 0x1d, 0x36, 0x6c, 0xa3, 0x43, 0x4e, 0xfd, 0x66, 0xc1, 0x22, 0xc6, 0x3a, 0x47, 0xc1, 0x1e, 0x9e,
- 0xf8, 0x85, 0x00, 0xa5, 0xb4, 0xf2, 0x16, 0xdd, 0x0a, 0xf5, 0x3e, 0x5f, 0x8d, 0xf4, 0x3e, 0xa7,
- 0x63, 0x72, 0x2f, 0xa8, 0xf3, 0xf9, 0x9f, 0x02, 0xcc, 0x26, 0x97, 0xf9, 0xe8, 0xcd, 0x90, 0x85,
- 0xe5, 0x88, 0x85, 0x93, 0x11, 0x29, 0x6e, 0xdf, 0x5f, 0xc2, 0x04, 0xbf, 0x0c, 0x70, 0x18, 0xee,
- 0x55, 0x31, 0x29, 0x56, 0x72, 0x08, 0xb7, 0xf8, 0x65, 0xeb, 0x15, 0x1e, 0xc3, 0x11, 0x34, 0xf1,
- 0x6f, 0x33, 0x90, 0x6f, 0xb4, 0x24, 0x85, 0x9c, 0x41, 0x99, 0xf5, 0x7e, 0xa8, 0xcc, 0xea, 0xf7,
- 0x7d, 0x3e, 0xb3, 0x2a, 0xb5, 0xc2, 0xc2, 0x91, 0x0a, 0xeb, 0xf5, 0x81, 0xd0, 0x4e, 0x2e, 0xae,
- 0xfe, 0x08, 0x46, 0x3d, 0xa5, 0xc3, 0xc5, 0x7c, 0xf1, 0xdf, 0x32, 0x30, 0x16, 0x50, 0x31, 0x64,
- 0xc6, 0xd8, 0x0d, 0x65, 0xda, 0x41, 0xfe, 0x53, 0x27, 0xa0, 0xab, 0xe2, 0xe6, 0x56, 0xe7, 0x33,
- 0x36, 0xff, 0xc3, 0xa5, 0x78, 0xca, 0x7d, 0x0f, 0x26, 0x2c, 0xf6, 0x9f, 0x2c, 0xde, 0x4b, 0x5f,
- 0x96, 0xed, 0x45, 0xef, 0xe3, 0xc7, 0x66, 0x88, 0x8a, 0x23, 0xdc, 0x73, 0x77, 0x60, 0x3c, 0xa4,
- 0x6c, 0xa8, 0xaf, 0xd0, 0xfe, 0x5b, 0x80, 0x57, 0xfb, 0x5e, 0x14, 0x51, 0x2d, 0x74, 0x48, 0x2a,
- 0x91, 0x43, 0x32, 0x9f, 0x0e, 0xf0, 0x02, 0xbf, 0x66, 0xf8, 0x34, 0x03, 0xa8, 0xb9, 0x27, 0x1b,
- 0xed, 0xba, 0x64, 0x58, 0x3d, 0xcc, 0xff, 0x1d, 0xe9, 0x0c, 0x0e, 0xcc, 0x2d, 0x18, 0x6b, 0x13,
- 0xb3, 0x65, 0xc8, 0xcc, 0x39, 0xbc, 0x3a, 0xf7, 0x1e, 0x53, 0x56, 0x7c, 0x12, 0x0e, 0xf2, 0xa1,
- 0x0f, 0xa0, 0x78, 0xe0, 0xfc, 0x9b, 0x9c, 0xdb, 0x5a, 0xeb, 0x57, 0x48, 0xfa, 0xff, 0x58, 0xe7,
- 0xef, 0x1f, 0x3e, 0x60, 0x62, 0x0f, 0x4c, 0xfc, 0x5c, 0x80, 0xd9, 0xb8, 0x23, 0x56, 0xa8, 0xa9,
- 0x2f, 0xde, 0x19, 0xaf, 0x40, 0x8e, 0xa1, 0x53, 0x2f, 0x9c, 0x77, 0xde, 0xb5, 0xa9, 0x66, 0xcc,
- 0x46, 0xc5, 0x9f, 0x0b, 0x30, 0x97, 0x6c, 0xda, 0x19, 0x94, 0xed, 0x8f, 0xc2, 0x65, 0x7b, 0xbf,
- 0xb7, 0x8a, 0x64, 0x3b, 0x53, 0x4a, 0xf8, 0x9f, 0x25, 0xfa, 0xfc, 0x0c, 0x26, 0xb5, 0x1d, 0x9e,
- 0xd4, 0xcd, 0xa1, 0x27, 0x95, 0x3c, 0xa1, 0xda, 0x8d, 0xa7, 0xdf, 0xcf, 0x9f, 0xfb, 0xf6, 0xfb,
- 0xf9, 0x73, 0xdf, 0x7d, 0x3f, 0x7f, 0xee, 0x6f, 0x8e, 0xe7, 0x85, 0xa7, 0xc7, 0xf3, 0xc2, 0xb7,
- 0xc7, 0xf3, 0xc2, 0x77, 0xc7, 0xf3, 0xc2, 0x2f, 0x8f, 0xe7, 0x85, 0x7f, 0xfc, 0x61, 0xfe, 0xdc,
- 0xa3, 0x02, 0xc7, 0xfd, 0x6d, 0x00, 0x00, 0x00, 0xff, 0xff, 0x71, 0x2c, 0x3f, 0x48, 0xe6, 0x3b,
+ // 3634 bytes of a gzipped FileDescriptorProto
+ 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xdc, 0x5b, 0xcd, 0x6f, 0x23, 0xc9,
+ 0x75, 0x9f, 0xe6, 0x87, 0x48, 0x3d, 0x8d, 0xbe, 0x4a, 0xb3, 0x12, 0xad, 0xdd, 0x11, 0xe5, 0x5e,
+ 0x60, 0x32, 0xbb, 0xd9, 0x25, 0x77, 0xb4, 0x3b, 0xeb, 0xcd, 0x2e, 0x62, 0x47, 0x94, 0xe6, 0x43,
+ 0x8e, 0x3e, 0xb8, 0x45, 0x4a, 0x4e, 0x16, 0x1e, 0x67, 0x5b, 0x64, 0x89, 0xea, 0x51, 0xb3, 0xbb,
+ 0xdd, 0x5d, 0x2d, 0x8b, 0x97, 0x20, 0x87, 0xc0, 0x40, 0x80, 0x04, 0x49, 0x0e, 0x0e, 0x1c, 0x20,
+ 0x87, 0xf8, 0x92, 0x53, 0x82, 0xf8, 0x96, 0x1c, 0x0c, 0x03, 0x01, 0x1c, 0x60, 0x10, 0x38, 0x81,
+ 0x4f, 0x89, 0x4f, 0x42, 0x56, 0x3e, 0xe6, 0x1f, 0x08, 0xe6, 0x10, 0x04, 0x55, 0x5d, 0xfd, 0xdd,
+ 0x2d, 0x92, 0xda, 0x91, 0x10, 0xe4, 0xc6, 0xae, 0xf7, 0xde, 0xef, 0xbd, 0x7a, 0x55, 0xf5, 0xde,
+ 0xab, 0x0f, 0xc2, 0xe3, 0x93, 0x8f, 0xec, 0x9a, 0x6a, 0xd4, 0x4f, 0x9c, 0x43, 0x62, 0xe9, 0x84,
+ 0x12, 0xbb, 0x7e, 0x4a, 0xf4, 0xae, 0x61, 0xd5, 0x05, 0x41, 0x31, 0xd5, 0x3a, 0x39, 0xa3, 0x44,
+ 0xb7, 0x55, 0x43, 0xb7, 0xeb, 0xa7, 0x0f, 0x0e, 0x09, 0x55, 0x1e, 0xd4, 0x7b, 0x44, 0x27, 0x96,
+ 0x42, 0x49, 0xb7, 0x66, 0x5a, 0x06, 0x35, 0xd0, 0x5d, 0x97, 0xbd, 0xa6, 0x98, 0x6a, 0x2d, 0x60,
+ 0xaf, 0x09, 0xf6, 0xe5, 0x77, 0x7b, 0x2a, 0x3d, 0x76, 0x0e, 0x6b, 0x1d, 0xa3, 0x5f, 0xef, 0x19,
+ 0x3d, 0xa3, 0xce, 0xa5, 0x0e, 0x9d, 0x23, 0xfe, 0xc5, 0x3f, 0xf8, 0x2f, 0x17, 0x6d, 0x59, 0x0e,
+ 0x29, 0xef, 0x18, 0x16, 0xa9, 0x9f, 0x26, 0x34, 0x2e, 0xbf, 0x15, 0xe2, 0x31, 0x0d, 0x4d, 0xed,
+ 0x0c, 0xb2, 0x8c, 0x5b, 0xfe, 0x20, 0x60, 0xed, 0x2b, 0x9d, 0x63, 0x55, 0x27, 0xd6, 0xa0, 0x6e,
+ 0x9e, 0xf4, 0xb8, 0xac, 0x45, 0x6c, 0xc3, 0xb1, 0x3a, 0x64, 0x2c, 0x29, 0xbb, 0xde, 0x27, 0x54,
+ 0x49, 0x33, 0xab, 0x9e, 0x25, 0x65, 0x39, 0x3a, 0x55, 0xfb, 0x49, 0x35, 0x1f, 0x0e, 0x13, 0xb0,
+ 0x3b, 0xc7, 0xa4, 0xaf, 0x24, 0xe4, 0xde, 0xcf, 0x92, 0x73, 0xa8, 0xaa, 0xd5, 0x55, 0x9d, 0xda,
+ 0xd4, 0x8a, 0x0b, 0xc9, 0x35, 0x80, 0xf5, 0xe6, 0xd6, 0x01, 0xb1, 0xd8, 0xf0, 0xa0, 0x55, 0x28,
+ 0xe8, 0x4a, 0x9f, 0x54, 0xa4, 0x55, 0xe9, 0xfe, 0x64, 0xe3, 0xf6, 0x8b, 0xf3, 0xea, 0xad, 0x8b,
+ 0xf3, 0x6a, 0x61, 0x57, 0xe9, 0x13, 0xcc, 0x29, 0xf2, 0x23, 0x98, 0x5d, 0xd7, 0x34, 0xe3, 0x7b,
+ 0xa4, 0xfb, 0xd4, 0xb0, 0x69, 0x53, 0xa1, 0xc7, 0x68, 0x0d, 0xc0, 0x54, 0xe8, 0x71, 0xd3, 0x22,
+ 0x47, 0xea, 0x99, 0x10, 0x45, 0x42, 0x14, 0x9a, 0x3e, 0x05, 0x87, 0xb8, 0xe4, 0xbf, 0x94, 0xe0,
+ 0x2b, 0x1b, 0x8e, 0x4d, 0x8d, 0xfe, 0x0e, 0xa1, 0x96, 0xda, 0xd9, 0x70, 0x2c, 0x8b, 0xe8, 0xb4,
+ 0x45, 0x15, 0xea, 0xd8, 0xc3, 0xcd, 0x40, 0x9f, 0x41, 0xf1, 0x54, 0xd1, 0x1c, 0x52, 0xc9, 0xad,
+ 0x4a, 0xf7, 0xa7, 0xd6, 0x6a, 0xb5, 0x60, 0xb6, 0xf9, 0x7d, 0xaf, 0x99, 0x27, 0x3d, 0x3e, 0xfd,
+ 0xbc, 0x01, 0xad, 0x7d, 0xea, 0x28, 0x3a, 0x55, 0xe9, 0xa0, 0x71, 0x47, 0x40, 0xde, 0x16, 0x7a,
+ 0x0f, 0x18, 0x16, 0x76, 0x21, 0xe5, 0xdf, 0x87, 0xbb, 0x99, 0xa6, 0x6d, 0xab, 0x36, 0x45, 0xcf,
+ 0xa0, 0xa8, 0x52, 0xd2, 0xb7, 0x2b, 0xd2, 0x6a, 0xfe, 0xfe, 0xd4, 0xda, 0x47, 0xb5, 0x4b, 0xa7,
+ 0x7a, 0x2d, 0x13, 0xac, 0x31, 0x2d, 0xcc, 0x28, 0x6e, 0x31, 0x38, 0xec, 0xa2, 0xca, 0x7f, 0x2e,
+ 0x01, 0x0a, 0xcb, 0xb4, 0x15, 0xab, 0x47, 0xe8, 0x08, 0x4e, 0xf9, 0xdd, 0x2f, 0xe7, 0x94, 0x05,
+ 0x01, 0x39, 0xe5, 0x2a, 0x8c, 0xf8, 0xc4, 0x84, 0xc5, 0xa4, 0x49, 0xdc, 0x19, 0x07, 0x51, 0x67,
+ 0x3c, 0x18, 0xc3, 0x19, 0x2e, 0x4a, 0x86, 0x17, 0x7e, 0x90, 0x83, 0xc9, 0x4d, 0x85, 0xf4, 0x0d,
+ 0xbd, 0x45, 0x28, 0xfa, 0x1c, 0xca, 0x6c, 0x7d, 0x75, 0x15, 0xaa, 0x70, 0x07, 0x4c, 0xad, 0xbd,
+ 0x77, 0x59, 0xef, 0xec, 0x1a, 0xe3, 0xae, 0x9d, 0x3e, 0xa8, 0xed, 0x1d, 0x3e, 0x27, 0x1d, 0xba,
+ 0x43, 0xa8, 0x12, 0xcc, 0xc9, 0xa0, 0x0d, 0xfb, 0xa8, 0x68, 0x17, 0x0a, 0xb6, 0x49, 0x3a, 0xc2,
+ 0x77, 0xef, 0x0c, 0xe9, 0x86, 0x6f, 0x59, 0xcb, 0x24, 0x9d, 0x60, 0x30, 0xd8, 0x17, 0xe6, 0x38,
+ 0xe8, 0x00, 0x26, 0x6c, 0x3e, 0xca, 0x95, 0x7c, 0x62, 0x34, 0x2e, 0x47, 0x74, 0xe7, 0xc6, 0x8c,
+ 0xc0, 0x9c, 0x70, 0xbf, 0xb1, 0x40, 0x93, 0x7f, 0x22, 0xc1, 0xb4, 0xcf, 0xcb, 0x47, 0xe0, 0xdb,
+ 0x09, 0xdf, 0xd4, 0x46, 0xf3, 0x0d, 0x93, 0xe6, 0x9e, 0x99, 0x13, 0xba, 0xca, 0x5e, 0x4b, 0xc8,
+ 0x2f, 0x3b, 0xde, 0xf8, 0xe6, 0xf8, 0xf8, 0xde, 0x1f, 0xb5, 0x1b, 0x19, 0xc3, 0xfa, 0x17, 0x85,
+ 0x90, 0xf9, 0xcc, 0x5d, 0xe8, 0x19, 0x94, 0x6d, 0xa2, 0x91, 0x0e, 0x35, 0x2c, 0x61, 0xfe, 0xfb,
+ 0x23, 0x9a, 0xaf, 0x1c, 0x12, 0xad, 0x25, 0x44, 0x1b, 0xb7, 0x99, 0xfd, 0xde, 0x17, 0xf6, 0x21,
+ 0xd1, 0xa7, 0x50, 0xa6, 0xa4, 0x6f, 0x6a, 0x0a, 0xf5, 0xd6, 0xc5, 0x9b, 0xe1, 0x2e, 0xb0, 0x64,
+ 0xc2, 0xc0, 0x9a, 0x46, 0xb7, 0x2d, 0xd8, 0xf8, 0x90, 0xfa, 0x2e, 0xf1, 0x5a, 0xb1, 0x0f, 0x83,
+ 0x4e, 0x61, 0xc6, 0x31, 0xbb, 0x8c, 0x93, 0xb2, 0x50, 0xda, 0x1b, 0x88, 0x21, 0xfe, 0x70, 0x54,
+ 0xdf, 0xec, 0x47, 0xa4, 0x1b, 0x8b, 0x42, 0xd7, 0x4c, 0xb4, 0x1d, 0xc7, 0xb4, 0xa0, 0x75, 0x98,
+ 0xed, 0xab, 0x3a, 0x26, 0x4a, 0x77, 0xd0, 0x22, 0x1d, 0x43, 0xef, 0xda, 0x95, 0xc2, 0xaa, 0x74,
+ 0xbf, 0xd8, 0x58, 0x12, 0x00, 0xb3, 0x3b, 0x51, 0x32, 0x8e, 0xf3, 0xa3, 0x6f, 0x02, 0xf2, 0xba,
+ 0xf1, 0xc4, 0xcd, 0x04, 0xaa, 0xa1, 0x57, 0x8a, 0xab, 0xd2, 0xfd, 0x7c, 0x63, 0x59, 0xa0, 0xa0,
+ 0x76, 0x82, 0x03, 0xa7, 0x48, 0xa1, 0x6d, 0xb8, 0x63, 0x91, 0x53, 0x95, 0xf5, 0xf1, 0xa9, 0x6a,
+ 0x53, 0xc3, 0x1a, 0x6c, 0xab, 0x7d, 0x95, 0x56, 0x26, 0xb8, 0x4d, 0x95, 0x8b, 0xf3, 0xea, 0x1d,
+ 0x9c, 0x42, 0xc7, 0xa9, 0x52, 0xf2, 0x8f, 0x8b, 0x30, 0x1b, 0x5b, 0x03, 0xe8, 0x00, 0x16, 0x3b,
+ 0x6e, 0xc0, 0xdc, 0x75, 0xfa, 0x87, 0xc4, 0x6a, 0x75, 0x8e, 0x49, 0xd7, 0xd1, 0x48, 0x97, 0x4f,
+ 0x94, 0x62, 0x63, 0x45, 0x58, 0xbc, 0xb8, 0x91, 0xca, 0x85, 0x33, 0xa4, 0x99, 0x17, 0x74, 0xde,
+ 0xb4, 0xa3, 0xda, 0xb6, 0x8f, 0x99, 0xe3, 0x98, 0xbe, 0x17, 0x76, 0x13, 0x1c, 0x38, 0x45, 0x8a,
+ 0xd9, 0xd8, 0x25, 0xb6, 0x6a, 0x91, 0x6e, 0xdc, 0xc6, 0x7c, 0xd4, 0xc6, 0xcd, 0x54, 0x2e, 0x9c,
+ 0x21, 0x8d, 0x1e, 0xc2, 0x94, 0xab, 0x8d, 0x8f, 0x9f, 0x18, 0x68, 0x3f, 0x44, 0xef, 0x06, 0x24,
+ 0x1c, 0xe6, 0x63, 0x5d, 0x33, 0x0e, 0x6d, 0x62, 0x9d, 0x92, 0x6e, 0xf6, 0x00, 0xef, 0x25, 0x38,
+ 0x70, 0x8a, 0x14, 0xeb, 0x9a, 0x3b, 0x03, 0x13, 0x5d, 0x9b, 0x88, 0x76, 0x6d, 0x3f, 0x95, 0x0b,
+ 0x67, 0x48, 0xb3, 0x79, 0xec, 0x9a, 0xbc, 0x7e, 0xaa, 0xa8, 0x9a, 0x72, 0xa8, 0x91, 0x4a, 0x29,
+ 0x3a, 0x8f, 0x77, 0xa3, 0x64, 0x1c, 0xe7, 0x47, 0x4f, 0x60, 0xde, 0x6d, 0xda, 0xd7, 0x15, 0x1f,
+ 0xa4, 0xcc, 0x41, 0xbe, 0x22, 0x40, 0xe6, 0x77, 0xe3, 0x0c, 0x38, 0x29, 0x83, 0x3e, 0x86, 0x99,
+ 0x8e, 0xa1, 0x69, 0x7c, 0x3e, 0x6e, 0x18, 0x8e, 0x4e, 0x2b, 0x93, 0x1c, 0x05, 0xb1, 0xf5, 0xb8,
+ 0x11, 0xa1, 0xe0, 0x18, 0xa7, 0xfc, 0x2f, 0x12, 0x2c, 0x65, 0xac, 0x69, 0xf4, 0x0d, 0x28, 0xd0,
+ 0x81, 0xe9, 0x65, 0xeb, 0x5f, 0xf7, 0x12, 0x44, 0x7b, 0x60, 0x92, 0x97, 0xe7, 0xd5, 0xd7, 0x33,
+ 0xc4, 0x18, 0x19, 0x73, 0x41, 0xa4, 0xc3, 0xb4, 0xc5, 0xd4, 0xe9, 0x3d, 0x97, 0x45, 0x04, 0xaf,
+ 0x87, 0x43, 0x62, 0x0c, 0x0e, 0xcb, 0x04, 0xc1, 0x78, 0xfe, 0xe2, 0xbc, 0x3a, 0x1d, 0xa1, 0xe1,
+ 0x28, 0xbc, 0xfc, 0xc3, 0x1c, 0xc0, 0x26, 0x31, 0x35, 0x63, 0xd0, 0x27, 0xfa, 0x4d, 0x24, 0xdc,
+ 0xbd, 0x48, 0xc2, 0x7d, 0x77, 0x58, 0xec, 0xf4, 0x4d, 0xcb, 0xcc, 0xb8, 0xdf, 0x8a, 0x65, 0xdc,
+ 0xfa, 0xe8, 0x90, 0x97, 0xa7, 0xdc, 0xff, 0xc8, 0xc3, 0x42, 0xc0, 0xbc, 0x61, 0xe8, 0x5d, 0x95,
+ 0xaf, 0x8f, 0x4f, 0x22, 0x63, 0xfc, 0x6b, 0xb1, 0x31, 0x5e, 0x4a, 0x11, 0x09, 0x8d, 0xef, 0xb6,
+ 0x6f, 0x6d, 0x8e, 0x8b, 0x7f, 0x10, 0x55, 0xfe, 0xf2, 0xbc, 0x9a, 0xb2, 0xe7, 0xa9, 0xf9, 0x48,
+ 0x51, 0x13, 0xd1, 0x3d, 0x98, 0xb0, 0x88, 0x62, 0x1b, 0x3a, 0x0f, 0x14, 0x93, 0x41, 0x57, 0x30,
+ 0x6f, 0xc5, 0x82, 0x8a, 0xde, 0x82, 0x52, 0x9f, 0xd8, 0xb6, 0xd2, 0x23, 0x3c, 0x26, 0x4c, 0x36,
+ 0x66, 0x05, 0x63, 0x69, 0xc7, 0x6d, 0xc6, 0x1e, 0x1d, 0x3d, 0x87, 0x19, 0x4d, 0xb1, 0xc5, 0x04,
+ 0x6d, 0xab, 0x7d, 0xc2, 0x57, 0xfd, 0xd4, 0xda, 0xdb, 0xa3, 0xcd, 0x03, 0x26, 0x11, 0x64, 0xb6,
+ 0xed, 0x08, 0x12, 0x8e, 0x21, 0xa3, 0x53, 0x40, 0xac, 0xa5, 0x6d, 0x29, 0xba, 0xed, 0x3a, 0x8a,
+ 0xe9, 0x2b, 0x8d, 0xad, 0xcf, 0x8f, 0x70, 0xdb, 0x09, 0x34, 0x9c, 0xa2, 0x41, 0xfe, 0xa9, 0x04,
+ 0x33, 0xc1, 0x30, 0xdd, 0x40, 0x35, 0xb5, 0x1b, 0xad, 0xa6, 0xde, 0x1a, 0x79, 0x8a, 0x66, 0x94,
+ 0x53, 0xff, 0x9d, 0x03, 0x14, 0x30, 0xb1, 0x05, 0x7e, 0xa8, 0x74, 0x4e, 0x46, 0xd8, 0x2b, 0xfc,
+ 0x40, 0x02, 0x24, 0xc2, 0xf3, 0xba, 0xae, 0x1b, 0x94, 0x47, 0x7c, 0xcf, 0xac, 0xad, 0x91, 0xcd,
+ 0xf2, 0x34, 0xd6, 0xf6, 0x13, 0x58, 0x8f, 0x74, 0x6a, 0x0d, 0x82, 0x11, 0x49, 0x32, 0xe0, 0x14,
+ 0x03, 0x90, 0x02, 0x60, 0x09, 0xcc, 0xb6, 0x21, 0x16, 0xf2, 0xbb, 0x23, 0xc4, 0x3c, 0x26, 0xb0,
+ 0x61, 0xe8, 0x47, 0x6a, 0x2f, 0x08, 0x3b, 0xd8, 0x07, 0xc2, 0x21, 0xd0, 0xe5, 0x47, 0xb0, 0x94,
+ 0x61, 0x2d, 0x9a, 0x83, 0xfc, 0x09, 0x19, 0xb8, 0x6e, 0xc3, 0xec, 0x27, 0xba, 0x13, 0xde, 0x53,
+ 0x4d, 0x8a, 0xed, 0xd0, 0xc7, 0xb9, 0x8f, 0x24, 0xf9, 0x27, 0xc5, 0xf0, 0xdc, 0xe1, 0xa5, 0xec,
+ 0x7d, 0x28, 0x5b, 0xc4, 0xd4, 0xd4, 0x8e, 0x62, 0x8b, 0x0a, 0x85, 0x57, 0xa5, 0x58, 0xb4, 0x61,
+ 0x9f, 0x1a, 0x29, 0x7a, 0x73, 0xd7, 0x5b, 0xf4, 0xe6, 0x5f, 0x4d, 0xd1, 0xfb, 0x7b, 0x50, 0xb6,
+ 0xbd, 0x72, 0xb7, 0xc0, 0x21, 0x1f, 0x8c, 0x11, 0x5f, 0x45, 0xa5, 0xeb, 0x2b, 0xf0, 0x6b, 0x5c,
+ 0x1f, 0x34, 0xad, 0xba, 0x2d, 0x8e, 0x59, 0xdd, 0xbe, 0xd2, 0x8a, 0x94, 0xc5, 0x54, 0x53, 0x71,
+ 0x6c, 0xd2, 0xe5, 0x81, 0xa8, 0x1c, 0xc4, 0xd4, 0x26, 0x6f, 0xc5, 0x82, 0x8a, 0x9e, 0x45, 0xa6,
+ 0x6c, 0xf9, 0x2a, 0x53, 0x76, 0x26, 0x7b, 0xba, 0xa2, 0x7d, 0x58, 0x32, 0x2d, 0xa3, 0x67, 0x11,
+ 0xdb, 0xde, 0x24, 0x4a, 0x57, 0x53, 0x75, 0xe2, 0xf9, 0xc7, 0x2d, 0x55, 0x5e, 0xbf, 0x38, 0xaf,
+ 0x2e, 0x35, 0xd3, 0x59, 0x70, 0x96, 0xac, 0xfc, 0xa2, 0x00, 0x73, 0xf1, 0x0c, 0x98, 0x51, 0x3d,
+ 0x4a, 0x57, 0xaa, 0x1e, 0xdf, 0x09, 0x2d, 0x06, 0xb7, 0xb4, 0xf6, 0x47, 0x3f, 0x65, 0x41, 0xac,
+ 0xc3, 0xac, 0x88, 0x06, 0x1e, 0x51, 0xd4, 0xcf, 0xfe, 0xe8, 0xef, 0x47, 0xc9, 0x38, 0xce, 0xcf,
+ 0x6a, 0xc2, 0xa0, 0xd4, 0xf3, 0x40, 0x0a, 0xd1, 0x9a, 0x70, 0x3d, 0xce, 0x80, 0x93, 0x32, 0x68,
+ 0x07, 0x16, 0x1c, 0x3d, 0x09, 0xe5, 0xce, 0xc6, 0xd7, 0x05, 0xd4, 0xc2, 0x7e, 0x92, 0x05, 0xa7,
+ 0xc9, 0xa1, 0x23, 0x80, 0x8e, 0x97, 0xb6, 0xed, 0xca, 0x04, 0x8f, 0xb0, 0x6b, 0x23, 0xaf, 0x1d,
+ 0x3f, 0xe3, 0x07, 0x71, 0xcd, 0x6f, 0xb2, 0x71, 0x08, 0x19, 0x7d, 0x02, 0xd3, 0x16, 0xdf, 0x10,
+ 0x78, 0x06, 0xbb, 0x45, 0xf5, 0x6b, 0x42, 0x6c, 0x1a, 0x87, 0x89, 0x38, 0xca, 0x9b, 0x52, 0x07,
+ 0x97, 0x47, 0xae, 0x83, 0xff, 0x49, 0x0a, 0x27, 0x21, 0xbf, 0x04, 0xfe, 0x38, 0x52, 0x1e, 0xdd,
+ 0x8b, 0x95, 0x47, 0x8b, 0x49, 0x89, 0x50, 0x75, 0x64, 0xa4, 0x57, 0xbf, 0x1f, 0x8e, 0x55, 0xfd,
+ 0x06, 0xc9, 0x73, 0x78, 0xf9, 0xfb, 0x23, 0x09, 0x16, 0x1f, 0xb7, 0x9e, 0x58, 0x86, 0x63, 0x7a,
+ 0xe6, 0xec, 0x99, 0xae, 0x5f, 0xbf, 0x06, 0x05, 0xcb, 0xd1, 0xbc, 0x7e, 0xbc, 0xe9, 0xf5, 0x03,
+ 0x3b, 0x1a, 0xeb, 0xc7, 0x42, 0x4c, 0xca, 0xed, 0x04, 0x13, 0x40, 0xbb, 0x30, 0x61, 0x29, 0x7a,
+ 0x8f, 0x78, 0x69, 0xf5, 0xde, 0x10, 0xeb, 0xb7, 0x36, 0x31, 0x63, 0x0f, 0x15, 0x6f, 0x5c, 0x1a,
+ 0x0b, 0x14, 0xf9, 0x4f, 0x24, 0x98, 0x7d, 0xda, 0x6e, 0x37, 0xb7, 0x74, 0xbe, 0xa2, 0xf9, 0xe1,
+ 0xeb, 0x2a, 0x14, 0x4c, 0x85, 0x1e, 0xc7, 0x33, 0x3d, 0xa3, 0x61, 0x4e, 0x41, 0xbf, 0x03, 0x25,
+ 0x16, 0x49, 0x88, 0xde, 0x1d, 0xb1, 0xd4, 0x16, 0xf0, 0x0d, 0x57, 0x28, 0xa8, 0x10, 0x45, 0x03,
+ 0xf6, 0xe0, 0xe4, 0x13, 0xb8, 0x13, 0x32, 0x87, 0xf9, 0x83, 0x9f, 0x19, 0xa2, 0x16, 0x14, 0x99,
+ 0x66, 0xef, 0x48, 0x70, 0xd8, 0xc9, 0x57, 0xac, 0x4b, 0x41, 0xa5, 0xc3, 0xbe, 0x6c, 0xec, 0x62,
+ 0xc9, 0x3b, 0x30, 0xcd, 0x4f, 0x9c, 0x0d, 0x8b, 0x72, 0xb7, 0xa0, 0xbb, 0x90, 0xef, 0xab, 0xba,
+ 0xc8, 0xb3, 0x53, 0x42, 0x26, 0xcf, 0x72, 0x04, 0x6b, 0xe7, 0x64, 0xe5, 0x4c, 0x44, 0x9e, 0x80,
+ 0xac, 0x9c, 0x61, 0xd6, 0x2e, 0x3f, 0x81, 0x92, 0x70, 0x77, 0x18, 0x28, 0x7f, 0x39, 0x50, 0x3e,
+ 0x05, 0x68, 0x0f, 0x4a, 0x5b, 0xcd, 0x86, 0x66, 0xb8, 0x55, 0x57, 0x47, 0xed, 0x5a, 0xf1, 0xb1,
+ 0xd8, 0xd8, 0xda, 0xc4, 0x98, 0x53, 0x90, 0x0c, 0x13, 0xe4, 0xac, 0x43, 0x4c, 0xca, 0x67, 0xc4,
+ 0x64, 0x03, 0xd8, 0x28, 0x3f, 0xe2, 0x2d, 0x58, 0x50, 0xe4, 0x3f, 0xcd, 0x41, 0x49, 0xb8, 0xe3,
+ 0x06, 0x76, 0x61, 0xdb, 0x91, 0x5d, 0xd8, 0xdb, 0xa3, 0x4d, 0x8d, 0xcc, 0x2d, 0x58, 0x3b, 0xb6,
+ 0x05, 0x7b, 0x67, 0x44, 0xbc, 0xcb, 0xf7, 0x5f, 0x3f, 0x96, 0x60, 0x26, 0x3a, 0x29, 0xd1, 0x43,
+ 0x98, 0x62, 0x09, 0x47, 0xed, 0x90, 0xdd, 0xa0, 0xce, 0xf5, 0x4f, 0x47, 0x5a, 0x01, 0x09, 0x87,
+ 0xf9, 0x50, 0xcf, 0x17, 0x63, 0xf3, 0x48, 0x74, 0x3a, 0xdb, 0xa5, 0x0e, 0x55, 0xb5, 0x9a, 0x7b,
+ 0x71, 0x52, 0xdb, 0xd2, 0xe9, 0x9e, 0xd5, 0xa2, 0x96, 0xaa, 0xf7, 0x12, 0x8a, 0xf8, 0xa4, 0x0c,
+ 0x23, 0xcb, 0xff, 0x28, 0xc1, 0x94, 0x30, 0xf9, 0x06, 0x76, 0x15, 0xbf, 0x1d, 0xdd, 0x55, 0xdc,
+ 0x1b, 0x71, 0x81, 0xa7, 0x6f, 0x29, 0xfe, 0x26, 0x30, 0x9d, 0x2d, 0x69, 0x36, 0xab, 0x8f, 0x0d,
+ 0x9b, 0xc6, 0x67, 0x35, 0x5b, 0x8c, 0x98, 0x53, 0x90, 0x03, 0x73, 0x6a, 0x2c, 0x06, 0x08, 0xd7,
+ 0xd6, 0x47, 0xb3, 0xc4, 0x17, 0x6b, 0x54, 0x04, 0xfc, 0x5c, 0x9c, 0x82, 0x13, 0x2a, 0x64, 0x02,
+ 0x09, 0x2e, 0xf4, 0x29, 0x14, 0x8e, 0x29, 0x35, 0x53, 0x0e, 0x92, 0x87, 0x44, 0x9e, 0xc0, 0x84,
+ 0x32, 0xef, 0x5d, 0xbb, 0xdd, 0xc4, 0x1c, 0x4a, 0xfe, 0x9f, 0xc0, 0x1f, 0x2d, 0x77, 0x8e, 0xfb,
+ 0xf1, 0x54, 0xba, 0x4a, 0x3c, 0x9d, 0x4a, 0x8b, 0xa5, 0xe8, 0x29, 0xe4, 0xa9, 0x36, 0xea, 0xb6,
+ 0x50, 0x20, 0xb6, 0xb7, 0x5b, 0x41, 0x40, 0x6a, 0x6f, 0xb7, 0x30, 0x83, 0x40, 0x7b, 0x50, 0x64,
+ 0xd9, 0x87, 0x2d, 0xc1, 0xfc, 0xe8, 0x4b, 0x9a, 0xf5, 0x3f, 0x98, 0x10, 0xec, 0xcb, 0xc6, 0x2e,
+ 0x8e, 0xfc, 0x5d, 0x98, 0x8e, 0xac, 0x53, 0xf4, 0x39, 0xdc, 0xd6, 0x0c, 0xa5, 0xdb, 0x50, 0x34,
+ 0x45, 0xef, 0x10, 0xef, 0xd4, 0xfe, 0x5e, 0xda, 0x0e, 0x63, 0x3b, 0xc4, 0x27, 0x56, 0xb9, 0x7f,
+ 0xf7, 0x16, 0xa6, 0xe1, 0x08, 0xa2, 0xac, 0x00, 0x04, 0x7d, 0x44, 0x55, 0x28, 0xb2, 0x79, 0xe6,
+ 0xe6, 0x93, 0xc9, 0xc6, 0x24, 0xb3, 0x90, 0x4d, 0x3f, 0x1b, 0xbb, 0xed, 0x68, 0x0d, 0xc0, 0x26,
+ 0x1d, 0x8b, 0x50, 0x1e, 0x0c, 0x72, 0xd1, 0x1b, 0xc8, 0x96, 0x4f, 0xc1, 0x21, 0x2e, 0xf9, 0x9f,
+ 0x25, 0x98, 0xde, 0x25, 0xf4, 0x7b, 0x86, 0x75, 0xd2, 0xe4, 0x97, 0xc5, 0x37, 0x10, 0x6c, 0x71,
+ 0x24, 0xd8, 0xbe, 0x37, 0x64, 0x64, 0x22, 0xd6, 0x65, 0x85, 0x5c, 0xf9, 0xa7, 0x12, 0x2c, 0x45,
+ 0x38, 0x1f, 0x05, 0x4b, 0x77, 0x1f, 0x8a, 0xa6, 0x61, 0x51, 0x2f, 0x11, 0x8f, 0xa5, 0x90, 0x85,
+ 0xb1, 0x50, 0x2a, 0x66, 0x30, 0xd8, 0x45, 0x43, 0xdb, 0x90, 0xa3, 0x86, 0x98, 0xaa, 0xe3, 0x61,
+ 0x12, 0x62, 0x35, 0x40, 0x60, 0xe6, 0xda, 0x06, 0xce, 0x51, 0x83, 0x0d, 0x44, 0x25, 0xc2, 0x15,
+ 0x0e, 0x3e, 0xd7, 0xd4, 0x03, 0x0c, 0x85, 0x23, 0xcb, 0xe8, 0x5f, 0xb9, 0x0f, 0xfe, 0x40, 0x3c,
+ 0xb6, 0x8c, 0x3e, 0xe6, 0x58, 0xf2, 0xcf, 0x24, 0x98, 0x8f, 0x70, 0xde, 0x40, 0xe0, 0xff, 0x34,
+ 0x1a, 0xf8, 0xdf, 0x19, 0xa7, 0x23, 0x19, 0xe1, 0xff, 0x67, 0xb9, 0x58, 0x37, 0x58, 0x87, 0xd1,
+ 0x11, 0x4c, 0x99, 0x46, 0xb7, 0xf5, 0x0a, 0xee, 0xe9, 0x66, 0x59, 0xde, 0x6c, 0x06, 0x58, 0x38,
+ 0x0c, 0x8c, 0xce, 0x60, 0x5e, 0x57, 0xfa, 0xc4, 0x36, 0x95, 0x0e, 0x69, 0xbd, 0x82, 0x03, 0x92,
+ 0xd7, 0xf8, 0x45, 0x40, 0x1c, 0x11, 0x27, 0x95, 0xa0, 0x1d, 0x28, 0xa9, 0x26, 0xaf, 0xe3, 0x44,
+ 0xed, 0x32, 0x34, 0x8b, 0xba, 0x55, 0x9f, 0x1b, 0xcf, 0xc5, 0x07, 0xf6, 0x30, 0xe4, 0xbf, 0x8d,
+ 0xcf, 0x06, 0x36, 0xff, 0xd0, 0x13, 0x28, 0xf3, 0x67, 0x17, 0x1d, 0x43, 0xf3, 0x6e, 0x06, 0xd8,
+ 0xc8, 0x36, 0x45, 0xdb, 0xcb, 0xf3, 0xea, 0xeb, 0x29, 0x87, 0xbe, 0x1e, 0x19, 0xfb, 0xc2, 0x68,
+ 0x17, 0x0a, 0xe6, 0x97, 0xa9, 0x60, 0x78, 0x92, 0xe3, 0x65, 0x0b, 0xc7, 0x91, 0xff, 0x30, 0x1f,
+ 0x33, 0x97, 0xa7, 0xba, 0xe7, 0xaf, 0x6c, 0xd4, 0xfd, 0x8a, 0x29, 0x73, 0xe4, 0x0f, 0xa1, 0x24,
+ 0x32, 0xbc, 0x98, 0xcc, 0x5f, 0x1b, 0x67, 0x32, 0x87, 0xb3, 0x98, 0xbf, 0x61, 0xf1, 0x1a, 0x3d,
+ 0x60, 0xf4, 0x1d, 0x98, 0x20, 0xae, 0x0a, 0x37, 0x37, 0x7e, 0x38, 0x8e, 0x8a, 0x20, 0xae, 0x06,
+ 0x85, 0xaa, 0x68, 0x13, 0xa8, 0xe8, 0x1b, 0xcc, 0x5f, 0x8c, 0x97, 0x6d, 0x02, 0xed, 0x4a, 0x81,
+ 0xa7, 0xab, 0xbb, 0x6e, 0xb7, 0xfd, 0xe6, 0x97, 0xe7, 0x55, 0x08, 0x3e, 0x71, 0x58, 0x42, 0xfe,
+ 0x57, 0x09, 0xe6, 0xb9, 0x87, 0x3a, 0x8e, 0xa5, 0xd2, 0xc1, 0x8d, 0x25, 0xa6, 0x83, 0x48, 0x62,
+ 0xfa, 0x60, 0x88, 0x5b, 0x12, 0x16, 0x66, 0x26, 0xa7, 0x9f, 0x4b, 0xf0, 0x5a, 0x82, 0xfb, 0x06,
+ 0xe2, 0xe2, 0x7e, 0x34, 0x2e, 0xbe, 0x37, 0x6e, 0x87, 0x32, 0x62, 0xe3, 0x5f, 0xdd, 0x4e, 0xe9,
+ 0x0e, 0x5f, 0x29, 0x6b, 0x00, 0xa6, 0xa5, 0x9e, 0xaa, 0x1a, 0xe9, 0x89, 0xdb, 0xe9, 0x72, 0xe8,
+ 0x0d, 0x94, 0x4f, 0xc1, 0x21, 0x2e, 0x64, 0xc3, 0x62, 0x97, 0x1c, 0x29, 0x8e, 0x46, 0xd7, 0xbb,
+ 0xdd, 0x0d, 0xc5, 0x54, 0x0e, 0x55, 0x4d, 0xa5, 0xaa, 0x38, 0x2e, 0x98, 0x6c, 0x7c, 0xe2, 0xde,
+ 0x1a, 0xa7, 0x71, 0xbc, 0x3c, 0xaf, 0xde, 0x4d, 0xbb, 0x1d, 0xf2, 0x58, 0x06, 0x38, 0x03, 0x1a,
+ 0x0d, 0xa0, 0x62, 0x91, 0xef, 0x3a, 0xaa, 0x45, 0xba, 0x9b, 0x96, 0x61, 0x46, 0xd4, 0xe6, 0xb9,
+ 0xda, 0xdf, 0xbc, 0x38, 0xaf, 0x56, 0x70, 0x06, 0xcf, 0x70, 0xc5, 0x99, 0xf0, 0xe8, 0x39, 0x2c,
+ 0x28, 0xee, 0xd3, 0xb1, 0x88, 0x56, 0x77, 0x95, 0x7c, 0x74, 0x71, 0x5e, 0x5d, 0x58, 0x4f, 0x92,
+ 0x87, 0x2b, 0x4c, 0x03, 0x45, 0x75, 0x28, 0x9d, 0x1a, 0x9a, 0xd3, 0x27, 0x76, 0xa5, 0xc8, 0xf1,
+ 0x59, 0x22, 0x28, 0x1d, 0xb8, 0x4d, 0x2f, 0xcf, 0xab, 0x13, 0x8f, 0x5b, 0x7c, 0xf5, 0x79, 0x5c,
+ 0x6c, 0x43, 0xc9, 0x6a, 0x49, 0xb1, 0xe2, 0xf9, 0x89, 0x71, 0x39, 0x88, 0x5a, 0x4f, 0x03, 0x12,
+ 0x0e, 0xf3, 0xa1, 0x67, 0x30, 0x79, 0x2c, 0x4e, 0x25, 0xec, 0x4a, 0x69, 0xa4, 0x24, 0x1c, 0x39,
+ 0xc5, 0x68, 0xcc, 0x0b, 0x15, 0x93, 0x5e, 0xb3, 0x8d, 0x03, 0x44, 0xf4, 0x16, 0x94, 0xf8, 0xc7,
+ 0xd6, 0x26, 0x3f, 0x8e, 0x2b, 0x07, 0xb1, 0xed, 0xa9, 0xdb, 0x8c, 0x3d, 0xba, 0xc7, 0xba, 0xd5,
+ 0xdc, 0xe0, 0xc7, 0xc2, 0x31, 0xd6, 0xad, 0xe6, 0x06, 0xf6, 0xe8, 0xe8, 0x73, 0x28, 0xd9, 0x64,
+ 0x5b, 0xd5, 0x9d, 0xb3, 0x0a, 0x8c, 0x74, 0xa9, 0xdc, 0x7a, 0xc4, 0xb9, 0x63, 0x07, 0x63, 0x81,
+ 0x06, 0x41, 0xc7, 0x1e, 0x2c, 0x3a, 0x86, 0x49, 0xcb, 0xd1, 0xd7, 0xed, 0x7d, 0x9b, 0x58, 0x95,
+ 0x29, 0xae, 0x63, 0x58, 0x38, 0xc7, 0x1e, 0x7f, 0x5c, 0x8b, 0xef, 0x21, 0x9f, 0x03, 0x07, 0xe0,
+ 0xe8, 0x8f, 0x25, 0x40, 0xb6, 0x63, 0x9a, 0x1a, 0xe9, 0x13, 0x9d, 0x2a, 0x1a, 0x3f, 0x8b, 0xb3,
+ 0x2b, 0xb7, 0xb9, 0xce, 0xdf, 0x1a, 0xd6, 0xaf, 0x84, 0x60, 0x5c, 0xb9, 0x7f, 0xe8, 0x9d, 0x64,
+ 0xc5, 0x29, 0x7a, 0x99, 0x6b, 0x8f, 0x6c, 0xfe, 0xbb, 0x32, 0x3d, 0x92, 0x6b, 0xd3, 0xcf, 0x1c,
+ 0x03, 0xd7, 0x0a, 0x3a, 0xf6, 0x60, 0xd1, 0x01, 0x2c, 0x5a, 0x44, 0xe9, 0xee, 0xe9, 0xda, 0x00,
+ 0x1b, 0x06, 0x7d, 0xac, 0x6a, 0xc4, 0x1e, 0xd8, 0x94, 0xf4, 0x2b, 0x33, 0x7c, 0xd8, 0xfd, 0x47,
+ 0x19, 0x38, 0x95, 0x0b, 0x67, 0x48, 0xa3, 0x3e, 0x54, 0xbd, 0x90, 0xc1, 0xd6, 0x93, 0x1f, 0xb3,
+ 0x1e, 0xd9, 0x1d, 0x45, 0x73, 0xef, 0x01, 0x66, 0xb9, 0x82, 0x37, 0x2f, 0xce, 0xab, 0xd5, 0xcd,
+ 0xcb, 0x59, 0xf1, 0x30, 0x2c, 0xf4, 0x6d, 0xa8, 0x28, 0x59, 0x7a, 0xe6, 0xb8, 0x9e, 0x55, 0xd1,
+ 0x91, 0x4a, 0xa6, 0x92, 0x4c, 0x04, 0x44, 0x61, 0x4e, 0x89, 0xbe, 0x52, 0xb5, 0x2b, 0xf3, 0x23,
+ 0x1d, 0x46, 0xc6, 0x1e, 0xb7, 0x06, 0x07, 0x12, 0x31, 0x82, 0x8d, 0x13, 0x1a, 0xf8, 0x13, 0x0a,
+ 0x71, 0xa0, 0x7e, 0x33, 0x6f, 0x16, 0xc7, 0x7b, 0x42, 0x11, 0x98, 0xf6, 0xca, 0x9e, 0x50, 0x84,
+ 0x20, 0x2f, 0x3f, 0xc2, 0xfb, 0xaf, 0x1c, 0x2c, 0x04, 0xcc, 0x23, 0x3f, 0xa1, 0x48, 0x11, 0xb9,
+ 0xb6, 0x27, 0x14, 0xe9, 0x6f, 0x10, 0xf2, 0xd7, 0xfd, 0x06, 0xe1, 0x1a, 0x9e, 0x6e, 0xf0, 0x67,
+ 0x0d, 0x81, 0xeb, 0xfe, 0xef, 0x3d, 0x6b, 0x08, 0x6c, 0xcb, 0x28, 0xb4, 0xfe, 0x3e, 0x17, 0xee,
+ 0xc0, 0xff, 0xfb, 0xbb, 0xf5, 0x2f, 0xff, 0xb0, 0x53, 0xfe, 0x79, 0x1e, 0xe6, 0xe2, 0xab, 0x31,
+ 0x72, 0x05, 0x2b, 0x0d, 0xbd, 0x82, 0x6d, 0xc2, 0x9d, 0x23, 0x47, 0xd3, 0x06, 0xdc, 0x0d, 0xa1,
+ 0x7b, 0x58, 0xf7, 0x0a, 0xe5, 0x0d, 0x21, 0x79, 0xe7, 0x71, 0x0a, 0x0f, 0x4e, 0x95, 0xcc, 0xb8,
+ 0x4e, 0xce, 0x5f, 0xe9, 0x3a, 0x39, 0x71, 0xbb, 0x59, 0x18, 0xe3, 0x76, 0x33, 0xf5, 0x6a, 0xb8,
+ 0x78, 0x85, 0xab, 0xe1, 0xab, 0xdc, 0xe5, 0xa6, 0x04, 0xb1, 0x61, 0x77, 0xb9, 0xf2, 0x1b, 0xb0,
+ 0x2c, 0xc4, 0x28, 0xbf, 0x66, 0xd5, 0xa9, 0x65, 0x68, 0x1a, 0xb1, 0x36, 0x9d, 0x7e, 0x7f, 0x20,
+ 0x7f, 0x1d, 0x66, 0xa2, 0x0f, 0x08, 0xdc, 0x91, 0x76, 0xdf, 0x30, 0x88, 0x8b, 0xac, 0xd0, 0x48,
+ 0xbb, 0xed, 0xd8, 0xe7, 0x90, 0xbf, 0x2f, 0xc1, 0x62, 0xfa, 0x43, 0x41, 0xa4, 0xc1, 0x4c, 0x5f,
+ 0x39, 0x0b, 0xbf, 0xaa, 0x94, 0xae, 0x78, 0xc4, 0xc0, 0x6f, 0x8e, 0x77, 0x22, 0x58, 0x38, 0x86,
+ 0x2d, 0xff, 0x4a, 0x82, 0xa5, 0x8c, 0x3b, 0xdb, 0x9b, 0xb5, 0x04, 0x7d, 0x06, 0xe5, 0xbe, 0x72,
+ 0xd6, 0x72, 0xac, 0x1e, 0xb9, 0xf2, 0xa1, 0x0a, 0x8f, 0x18, 0x3b, 0x02, 0x05, 0xfb, 0x78, 0xf2,
+ 0x8f, 0x24, 0xa8, 0x64, 0x95, 0xb7, 0xe8, 0x61, 0xe4, 0x76, 0xf9, 0xab, 0xb1, 0xdb, 0xe5, 0xf9,
+ 0x84, 0xdc, 0x35, 0xdd, 0x2d, 0xff, 0x9d, 0x04, 0x8b, 0xe9, 0x65, 0x3e, 0x7a, 0x3f, 0x62, 0x61,
+ 0x35, 0x66, 0xe1, 0x6c, 0x4c, 0x4a, 0xd8, 0xf7, 0x1d, 0x98, 0x11, 0x9b, 0x01, 0x01, 0x23, 0xbc,
+ 0x2a, 0xa7, 0xc5, 0x4a, 0x01, 0xe1, 0x15, 0xbf, 0x7c, 0xbc, 0xa2, 0x6d, 0x38, 0x86, 0x26, 0xff,
+ 0x51, 0x0e, 0x8a, 0xad, 0x8e, 0xa2, 0x91, 0x1b, 0x28, 0xb3, 0xbe, 0x19, 0x29, 0xb3, 0x86, 0xfd,
+ 0x03, 0x82, 0x5b, 0x95, 0x59, 0x61, 0xe1, 0x58, 0x85, 0xf5, 0xf6, 0x48, 0x68, 0x97, 0x17, 0x57,
+ 0xbf, 0x01, 0x93, 0xbe, 0xd2, 0xf1, 0x62, 0xbe, 0xfc, 0xd7, 0x39, 0x98, 0x0a, 0xa9, 0x18, 0x33,
+ 0x63, 0x1c, 0x45, 0x32, 0xed, 0x28, 0xff, 0x85, 0x0a, 0xe9, 0xaa, 0x79, 0xb9, 0xd5, 0x7d, 0x28,
+ 0x18, 0x3c, 0x0d, 0x4b, 0xa6, 0xdc, 0xaf, 0xc3, 0x0c, 0xe5, 0xff, 0x15, 0xf2, 0x8f, 0x22, 0xf3,
+ 0x7c, 0x2e, 0xfa, 0xcf, 0x4b, 0xdb, 0x11, 0x2a, 0x8e, 0x71, 0x2f, 0x7f, 0x02, 0xd3, 0x11, 0x65,
+ 0x63, 0xbd, 0xf3, 0xfb, 0x07, 0x09, 0xbe, 0x3a, 0x74, 0xa3, 0x88, 0x1a, 0x91, 0x45, 0x52, 0x8b,
+ 0x2d, 0x92, 0x95, 0x6c, 0x80, 0x6b, 0x7c, 0x2f, 0xf2, 0xfd, 0x1c, 0xa0, 0xf6, 0xb1, 0x6a, 0x75,
+ 0x9b, 0x8a, 0x45, 0x07, 0x58, 0xfc, 0xe1, 0xeb, 0x06, 0x16, 0xcc, 0x43, 0x98, 0xea, 0x12, 0xbb,
+ 0x63, 0xa9, 0xdc, 0x39, 0xa2, 0x3a, 0xf7, 0x0f, 0x53, 0x36, 0x03, 0x12, 0x0e, 0xf3, 0xa1, 0x6f,
+ 0x41, 0xf9, 0xd4, 0xfd, 0x23, 0xa2, 0x77, 0x40, 0x3b, 0xac, 0x90, 0x0c, 0xfe, 0xba, 0x18, 0xcc,
+ 0x1f, 0xd1, 0x60, 0x63, 0x1f, 0x4c, 0xfe, 0xa1, 0x04, 0x8b, 0x49, 0x47, 0x6c, 0x32, 0x53, 0xaf,
+ 0xdf, 0x19, 0x6f, 0x40, 0x81, 0xa3, 0x33, 0x2f, 0xdc, 0x76, 0x0f, 0xde, 0x99, 0x66, 0xcc, 0x5b,
+ 0xe5, 0x7f, 0x97, 0x60, 0x39, 0xdd, 0xb4, 0x1b, 0x28, 0xdb, 0x3f, 0x8b, 0x96, 0xed, 0xc3, 0xce,
+ 0x2a, 0xd2, 0xed, 0xcc, 0x28, 0xe1, 0xff, 0x2d, 0xd5, 0xe7, 0x37, 0xd0, 0xa9, 0x83, 0x68, 0xa7,
+ 0x1e, 0x8c, 0xdd, 0xa9, 0xf4, 0x0e, 0x35, 0xde, 0x7d, 0xf1, 0xc5, 0xca, 0xad, 0x5f, 0x7c, 0xb1,
+ 0x72, 0xeb, 0x97, 0x5f, 0xac, 0xdc, 0xfa, 0x83, 0x8b, 0x15, 0xe9, 0xc5, 0xc5, 0x8a, 0xf4, 0x8b,
+ 0x8b, 0x15, 0xe9, 0x97, 0x17, 0x2b, 0xd2, 0x7f, 0x5e, 0xac, 0x48, 0x7f, 0xf6, 0xab, 0x95, 0x5b,
+ 0x9f, 0x95, 0x04, 0xee, 0xff, 0x06, 0x00, 0x00, 0xff, 0xff, 0x57, 0xe8, 0x50, 0x1c, 0x48, 0x3d,
0x00, 0x00,
}
diff --git a/staging/src/k8s.io/api/extensions/v1beta1/generated.proto b/staging/src/k8s.io/api/extensions/v1beta1/generated.proto
index feda2572492e..3692e10834e8 100644
--- a/staging/src/k8s.io/api/extensions/v1beta1/generated.proto
+++ b/staging/src/k8s.io/api/extensions/v1beta1/generated.proto
@@ -594,6 +594,27 @@ message NetworkPolicy {
optional NetworkPolicySpec spec = 2;
}
+// NetworkPolicyEgressRule describes a particular set of traffic that is allowed out of pods
+// matched by a NetworkPolicySpec's podSelector. The traffic must match both ports and to.
+// This type is beta-level in 1.8
+message NetworkPolicyEgressRule {
+ // List of destination ports for outgoing traffic.
+ // Each item in this list is combined using a logical OR. If this field is
+ // empty or missing, this rule matches all ports (traffic not restricted by port).
+ // If this field is present and contains at least one item, then this rule allows
+ // traffic only if the traffic matches at least one port in the list.
+ // +optional
+ repeated NetworkPolicyPort ports = 1;
+
+ // List of destinations for outgoing traffic of pods selected for this rule.
+ // Items in this list are combined using a logical OR operation. If this field is
+ // empty or missing, this rule matches all destinations (traffic not restricted by
+ // destination). If this field is present and contains at least one item, this rule
+ // allows traffic only if the traffic matches at least one item in the to list.
+ // +optional
+ repeated NetworkPolicyPeer to = 2;
+}
+
// This NetworkPolicyIngressRule matches traffic if and only if the traffic matches both ports AND from.
message NetworkPolicyIngressRule {
// List of ports which should be made accessible on the pods selected for this rule.
@@ -675,6 +696,29 @@ message NetworkPolicySpec {
// (and serves solely to ensure that the pods it selects are isolated by default).
// +optional
repeated NetworkPolicyIngressRule ingress = 2;
+
+ // List of egress rules to be applied to the selected pods. Outgoing traffic is
+ // allowed if there are no NetworkPolicies selecting the pod (and cluster policy
+ // otherwise allows the traffic), OR if the traffic matches at least one egress rule
+ // across all of the NetworkPolicy objects whose podSelector matches the pod. If
+ // this field is empty then this NetworkPolicy limits all outgoing traffic (and serves
+ // solely to ensure that the pods it selects are isolated by default).
+ // This field is beta-level in 1.8
+ // +optional
+ repeated NetworkPolicyEgressRule egress = 3;
+
+ // List of rule types that the NetworkPolicy relates to.
+ // Valid options are Ingress, Egress, or Ingress,Egress.
+ // If this field is not specified, it will default based on the existence of Ingress or Egress rules;
+ // policies that contain an Egress section are assumed to affect Egress, and all policies
+ // (whether or not they contain an Ingress section) are assumed to affect Ingress.
+ // If you want to write an egress-only policy, you must explicitly specify policyTypes [ "Egress" ].
+ // Likewise, if you want to write a policy that specifies that no egress is allowed,
+ // you must specify a policyTypes value that include "Egress" (since such a policy would not include
+ // an Egress section and would otherwise default to just [ "Ingress" ]).
+ // This field is beta-level in 1.8
+ // +optional
+ repeated string policyTypes = 4;
}
// Pod Security Policy governs the ability to make requests that affect the Security Context
diff --git a/staging/src/k8s.io/api/extensions/v1beta1/types.go b/staging/src/k8s.io/api/extensions/v1beta1/types.go
index fdd342b2617a..052cbb691c7c 100644
--- a/staging/src/k8s.io/api/extensions/v1beta1/types.go
+++ b/staging/src/k8s.io/api/extensions/v1beta1/types.go
@@ -1157,6 +1157,17 @@ type NetworkPolicy struct {
Spec NetworkPolicySpec `json:"spec,omitempty" protobuf:"bytes,2,opt,name=spec"`
}
+// Policy Type string describes the NetworkPolicy type
+// This type is beta-level in 1.8
+type PolicyType string
+
+const (
+ // PolicyTypeIngress is a NetworkPolicy that affects ingress traffic on selected pods
+ PolicyTypeIngress PolicyType = "Ingress"
+ // PolicyTypeEgress is a NetworkPolicy that affects egress traffic on selected pods
+ PolicyTypeEgress PolicyType = "Egress"
+)
+
type NetworkPolicySpec struct {
// Selects the pods to which this NetworkPolicy object applies. The array of ingress rules
// is applied to any pods selected by this field. Multiple network policies can select the
@@ -1174,6 +1185,29 @@ type NetworkPolicySpec struct {
// (and serves solely to ensure that the pods it selects are isolated by default).
// +optional
Ingress []NetworkPolicyIngressRule `json:"ingress,omitempty" protobuf:"bytes,2,rep,name=ingress"`
+
+ // List of egress rules to be applied to the selected pods. Outgoing traffic is
+ // allowed if there are no NetworkPolicies selecting the pod (and cluster policy
+ // otherwise allows the traffic), OR if the traffic matches at least one egress rule
+ // across all of the NetworkPolicy objects whose podSelector matches the pod. If
+ // this field is empty then this NetworkPolicy limits all outgoing traffic (and serves
+ // solely to ensure that the pods it selects are isolated by default).
+ // This field is beta-level in 1.8
+ // +optional
+ Egress []NetworkPolicyEgressRule `json:"egress,omitempty" protobuf:"bytes,3,rep,name=egress"`
+
+ // List of rule types that the NetworkPolicy relates to.
+ // Valid options are Ingress, Egress, or Ingress,Egress.
+ // If this field is not specified, it will default based on the existence of Ingress or Egress rules;
+ // policies that contain an Egress section are assumed to affect Egress, and all policies
+ // (whether or not they contain an Ingress section) are assumed to affect Ingress.
+ // If you want to write an egress-only policy, you must explicitly specify policyTypes [ "Egress" ].
+ // Likewise, if you want to write a policy that specifies that no egress is allowed,
+ // you must specify a policyTypes value that include "Egress" (since such a policy would not include
+ // an Egress section and would otherwise default to just [ "Ingress" ]).
+ // This field is beta-level in 1.8
+ // +optional
+ PolicyTypes []PolicyType `json:"policyTypes,omitempty" protobuf:"bytes,4,rep,name=policyTypes,casttype=PolicyType"`
}
// This NetworkPolicyIngressRule matches traffic if and only if the traffic matches both ports AND from.
@@ -1195,6 +1229,27 @@ type NetworkPolicyIngressRule struct {
From []NetworkPolicyPeer `json:"from,omitempty" protobuf:"bytes,2,rep,name=from"`
}
+// NetworkPolicyEgressRule describes a particular set of traffic that is allowed out of pods
+// matched by a NetworkPolicySpec's podSelector. The traffic must match both ports and to.
+// This type is beta-level in 1.8
+type NetworkPolicyEgressRule struct {
+ // List of destination ports for outgoing traffic.
+ // Each item in this list is combined using a logical OR. If this field is
+ // empty or missing, this rule matches all ports (traffic not restricted by port).
+ // If this field is present and contains at least one item, then this rule allows
+ // traffic only if the traffic matches at least one port in the list.
+ // +optional
+ Ports []NetworkPolicyPort `json:"ports,omitempty" protobuf:"bytes,1,rep,name=ports"`
+
+ // List of destinations for outgoing traffic of pods selected for this rule.
+ // Items in this list are combined using a logical OR operation. If this field is
+ // empty or missing, this rule matches all destinations (traffic not restricted by
+ // destination). If this field is present and contains at least one item, this rule
+ // allows traffic only if the traffic matches at least one item in the to list.
+ // +optional
+ To []NetworkPolicyPeer `json:"to,omitempty" protobuf:"bytes,2,rep,name=to"`
+}
+
type NetworkPolicyPort struct {
// Optional. The protocol (TCP or UDP) which traffic must match.
// If not specified, this field defaults to TCP.
diff --git a/staging/src/k8s.io/api/extensions/v1beta1/types_swagger_doc_generated.go b/staging/src/k8s.io/api/extensions/v1beta1/types_swagger_doc_generated.go
index 038f271ef541..a3e671189810 100644
--- a/staging/src/k8s.io/api/extensions/v1beta1/types_swagger_doc_generated.go
+++ b/staging/src/k8s.io/api/extensions/v1beta1/types_swagger_doc_generated.go
@@ -361,6 +361,16 @@ func (NetworkPolicy) SwaggerDoc() map[string]string {
return map_NetworkPolicy
}
+var map_NetworkPolicyEgressRule = map[string]string{
+ "": "NetworkPolicyEgressRule describes a particular set of traffic that is allowed out of pods matched by a NetworkPolicySpec's podSelector. The traffic must match both ports and to. This type is beta-level in 1.8",
+ "ports": "List of destination ports for outgoing traffic. Each item in this list is combined using a logical OR. If this field is empty or missing, this rule matches all ports (traffic not restricted by port). If this field is present and contains at least one item, then this rule allows traffic only if the traffic matches at least one port in the list.",
+ "to": "List of destinations for outgoing traffic of pods selected for this rule. Items in this list are combined using a logical OR operation. If this field is empty or missing, this rule matches all destinations (traffic not restricted by destination). If this field is present and contains at least one item, this rule allows traffic only if the traffic matches at least one item in the to list.",
+}
+
+func (NetworkPolicyEgressRule) SwaggerDoc() map[string]string {
+ return map_NetworkPolicyEgressRule
+}
+
var map_NetworkPolicyIngressRule = map[string]string{
"": "This NetworkPolicyIngressRule matches traffic if and only if the traffic matches both ports AND from.",
"ports": "List of ports which should be made accessible on the pods selected for this rule. Each item in this list is combined using a logical OR. If this field is empty or missing, this rule matches all ports (traffic not restricted by port). If this field is present and contains at least one item, then this rule allows traffic only if the traffic matches at least one port in the list.",
@@ -403,6 +413,8 @@ func (NetworkPolicyPort) SwaggerDoc() map[string]string {
var map_NetworkPolicySpec = map[string]string{
"podSelector": "Selects the pods to which this NetworkPolicy object applies. The array of ingress rules is applied to any pods selected by this field. Multiple network policies can select the same set of pods. In this case, the ingress rules for each are combined additively. This field is NOT optional and follows standard label selector semantics. An empty podSelector matches all pods in this namespace.",
"ingress": "List of ingress rules to be applied to the selected pods. Traffic is allowed to a pod if there are no NetworkPolicies selecting the pod OR if the traffic source is the pod's local node, OR if the traffic matches at least one ingress rule across all of the NetworkPolicy objects whose podSelector matches the pod. If this field is empty then this NetworkPolicy does not allow any traffic (and serves solely to ensure that the pods it selects are isolated by default).",
+ "egress": "List of egress rules to be applied to the selected pods. Outgoing traffic is allowed if there are no NetworkPolicies selecting the pod (and cluster policy otherwise allows the traffic), OR if the traffic matches at least one egress rule across all of the NetworkPolicy objects whose podSelector matches the pod. If this field is empty then this NetworkPolicy limits all outgoing traffic (and serves solely to ensure that the pods it selects are isolated by default). This field is beta-level in 1.8",
+ "policyTypes": "List of rule types that the NetworkPolicy relates to. Valid options are Ingress, Egress, or Ingress,Egress. If this field is not specified, it will default based on the existence of Ingress or Egress rules; policies that contain an Egress section are assumed to affect Egress, and all policies (whether or not they contain an Ingress section) are assumed to affect Ingress. If you want to write an egress-only policy, you must explicitly specify policyTypes [ \"Egress\" ]. Likewise, if you want to write a policy that specifies that no egress is allowed, you must specify a policyTypes value that include \"Egress\" (since such a policy would not include an Egress section and would otherwise default to just [ \"Ingress\" ]). This field is beta-level in 1.8",
}
func (NetworkPolicySpec) SwaggerDoc() map[string]string {
diff --git a/staging/src/k8s.io/api/extensions/v1beta1/zz_generated.deepcopy.go b/staging/src/k8s.io/api/extensions/v1beta1/zz_generated.deepcopy.go
index c2b52beeb40b..45b56997bf87 100644
--- a/staging/src/k8s.io/api/extensions/v1beta1/zz_generated.deepcopy.go
+++ b/staging/src/k8s.io/api/extensions/v1beta1/zz_generated.deepcopy.go
@@ -171,6 +171,10 @@ func RegisterDeepCopies(scheme *runtime.Scheme) error {
in.(*NetworkPolicy).DeepCopyInto(out.(*NetworkPolicy))
return nil
}, InType: reflect.TypeOf(&NetworkPolicy{})},
+ conversion.GeneratedDeepCopyFunc{Fn: func(in interface{}, out interface{}, c *conversion.Cloner) error {
+ in.(*NetworkPolicyEgressRule).DeepCopyInto(out.(*NetworkPolicyEgressRule))
+ return nil
+ }, InType: reflect.TypeOf(&NetworkPolicyEgressRule{})},
conversion.GeneratedDeepCopyFunc{Fn: func(in interface{}, out interface{}, c *conversion.Cloner) error {
in.(*NetworkPolicyIngressRule).DeepCopyInto(out.(*NetworkPolicyIngressRule))
return nil
@@ -1117,6 +1121,36 @@ func (in *NetworkPolicy) DeepCopyObject() runtime.Object {
}
}
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *NetworkPolicyEgressRule) DeepCopyInto(out *NetworkPolicyEgressRule) {
+ *out = *in
+ if in.Ports != nil {
+ in, out := &in.Ports, &out.Ports
+ *out = make([]NetworkPolicyPort, len(*in))
+ for i := range *in {
+ (*in)[i].DeepCopyInto(&(*out)[i])
+ }
+ }
+ if in.To != nil {
+ in, out := &in.To, &out.To
+ *out = make([]NetworkPolicyPeer, len(*in))
+ for i := range *in {
+ (*in)[i].DeepCopyInto(&(*out)[i])
+ }
+ }
+ return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkPolicyEgressRule.
+func (in *NetworkPolicyEgressRule) DeepCopy() *NetworkPolicyEgressRule {
+ if in == nil {
+ return nil
+ }
+ out := new(NetworkPolicyEgressRule)
+ in.DeepCopyInto(out)
+ return out
+}
+
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *NetworkPolicyIngressRule) DeepCopyInto(out *NetworkPolicyIngressRule) {
*out = *in
@@ -1269,6 +1303,18 @@ func (in *NetworkPolicySpec) DeepCopyInto(out *NetworkPolicySpec) {
(*in)[i].DeepCopyInto(&(*out)[i])
}
}
+ if in.Egress != nil {
+ in, out := &in.Egress, &out.Egress
+ *out = make([]NetworkPolicyEgressRule, len(*in))
+ for i := range *in {
+ (*in)[i].DeepCopyInto(&(*out)[i])
+ }
+ }
+ if in.PolicyTypes != nil {
+ in, out := &in.PolicyTypes, &out.PolicyTypes
+ *out = make([]PolicyType, len(*in))
+ copy(*out, *in)
+ }
return
}
diff --git a/staging/src/k8s.io/api/networking/v1/generated.pb.go b/staging/src/k8s.io/api/networking/v1/generated.pb.go
index 226b55997ce3..df4d9f97959c 100644
--- a/staging/src/k8s.io/api/networking/v1/generated.pb.go
+++ b/staging/src/k8s.io/api/networking/v1/generated.pb.go
@@ -27,6 +27,7 @@ limitations under the License.
It has these top-level messages:
IPBlock
NetworkPolicy
+ NetworkPolicyEgressRule
NetworkPolicyIngressRule
NetworkPolicyList
NetworkPolicyPeer
@@ -69,31 +70,36 @@ func (m *NetworkPolicy) Reset() { *m = NetworkPolicy{} }
func (*NetworkPolicy) ProtoMessage() {}
func (*NetworkPolicy) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{1} }
+func (m *NetworkPolicyEgressRule) Reset() { *m = NetworkPolicyEgressRule{} }
+func (*NetworkPolicyEgressRule) ProtoMessage() {}
+func (*NetworkPolicyEgressRule) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{2} }
+
func (m *NetworkPolicyIngressRule) Reset() { *m = NetworkPolicyIngressRule{} }
func (*NetworkPolicyIngressRule) ProtoMessage() {}
func (*NetworkPolicyIngressRule) Descriptor() ([]byte, []int) {
- return fileDescriptorGenerated, []int{2}
+ return fileDescriptorGenerated, []int{3}
}
func (m *NetworkPolicyList) Reset() { *m = NetworkPolicyList{} }
func (*NetworkPolicyList) ProtoMessage() {}
-func (*NetworkPolicyList) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{3} }
+func (*NetworkPolicyList) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{4} }
func (m *NetworkPolicyPeer) Reset() { *m = NetworkPolicyPeer{} }
func (*NetworkPolicyPeer) ProtoMessage() {}
-func (*NetworkPolicyPeer) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{4} }
+func (*NetworkPolicyPeer) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{5} }
func (m *NetworkPolicyPort) Reset() { *m = NetworkPolicyPort{} }
func (*NetworkPolicyPort) ProtoMessage() {}
-func (*NetworkPolicyPort) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{5} }
+func (*NetworkPolicyPort) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{6} }
func (m *NetworkPolicySpec) Reset() { *m = NetworkPolicySpec{} }
func (*NetworkPolicySpec) ProtoMessage() {}
-func (*NetworkPolicySpec) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{6} }
+func (*NetworkPolicySpec) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{7} }
func init() {
proto.RegisterType((*IPBlock)(nil), "k8s.io.api.networking.v1.IPBlock")
proto.RegisterType((*NetworkPolicy)(nil), "k8s.io.api.networking.v1.NetworkPolicy")
+ proto.RegisterType((*NetworkPolicyEgressRule)(nil), "k8s.io.api.networking.v1.NetworkPolicyEgressRule")
proto.RegisterType((*NetworkPolicyIngressRule)(nil), "k8s.io.api.networking.v1.NetworkPolicyIngressRule")
proto.RegisterType((*NetworkPolicyList)(nil), "k8s.io.api.networking.v1.NetworkPolicyList")
proto.RegisterType((*NetworkPolicyPeer)(nil), "k8s.io.api.networking.v1.NetworkPolicyPeer")
@@ -171,6 +177,48 @@ func (m *NetworkPolicy) MarshalTo(dAtA []byte) (int, error) {
return i, nil
}
+func (m *NetworkPolicyEgressRule) Marshal() (dAtA []byte, err error) {
+ size := m.Size()
+ dAtA = make([]byte, size)
+ n, err := m.MarshalTo(dAtA)
+ if err != nil {
+ return nil, err
+ }
+ return dAtA[:n], nil
+}
+
+func (m *NetworkPolicyEgressRule) MarshalTo(dAtA []byte) (int, error) {
+ var i int
+ _ = i
+ var l int
+ _ = l
+ if len(m.Ports) > 0 {
+ for _, msg := range m.Ports {
+ dAtA[i] = 0xa
+ i++
+ i = encodeVarintGenerated(dAtA, i, uint64(msg.Size()))
+ n, err := msg.MarshalTo(dAtA[i:])
+ if err != nil {
+ return 0, err
+ }
+ i += n
+ }
+ }
+ if len(m.To) > 0 {
+ for _, msg := range m.To {
+ dAtA[i] = 0x12
+ i++
+ i = encodeVarintGenerated(dAtA, i, uint64(msg.Size()))
+ n, err := msg.MarshalTo(dAtA[i:])
+ if err != nil {
+ return 0, err
+ }
+ i += n
+ }
+ }
+ return i, nil
+}
+
func (m *NetworkPolicyIngressRule) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
@@ -368,6 +416,33 @@ func (m *NetworkPolicySpec) MarshalTo(dAtA []byte) (int, error) {
i += n
}
}
+ if len(m.Egress) > 0 {
+ for _, msg := range m.Egress {
+ dAtA[i] = 0x1a
+ i++
+ i = encodeVarintGenerated(dAtA, i, uint64(msg.Size()))
+ n, err := msg.MarshalTo(dAtA[i:])
+ if err != nil {
+ return 0, err
+ }
+ i += n
+ }
+ }
+ if len(m.PolicyTypes) > 0 {
+ for _, s := range m.PolicyTypes {
+ dAtA[i] = 0x22
+ i++
+ l = len(s)
+ for l >= 1<<7 {
+ dAtA[i] = uint8(uint64(l)&0x7f | 0x80)
+ l >>= 7
+ i++
+ }
+ dAtA[i] = uint8(l)
+ i++
+ i += copy(dAtA[i:], s)
+ }
+ }
return i, nil
}
@@ -422,6 +497,24 @@ func (m *NetworkPolicy) Size() (n int) {
return n
}
+func (m *NetworkPolicyEgressRule) Size() (n int) {
+ var l int
+ _ = l
+ if len(m.Ports) > 0 {
+ for _, e := range m.Ports {
+ l = e.Size()
+ n += 1 + l + sovGenerated(uint64(l))
+ }
+ }
+ if len(m.To) > 0 {
+ for _, e := range m.To {
+ l = e.Size()
+ n += 1 + l + sovGenerated(uint64(l))
+ }
+ }
+ return n
+}
+
func (m *NetworkPolicyIngressRule) Size() (n int) {
var l int
_ = l
@@ -497,6 +590,18 @@ func (m *NetworkPolicySpec) Size() (n int) {
n += 1 + l + sovGenerated(uint64(l))
}
}
+ if len(m.Egress) > 0 {
+ for _, e := range m.Egress {
+ l = e.Size()
+ n += 1 + l + sovGenerated(uint64(l))
+ }
+ }
+ if len(m.PolicyTypes) > 0 {
+ for _, s := range m.PolicyTypes {
+ l = len(s)
+ n += 1 + l + sovGenerated(uint64(l))
+ }
+ }
return n
}
@@ -535,6 +640,17 @@ func (this *NetworkPolicy) String() string {
}, "")
return s
}
+func (this *NetworkPolicyEgressRule) String() string {
+ if this == nil {
+ return "nil"
+ }
+ s := strings.Join([]string{`&NetworkPolicyEgressRule{`,
+ `Ports:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.Ports), "NetworkPolicyPort", "NetworkPolicyPort", 1), `&`, ``, 1) + `,`,
+ `To:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.To), "NetworkPolicyPeer", "NetworkPolicyPeer", 1), `&`, ``, 1) + `,`,
+ `}`,
+ }, "")
+ return s
+}
func (this *NetworkPolicyIngressRule) String() string {
if this == nil {
return "nil"
@@ -587,6 +703,8 @@ func (this *NetworkPolicySpec) String() string {
s := strings.Join([]string{`&NetworkPolicySpec{`,
`PodSelector:` + strings.Replace(strings.Replace(this.PodSelector.String(), "LabelSelector", "k8s_io_apimachinery_pkg_apis_meta_v1.LabelSelector", 1), `&`, ``, 1) + `,`,
`Ingress:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.Ingress), "NetworkPolicyIngressRule", "NetworkPolicyIngressRule", 1), `&`, ``, 1) + `,`,
+ `Egress:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.Egress), "NetworkPolicyEgressRule", "NetworkPolicyEgressRule", 1), `&`, ``, 1) + `,`,
+ `PolicyTypes:` + fmt.Sprintf("%v", this.PolicyTypes) + `,`,
`}`,
}, "")
return s
@@ -817,6 +935,118 @@ func (m *NetworkPolicy) Unmarshal(dAtA []byte) error {
}
return nil
}
+func (m *NetworkPolicyEgressRule) Unmarshal(dAtA []byte) error {
+ l := len(dAtA)
+ iNdEx := 0
+ for iNdEx < l {
+ preIndex := iNdEx
+ var wire uint64
+ for shift := uint(0); ; shift += 7 {
+ if shift >= 64 {
+ return ErrIntOverflowGenerated
+ }
+ if iNdEx >= l {
+ return io.ErrUnexpectedEOF
+ }
+ b := dAtA[iNdEx]
+ iNdEx++
+ wire |= (uint64(b) & 0x7F) << shift
+ if b < 0x80 {
+ break
+ }
+ }
+ fieldNum := int32(wire >> 3)
+ wireType := int(wire & 0x7)
+ if wireType == 4 {
+ return fmt.Errorf("proto: NetworkPolicyEgressRule: wiretype end group for non-group")
+ }
+ if fieldNum <= 0 {
+ return fmt.Errorf("proto: NetworkPolicyEgressRule: illegal tag %d (wire type %d)", fieldNum, wire)
+ }
+ switch fieldNum {
+ case 1:
+ if wireType != 2 {
+ return fmt.Errorf("proto: wrong wireType = %d for field Ports", wireType)
+ }
+ var msglen int
+ for shift := uint(0); ; shift += 7 {
+ if shift >= 64 {
+ return ErrIntOverflowGenerated
+ }
+ if iNdEx >= l {
+ return io.ErrUnexpectedEOF
+ }
+ b := dAtA[iNdEx]
+ iNdEx++
+ msglen |= (int(b) & 0x7F) << shift
+ if b < 0x80 {
+ break
+ }
+ }
+ if msglen < 0 {
+ return ErrInvalidLengthGenerated
+ }
+ postIndex := iNdEx + msglen
+ if postIndex > l {
+ return io.ErrUnexpectedEOF
+ }
+ m.Ports = append(m.Ports, NetworkPolicyPort{})
+ if err := m.Ports[len(m.Ports)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+ return err
+ }
+ iNdEx = postIndex
+ case 2:
+ if wireType != 2 {
+ return fmt.Errorf("proto: wrong wireType = %d for field To", wireType)
+ }
+ var msglen int
+ for shift := uint(0); ; shift += 7 {
+ if shift >= 64 {
+ return ErrIntOverflowGenerated
+ }
+ if iNdEx >= l {
+ return io.ErrUnexpectedEOF
+ }
+ b := dAtA[iNdEx]
+ iNdEx++
+ msglen |= (int(b) & 0x7F) << shift
+ if b < 0x80 {
+ break
+ }
+ }
+ if msglen < 0 {
+ return ErrInvalidLengthGenerated
+ }
+ postIndex := iNdEx + msglen
+ if postIndex > l {
+ return io.ErrUnexpectedEOF
+ }
+ m.To = append(m.To, NetworkPolicyPeer{})
+ if err := m.To[len(m.To)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+ return err
+ }
+ iNdEx = postIndex
+ default:
+ iNdEx = preIndex
+ skippy, err := skipGenerated(dAtA[iNdEx:])
+ if err != nil {
+ return err
+ }
+ if skippy < 0 {
+ return ErrInvalidLengthGenerated
+ }
+ if (iNdEx + skippy) > l {
+ return io.ErrUnexpectedEOF
+ }
+ iNdEx += skippy
+ }
+ }
+
+ if iNdEx > l {
+ return io.ErrUnexpectedEOF
+ }
+ return nil
+}
func (m *NetworkPolicyIngressRule) Unmarshal(dAtA []byte) error {
l := len(dAtA)
iNdEx := 0
@@ -1392,6 +1622,66 @@ func (m *NetworkPolicySpec) Unmarshal(dAtA []byte) error {
return err
}
iNdEx = postIndex
+ case 3:
+ if wireType != 2 {
+ return fmt.Errorf("proto: wrong wireType = %d for field Egress", wireType)
+ }
+ var msglen int
+ for shift := uint(0); ; shift += 7 {
+ if shift >= 64 {
+ return ErrIntOverflowGenerated
+ }
+ if iNdEx >= l {
+ return io.ErrUnexpectedEOF
+ }
+ b := dAtA[iNdEx]
+ iNdEx++
+ msglen |= (int(b) & 0x7F) << shift
+ if b < 0x80 {
+ break
+ }
+ }
+ if msglen < 0 {
+ return ErrInvalidLengthGenerated
+ }
+ postIndex := iNdEx + msglen
+ if postIndex > l {
+ return io.ErrUnexpectedEOF
+ }
+ m.Egress = append(m.Egress, NetworkPolicyEgressRule{})
+ if err := m.Egress[len(m.Egress)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+ return err
+ }
+ iNdEx = postIndex
+ case 4:
+ if wireType != 2 {
+ return fmt.Errorf("proto: wrong wireType = %d for field PolicyTypes", wireType)
+ }
+ var stringLen uint64
+ for shift := uint(0); ; shift += 7 {
+ if shift >= 64 {
+ return ErrIntOverflowGenerated
+ }
+ if iNdEx >= l {
+ return io.ErrUnexpectedEOF
+ }
+ b := dAtA[iNdEx]
+ iNdEx++
+ stringLen |= (uint64(b) & 0x7F) << shift
+ if b < 0x80 {
+ break
+ }
+ }
+ intStringLen := int(stringLen)
+ if intStringLen < 0 {
+ return ErrInvalidLengthGenerated
+ }
+ postIndex := iNdEx + intStringLen
+ if postIndex > l {
+ return io.ErrUnexpectedEOF
+ }
+ m.PolicyTypes = append(m.PolicyTypes, PolicyType(dAtA[iNdEx:postIndex]))
+ iNdEx = postIndex
default:
iNdEx = preIndex
skippy, err := skipGenerated(dAtA[iNdEx:])
@@ -1523,52 +1813,57 @@ func init() {
}
var fileDescriptorGenerated = []byte{
- // 745 bytes of a gzipped FileDescriptorProto
- 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xac, 0x54, 0xcd, 0x4e, 0xdb, 0x4a,
- 0x14, 0x8e, 0x43, 0x20, 0x61, 0x72, 0x11, 0x17, 0x5f, 0x5d, 0x29, 0xa2, 0x92, 0x93, 0x7a, 0x53,
- 0x2a, 0xc4, 0xb8, 0x81, 0xaa, 0xea, 0xb6, 0xee, 0x6f, 0x24, 0x7e, 0x22, 0xb3, 0xab, 0x5a, 0xa9,
- 0x8e, 0x73, 0x30, 0x43, 0x62, 0x8f, 0x35, 0x33, 0x49, 0x61, 0xd7, 0x47, 0xe8, 0x83, 0xf4, 0x0d,
- 0xba, 0xa0, 0x4b, 0x96, 0x2c, 0x59, 0x59, 0xc5, 0x7d, 0x8b, 0xae, 0xaa, 0x99, 0x38, 0x71, 0x48,
- 0x88, 0x1a, 0xaa, 0xee, 0x66, 0xce, 0x9c, 0xef, 0xfb, 0xce, 0xef, 0xa0, 0x67, 0x9d, 0xa7, 0x1c,
- 0x13, 0x6a, 0x75, 0x7a, 0x2d, 0x60, 0x21, 0x08, 0xe0, 0x56, 0x1f, 0xc2, 0x36, 0x65, 0x56, 0xfa,
- 0xe0, 0x46, 0xc4, 0x0a, 0x41, 0x7c, 0xa4, 0xac, 0x43, 0x42, 0xdf, 0xea, 0xd7, 0x2d, 0x1f, 0x42,
- 0x60, 0xae, 0x80, 0x36, 0x8e, 0x18, 0x15, 0x54, 0xaf, 0x0c, 0x3c, 0xb1, 0x1b, 0x11, 0x9c, 0x79,
- 0xe2, 0x7e, 0x7d, 0x7d, 0xcb, 0x27, 0xe2, 0xb8, 0xd7, 0xc2, 0x1e, 0x0d, 0x2c, 0x9f, 0xfa, 0xd4,
- 0x52, 0x80, 0x56, 0xef, 0x48, 0xdd, 0xd4, 0x45, 0x9d, 0x06, 0x44, 0xeb, 0xe6, 0x98, 0xa4, 0x47,
- 0x19, 0xdc, 0x22, 0xb6, 0xbe, 0x35, 0xe6, 0x03, 0xa7, 0x02, 0x42, 0x4e, 0x68, 0xc8, 0xad, 0x7e,
- 0xbd, 0x05, 0xc2, 0x9d, 0x76, 0x7f, 0x38, 0xe6, 0x1e, 0xd1, 0x2e, 0xf1, 0xce, 0x66, 0xba, 0x3e,
- 0xce, 0x5c, 0x03, 0xd7, 0x3b, 0x26, 0x21, 0xb0, 0x33, 0x2b, 0xea, 0xf8, 0xd2, 0xc0, 0xad, 0x00,
- 0x84, 0x7b, 0x5b, 0x3c, 0xd6, 0x2c, 0x14, 0xeb, 0x85, 0x82, 0x04, 0x30, 0x05, 0x78, 0xf2, 0x3b,
- 0x00, 0xf7, 0x8e, 0x21, 0x70, 0xa7, 0x70, 0x3b, 0xb3, 0x70, 0x3d, 0x41, 0xba, 0x16, 0x09, 0x05,
- 0x17, 0x6c, 0x12, 0x64, 0x1e, 0xa0, 0x62, 0xa3, 0x69, 0x77, 0xa9, 0xd7, 0xd1, 0x6b, 0xa8, 0xe0,
- 0x91, 0x36, 0xab, 0x68, 0x35, 0x6d, 0x63, 0xd9, 0xfe, 0xe7, 0x22, 0xae, 0xe6, 0x92, 0xb8, 0x5a,
- 0x78, 0xde, 0x78, 0xe1, 0x38, 0xea, 0x45, 0x37, 0xd1, 0x12, 0x9c, 0x7a, 0x10, 0x89, 0x4a, 0xbe,
- 0xb6, 0xb0, 0xb1, 0x6c, 0xa3, 0x24, 0xae, 0x2e, 0xbd, 0x54, 0x16, 0x27, 0x7d, 0x31, 0xbf, 0x69,
- 0x68, 0x65, 0x7f, 0xd0, 0xe3, 0xa6, 0x2a, 0xa7, 0xfe, 0x01, 0x95, 0x64, 0x6d, 0xda, 0xae, 0x70,
- 0x15, 0x77, 0x79, 0xfb, 0x11, 0xce, 0x06, 0x62, 0x14, 0x2a, 0x8e, 0x3a, 0xbe, 0x34, 0x70, 0x2c,
- 0xbd, 0x71, 0xbf, 0x8e, 0x0f, 0x5a, 0x27, 0xe0, 0x89, 0x3d, 0x10, 0xae, 0xad, 0xa7, 0xd1, 0xa0,
- 0xcc, 0xe6, 0x8c, 0x58, 0xf5, 0x3d, 0x54, 0xe0, 0x11, 0x78, 0x95, 0xbc, 0x62, 0xdf, 0xc4, 0xb3,
- 0xc6, 0x0d, 0xdf, 0x08, 0xec, 0x30, 0x02, 0x2f, 0x4b, 0x53, 0xde, 0x1c, 0x45, 0x63, 0x7e, 0xd5,
- 0x50, 0xe5, 0x86, 0x67, 0x23, 0xf4, 0x19, 0x70, 0xee, 0xf4, 0xba, 0xa0, 0x37, 0xd1, 0x62, 0x44,
- 0x99, 0xe0, 0x15, 0xad, 0xb6, 0x70, 0x07, 0xb1, 0x26, 0x65, 0xc2, 0x5e, 0x49, 0xc5, 0x16, 0xe5,
- 0x8d, 0x3b, 0x03, 0x22, 0x19, 0xfd, 0x11, 0xa3, 0x81, 0xaa, 0xe9, 0x1d, 0x08, 0x01, 0x58, 0x16,
- 0xfd, 0x2b, 0x46, 0x03, 0x47, 0xd1, 0x98, 0xe7, 0x1a, 0x5a, 0xbb, 0xe1, 0xb9, 0x4b, 0xb8, 0xd0,
- 0xdf, 0x4d, 0x35, 0x01, 0xcf, 0xd7, 0x04, 0x89, 0x56, 0x2d, 0xf8, 0x37, 0xd5, 0x2a, 0x0d, 0x2d,
- 0x63, 0x0d, 0xd8, 0x45, 0x8b, 0x44, 0x40, 0xc0, 0xd3, 0x1c, 0x1e, 0xcc, 0x99, 0x43, 0x56, 0x90,
- 0x86, 0x44, 0x3b, 0x03, 0x12, 0xf3, 0x3c, 0x3f, 0x91, 0x81, 0xcc, 0x55, 0x3f, 0x42, 0xe5, 0x88,
- 0xb6, 0x0f, 0xa1, 0x0b, 0x9e, 0xa0, 0x2c, 0x4d, 0x62, 0x67, 0xce, 0x24, 0xdc, 0x16, 0x74, 0x87,
- 0x50, 0x7b, 0x35, 0x89, 0xab, 0xe5, 0x66, 0xc6, 0xe5, 0x8c, 0x13, 0xeb, 0xa7, 0x68, 0x2d, 0x74,
- 0x03, 0xe0, 0x91, 0xeb, 0xc1, 0x48, 0x2d, 0xff, 0xe7, 0x6a, 0xff, 0x27, 0x71, 0x75, 0x6d, 0x7f,
- 0x92, 0xd1, 0x99, 0x16, 0xd1, 0xdf, 0xa0, 0x22, 0x89, 0xd4, 0x2e, 0x56, 0x16, 0x94, 0xde, 0xfd,
- 0xd9, 0x75, 0x4c, 0x97, 0xd6, 0x2e, 0x27, 0x71, 0x75, 0xb8, 0xc1, 0xce, 0x10, 0x6e, 0x7e, 0x99,
- 0x9c, 0x01, 0x39, 0x70, 0xfa, 0x6b, 0x54, 0x52, 0x4b, 0xef, 0xd1, 0x6e, 0xba, 0xe4, 0x9b, 0xb2,
- 0x9f, 0xcd, 0xd4, 0xf6, 0x33, 0xae, 0xde, 0x9b, 0xfe, 0x5f, 0xf1, 0xf0, 0xd9, 0x19, 0x81, 0xf5,
- 0x7d, 0x54, 0x90, 0xa3, 0x9b, 0x56, 0x65, 0xf6, 0x36, 0xcb, 0x8f, 0x07, 0x0f, 0x3e, 0x1e, 0xdc,
- 0x08, 0xc5, 0x01, 0x3b, 0x14, 0x8c, 0x84, 0xbe, 0x5d, 0x92, 0x23, 0x2b, 0x43, 0x72, 0x14, 0x8f,
- 0x19, 0x4f, 0x86, 0x2b, 0x97, 0x51, 0x3f, 0xf9, 0x6b, 0x0d, 0xff, 0x2f, 0x1d, 0xb3, 0xd9, 0x4d,
- 0x7f, 0x8f, 0x8a, 0x64, 0xb0, 0xe4, 0xe9, 0x08, 0x6f, 0xcf, 0x39, 0xc2, 0x63, 0x5f, 0x83, 0xbd,
- 0x9a, 0xca, 0x14, 0x87, 0xc6, 0x21, 0xa7, 0xbd, 0x71, 0x71, 0x6d, 0xe4, 0x2e, 0xaf, 0x8d, 0xdc,
- 0xd5, 0xb5, 0x91, 0xfb, 0x94, 0x18, 0xda, 0x45, 0x62, 0x68, 0x97, 0x89, 0xa1, 0x5d, 0x25, 0x86,
- 0xf6, 0x3d, 0x31, 0xb4, 0xcf, 0x3f, 0x8c, 0xdc, 0xdb, 0x7c, 0xbf, 0xfe, 0x2b, 0x00, 0x00, 0xff,
- 0xff, 0x3b, 0x3f, 0x8c, 0x26, 0x6e, 0x07, 0x00, 0x00,
+ // 829 bytes of a gzipped FileDescriptorProto
+ 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xb4, 0x55, 0x4d, 0x6f, 0x1b, 0x45,
+ 0x18, 0xf6, 0x3a, 0xce, 0x47, 0x27, 0x94, 0x92, 0x41, 0x08, 0x2b, 0x88, 0x75, 0xd8, 0x0b, 0x41,
+ 0x55, 0x67, 0x71, 0x8b, 0x10, 0x37, 0xc4, 0x42, 0x29, 0x96, 0x9a, 0xc4, 0x9a, 0xf4, 0x02, 0x02,
+ 0x89, 0xf5, 0xfa, 0xcd, 0x66, 0x6a, 0xef, 0xce, 0x6a, 0x66, 0x6c, 0x92, 0x1b, 0x3f, 0x81, 0x1f,
+ 0xc2, 0x91, 0x1b, 0x87, 0x72, 0xcc, 0xb1, 0xc7, 0x9e, 0x56, 0x64, 0xf9, 0x17, 0x39, 0xa1, 0x99,
+ 0x1d, 0x7b, 0xfd, 0x51, 0x0b, 0xb7, 0xa2, 0x37, 0xcf, 0x3b, 0xcf, 0xf3, 0xbc, 0x1f, 0xf3, 0xf8,
+ 0x5d, 0xf4, 0xd5, 0xe0, 0x0b, 0x49, 0x18, 0xf7, 0x07, 0xa3, 0x1e, 0x88, 0x14, 0x14, 0x48, 0x7f,
+ 0x0c, 0x69, 0x9f, 0x0b, 0xdf, 0x5e, 0x84, 0x19, 0xf3, 0x53, 0x50, 0xbf, 0x70, 0x31, 0x60, 0x69,
+ 0xec, 0x8f, 0xdb, 0x7e, 0x0c, 0x29, 0x88, 0x50, 0x41, 0x9f, 0x64, 0x82, 0x2b, 0x8e, 0x9b, 0x25,
+ 0x92, 0x84, 0x19, 0x23, 0x15, 0x92, 0x8c, 0xdb, 0xfb, 0xf7, 0x62, 0xa6, 0xce, 0x47, 0x3d, 0x12,
+ 0xf1, 0xc4, 0x8f, 0x79, 0xcc, 0x7d, 0x43, 0xe8, 0x8d, 0xce, 0xcc, 0xc9, 0x1c, 0xcc, 0xaf, 0x52,
+ 0x68, 0xdf, 0x9b, 0x49, 0x19, 0x71, 0x01, 0x2f, 0x49, 0xb6, 0x7f, 0x6f, 0x06, 0x03, 0x17, 0x0a,
+ 0x52, 0xc9, 0x78, 0x2a, 0xfd, 0x71, 0xbb, 0x07, 0x2a, 0x5c, 0x86, 0x7f, 0x32, 0x03, 0xcf, 0xf8,
+ 0x90, 0x45, 0x97, 0x2b, 0xa1, 0x9f, 0x55, 0xd0, 0x24, 0x8c, 0xce, 0x59, 0x0a, 0xe2, 0xd2, 0xcf,
+ 0x06, 0xb1, 0x0e, 0x48, 0x3f, 0x01, 0x15, 0xbe, 0xac, 0x1e, 0x7f, 0x15, 0x4b, 0x8c, 0x52, 0xc5,
+ 0x12, 0x58, 0x22, 0x7c, 0xfe, 0x5f, 0x04, 0x19, 0x9d, 0x43, 0x12, 0x2e, 0xf1, 0x1e, 0xac, 0xe2,
+ 0x8d, 0x14, 0x1b, 0xfa, 0x2c, 0x55, 0x52, 0x89, 0x45, 0x92, 0x77, 0x82, 0xb6, 0x3b, 0xdd, 0x60,
+ 0xc8, 0xa3, 0x01, 0x3e, 0x40, 0x8d, 0x88, 0xf5, 0x45, 0xd3, 0x39, 0x70, 0x0e, 0x6f, 0x05, 0x6f,
+ 0x5d, 0xe5, 0xad, 0x5a, 0x91, 0xb7, 0x1a, 0x5f, 0x77, 0xbe, 0xa1, 0xd4, 0xdc, 0x60, 0x0f, 0x6d,
+ 0xc1, 0x45, 0x04, 0x99, 0x6a, 0xd6, 0x0f, 0x36, 0x0e, 0x6f, 0x05, 0xa8, 0xc8, 0x5b, 0x5b, 0x0f,
+ 0x4d, 0x84, 0xda, 0x1b, 0xef, 0x2f, 0x07, 0xdd, 0x3e, 0x2e, 0xdf, 0xb8, 0x6b, 0xc6, 0x89, 0x7f,
+ 0x46, 0x3b, 0x7a, 0x36, 0xfd, 0x50, 0x85, 0x46, 0x7b, 0xf7, 0xfe, 0xa7, 0xa4, 0x32, 0xc4, 0xb4,
+ 0x54, 0x92, 0x0d, 0x62, 0x1d, 0x90, 0x44, 0xa3, 0xc9, 0xb8, 0x4d, 0x4e, 0x7a, 0x4f, 0x21, 0x52,
+ 0x47, 0xa0, 0xc2, 0x00, 0xdb, 0x6a, 0x50, 0x15, 0xa3, 0x53, 0x55, 0x7c, 0x84, 0x1a, 0x32, 0x83,
+ 0xa8, 0x59, 0x37, 0xea, 0x77, 0xc9, 0x2a, 0xbb, 0x91, 0xb9, 0xc2, 0x4e, 0x33, 0x88, 0xaa, 0x36,
+ 0xf5, 0x89, 0x1a, 0x19, 0xef, 0x0f, 0x07, 0xbd, 0x3f, 0x87, 0x7c, 0x18, 0x0b, 0x90, 0x92, 0x8e,
+ 0x86, 0x80, 0xbb, 0x68, 0x33, 0xe3, 0x42, 0xc9, 0xa6, 0x73, 0xb0, 0xf1, 0x0a, 0xb9, 0xba, 0x5c,
+ 0xa8, 0xe0, 0xb6, 0xcd, 0xb5, 0xa9, 0x4f, 0x92, 0x96, 0x42, 0xf8, 0x11, 0xaa, 0x2b, 0x6e, 0x06,
+ 0xfa, 0x0a, 0x72, 0x00, 0x22, 0x40, 0x56, 0xae, 0xfe, 0x84, 0xd3, 0xba, 0xe2, 0xde, 0x9f, 0x0e,
+ 0x6a, 0xce, 0xa1, 0x3a, 0xe9, 0x9b, 0xac, 0xfb, 0x08, 0x35, 0xce, 0x04, 0x4f, 0x5e, 0xa7, 0xf2,
+ 0xe9, 0xd0, 0xbf, 0x15, 0x3c, 0xa1, 0x46, 0xc6, 0x7b, 0xe6, 0xa0, 0xbd, 0x39, 0xe4, 0x63, 0x26,
+ 0x15, 0xfe, 0x71, 0xc9, 0x3b, 0x64, 0x3d, 0xef, 0x68, 0xb6, 0x71, 0xce, 0x3b, 0x36, 0xd7, 0xce,
+ 0x24, 0x32, 0xe3, 0x9b, 0xc7, 0x68, 0x93, 0x29, 0x48, 0xa4, 0xed, 0xe1, 0xe3, 0x35, 0x7b, 0xa8,
+ 0x06, 0xd2, 0xd1, 0x6c, 0x5a, 0x8a, 0x78, 0xcf, 0xea, 0x0b, 0x1d, 0xe8, 0x5e, 0xf1, 0x19, 0xda,
+ 0xcd, 0x78, 0xff, 0x14, 0x86, 0x10, 0x29, 0x2e, 0x6c, 0x13, 0x0f, 0xd6, 0x6c, 0x22, 0xec, 0xc1,
+ 0x70, 0x42, 0x0d, 0xee, 0x14, 0x79, 0x6b, 0xb7, 0x5b, 0x69, 0xd1, 0x59, 0x61, 0x7c, 0x81, 0xf6,
+ 0xd2, 0x30, 0x01, 0x99, 0x85, 0x11, 0x4c, 0xb3, 0xd5, 0x5f, 0x3f, 0xdb, 0x7b, 0x45, 0xde, 0xda,
+ 0x3b, 0x5e, 0x54, 0xa4, 0xcb, 0x49, 0xf0, 0x77, 0x68, 0x9b, 0x65, 0x66, 0x85, 0x34, 0x37, 0x4c,
+ 0xbe, 0x8f, 0x56, 0xcf, 0xd1, 0xee, 0x9a, 0x60, 0xb7, 0xc8, 0x5b, 0x93, 0xc5, 0x43, 0x27, 0x74,
+ 0xef, 0xf7, 0x45, 0x0f, 0x68, 0xc3, 0xe1, 0x47, 0x68, 0xc7, 0xec, 0xaa, 0x88, 0x0f, 0xed, 0x6e,
+ 0xba, 0xab, 0xdf, 0xb3, 0x6b, 0x63, 0x37, 0x79, 0xeb, 0x83, 0xe5, 0xcf, 0x02, 0x99, 0x5c, 0xd3,
+ 0x29, 0x19, 0x1f, 0xa3, 0x86, 0xb6, 0xae, 0x9d, 0xca, 0xea, 0x25, 0xa4, 0xf7, 0x25, 0x29, 0xf7,
+ 0x25, 0xe9, 0xa4, 0xea, 0x44, 0x9c, 0x2a, 0xc1, 0xd2, 0x38, 0xd8, 0xd1, 0x96, 0xd5, 0x25, 0x51,
+ 0xa3, 0xe3, 0xdd, 0x2c, 0x3e, 0xb8, 0xde, 0x21, 0xf8, 0xe9, 0xff, 0xf6, 0xe0, 0xef, 0x5a, 0x9b,
+ 0xad, 0x7e, 0xf4, 0x9f, 0xd0, 0x36, 0x2b, 0xff, 0xe4, 0xd6, 0xc2, 0xf7, 0xd7, 0xb4, 0xf0, 0xcc,
+ 0x6a, 0x08, 0xee, 0xd8, 0x34, 0xdb, 0x93, 0xe0, 0x44, 0x13, 0x7f, 0x8f, 0xb6, 0xa0, 0x54, 0xdf,
+ 0x30, 0xea, 0xed, 0x35, 0xd5, 0xab, 0x7d, 0x19, 0xbc, 0x6d, 0xc5, 0xb7, 0x6c, 0xcc, 0x0a, 0xe2,
+ 0x2f, 0xf5, 0x94, 0x34, 0xf6, 0xc9, 0x65, 0x06, 0xb2, 0xd9, 0x30, 0xdf, 0x93, 0x0f, 0xcb, 0x66,
+ 0xa7, 0xe1, 0x9b, 0xbc, 0x85, 0xaa, 0x23, 0x9d, 0x65, 0x04, 0x87, 0x57, 0xd7, 0x6e, 0xed, 0xf9,
+ 0xb5, 0x5b, 0x7b, 0x71, 0xed, 0xd6, 0x7e, 0x2d, 0x5c, 0xe7, 0xaa, 0x70, 0x9d, 0xe7, 0x85, 0xeb,
+ 0xbc, 0x28, 0x5c, 0xe7, 0xef, 0xc2, 0x75, 0x7e, 0xfb, 0xc7, 0xad, 0xfd, 0x50, 0x1f, 0xb7, 0xff,
+ 0x0d, 0x00, 0x00, 0xff, 0xff, 0x48, 0x47, 0x24, 0xc9, 0xc1, 0x08, 0x00, 0x00,
}
diff --git a/staging/src/k8s.io/api/networking/v1/generated.proto b/staging/src/k8s.io/api/networking/v1/generated.proto
index 2dee2c9f78b4..ae28d2f2df2b 100644
--- a/staging/src/k8s.io/api/networking/v1/generated.proto
+++ b/staging/src/k8s.io/api/networking/v1/generated.proto
@@ -59,6 +59,27 @@ message NetworkPolicy {
optional NetworkPolicySpec spec = 2;
}
+// NetworkPolicyEgressRule describes a particular set of traffic that is allowed out of pods
+// matched by a NetworkPolicySpec's podSelector. The traffic must match both ports and to.
+// This type is beta-level in 1.8
+message NetworkPolicyEgressRule {
+ // List of destination ports for outgoing traffic.
+ // Each item in this list is combined using a logical OR. If this field is
+ // empty or missing, this rule matches all ports (traffic not restricted by port).
+ // If this field is present and contains at least one item, then this rule allows
+ // traffic only if the traffic matches at least one port in the list.
+ // +optional
+ repeated NetworkPolicyPort ports = 1;
+
+ // List of destinations for outgoing traffic of pods selected for this rule.
+ // Items in this list are combined using a logical OR operation. If this field is
+ // empty or missing, this rule matches all destinations (traffic not restricted by
+ // destination). If this field is present and contains at least one item, this rule
+ // allows traffic only if the traffic matches at least one item in the to list.
+ // +optional
+ repeated NetworkPolicyPeer to = 2;
+}
+
// NetworkPolicyIngressRule describes a particular set of traffic that is allowed to the pods
// matched by a NetworkPolicySpec's podSelector. The traffic must match both ports and from.
message NetworkPolicyIngressRule {
@@ -142,5 +163,28 @@ message NetworkPolicySpec {
// solely to ensure that the pods it selects are isolated by default)
// +optional
repeated NetworkPolicyIngressRule ingress = 2;
+
+ // List of egress rules to be applied to the selected pods. Outgoing traffic is
+ // allowed if there are no NetworkPolicies selecting the pod (and cluster policy
+ // otherwise allows the traffic), OR if the traffic matches at least one egress rule
+ // across all of the NetworkPolicy objects whose podSelector matches the pod. If
+ // this field is empty then this NetworkPolicy limits all outgoing traffic (and serves
+ // solely to ensure that the pods it selects are isolated by default).
+ // This field is beta-level in 1.8
+ // +optional
+ repeated NetworkPolicyEgressRule egress = 3;
+
+ // List of rule types that the NetworkPolicy relates to.
+ // Valid options are Ingress, Egress, or Ingress,Egress.
+ // If this field is not specified, it will default based on the existence of Ingress or Egress rules;
+ // policies that contain an Egress section are assumed to affect Egress, and all policies
+ // (whether or not they contain an Ingress section) are assumed to affect Ingress.
+ // If you want to write an egress-only policy, you must explicitly specify policyTypes [ "Egress" ].
+ // Likewise, if you want to write a policy that specifies that no egress is allowed,
+ // you must specify a policyTypes value that include "Egress" (since such a policy would not include
+ // an Egress section and would otherwise default to just [ "Ingress" ]).
+ // This field is beta-level in 1.8
+ // +optional
+ repeated string policyTypes = 4;
}
diff --git a/staging/src/k8s.io/api/networking/v1/types.go b/staging/src/k8s.io/api/networking/v1/types.go
index a0c7721b2d67..57bc8005e42c 100644
--- a/staging/src/k8s.io/api/networking/v1/types.go
+++ b/staging/src/k8s.io/api/networking/v1/types.go
@@ -38,6 +38,17 @@ type NetworkPolicy struct {
Spec NetworkPolicySpec `json:"spec,omitempty" protobuf:"bytes,2,opt,name=spec"`
}
+// Policy Type string describes the NetworkPolicy type
+// This type is beta-level in 1.8
+type PolicyType string
+
+const (
+ // PolicyTypeIngress is a NetworkPolicy that affects ingress traffic on selected pods
+ PolicyTypeIngress PolicyType = "Ingress"
+ // PolicyTypeEgress is a NetworkPolicy that affects egress traffic on selected pods
+ PolicyTypeEgress PolicyType = "Egress"
+)
+
// NetworkPolicySpec provides the specification of a NetworkPolicy
type NetworkPolicySpec struct {
// Selects the pods to which this NetworkPolicy object applies. The array of
@@ -57,6 +68,29 @@ type NetworkPolicySpec struct {
// solely to ensure that the pods it selects are isolated by default)
// +optional
Ingress []NetworkPolicyIngressRule `json:"ingress,omitempty" protobuf:"bytes,2,rep,name=ingress"`
+
+ // List of egress rules to be applied to the selected pods. Outgoing traffic is
+ // allowed if there are no NetworkPolicies selecting the pod (and cluster policy
+ // otherwise allows the traffic), OR if the traffic matches at least one egress rule
+ // across all of the NetworkPolicy objects whose podSelector matches the pod. If
+ // this field is empty then this NetworkPolicy limits all outgoing traffic (and serves
+ // solely to ensure that the pods it selects are isolated by default).
+ // This field is beta-level in 1.8
+ // +optional
+ Egress []NetworkPolicyEgressRule `json:"egress,omitempty" protobuf:"bytes,3,rep,name=egress"`
+
+ // List of rule types that the NetworkPolicy relates to.
+ // Valid options are Ingress, Egress, or Ingress,Egress.
+ // If this field is not specified, it will default based on the existence of Ingress or Egress rules;
+ // policies that contain an Egress section are assumed to affect Egress, and all policies
+ // (whether or not they contain an Ingress section) are assumed to affect Ingress.
+ // If you want to write an egress-only policy, you must explicitly specify policyTypes [ "Egress" ].
+ // Likewise, if you want to write a policy that specifies that no egress is allowed,
+ // you must specify a policyTypes value that include "Egress" (since such a policy would not include
+ // an Egress section and would otherwise default to just [ "Ingress" ]).
+ // This field is beta-level in 1.8
+ // +optional
+ PolicyTypes []PolicyType `json:"policyTypes,omitempty" protobuf:"bytes,4,rep,name=policyTypes,casttype=PolicyType"`
}
// NetworkPolicyIngressRule describes a particular set of traffic that is allowed to the pods
@@ -79,6 +113,27 @@ type NetworkPolicyIngressRule struct {
From []NetworkPolicyPeer `json:"from,omitempty" protobuf:"bytes,2,rep,name=from"`
}
+// NetworkPolicyEgressRule describes a particular set of traffic that is allowed out of pods
+// matched by a NetworkPolicySpec's podSelector. The traffic must match both ports and to.
+// This type is beta-level in 1.8
+type NetworkPolicyEgressRule struct {
+ // List of destination ports for outgoing traffic.
+ // Each item in this list is combined using a logical OR. If this field is
+ // empty or missing, this rule matches all ports (traffic not restricted by port).
+ // If this field is present and contains at least one item, then this rule allows
+ // traffic only if the traffic matches at least one port in the list.
+ // +optional
+ Ports []NetworkPolicyPort `json:"ports,omitempty" protobuf:"bytes,1,rep,name=ports"`
+
+ // List of destinations for outgoing traffic of pods selected for this rule.
+ // Items in this list are combined using a logical OR operation. If this field is
+ // empty or missing, this rule matches all destinations (traffic not restricted by
+ // destination). If this field is present and contains at least one item, this rule
+ // allows traffic only if the traffic matches at least one item in the to list.
+ // +optional
+ To []NetworkPolicyPeer `json:"to,omitempty" protobuf:"bytes,2,rep,name=to"`
+}
+
// NetworkPolicyPort describes a port to allow traffic on
type NetworkPolicyPort struct {
// The protocol (TCP or UDP) which traffic must match. If not specified, this
diff --git a/staging/src/k8s.io/api/networking/v1/types_swagger_doc_generated.go b/staging/src/k8s.io/api/networking/v1/types_swagger_doc_generated.go
index 87170082d6dc..ad0bafeac0f9 100644
--- a/staging/src/k8s.io/api/networking/v1/types_swagger_doc_generated.go
+++ b/staging/src/k8s.io/api/networking/v1/types_swagger_doc_generated.go
@@ -47,6 +47,16 @@ func (NetworkPolicy) SwaggerDoc() map[string]string {
return map_NetworkPolicy
}
+var map_NetworkPolicyEgressRule = map[string]string{
+ "": "NetworkPolicyEgressRule describes a particular set of traffic that is allowed out of pods matched by a NetworkPolicySpec's podSelector. The traffic must match both ports and to. This type is beta-level in 1.8",
+ "ports": "List of destination ports for outgoing traffic. Each item in this list is combined using a logical OR. If this field is empty or missing, this rule matches all ports (traffic not restricted by port). If this field is present and contains at least one item, then this rule allows traffic only if the traffic matches at least one port in the list.",
+ "to": "List of destinations for outgoing traffic of pods selected for this rule. Items in this list are combined using a logical OR operation. If this field is empty or missing, this rule matches all destinations (traffic not restricted by destination). If this field is present and contains at least one item, this rule allows traffic only if the traffic matches at least one item in the to list.",
+}
+
+func (NetworkPolicyEgressRule) SwaggerDoc() map[string]string {
+ return map_NetworkPolicyEgressRule
+}
+
var map_NetworkPolicyIngressRule = map[string]string{
"": "NetworkPolicyIngressRule describes a particular set of traffic that is allowed to the pods matched by a NetworkPolicySpec's podSelector. The traffic must match both ports and from.",
"ports": "List of ports which should be made accessible on the pods selected for this rule. Each item in this list is combined using a logical OR. If this field is empty or missing, this rule matches all ports (traffic not restricted by port). If this field is present and contains at least one item, then this rule allows traffic only if the traffic matches at least one port in the list.",
@@ -92,6 +102,8 @@ var map_NetworkPolicySpec = map[string]string{
"": "NetworkPolicySpec provides the specification of a NetworkPolicy",
"podSelector": "Selects the pods to which this NetworkPolicy object applies. The array of ingress rules is applied to any pods selected by this field. Multiple network policies can select the same set of pods. In this case, the ingress rules for each are combined additively. This field is NOT optional and follows standard label selector semantics. An empty podSelector matches all pods in this namespace.",
"ingress": "List of ingress rules to be applied to the selected pods. Traffic is allowed to a pod if there are no NetworkPolicies selecting the pod (and cluster policy otherwise allows the traffic), OR if the traffic source is the pod's local node, OR if the traffic matches at least one ingress rule across all of the NetworkPolicy objects whose podSelector matches the pod. If this field is empty then this NetworkPolicy does not allow any traffic (and serves solely to ensure that the pods it selects are isolated by default)",
+ "egress": "List of egress rules to be applied to the selected pods. Outgoing traffic is allowed if there are no NetworkPolicies selecting the pod (and cluster policy otherwise allows the traffic), OR if the traffic matches at least one egress rule across all of the NetworkPolicy objects whose podSelector matches the pod. If this field is empty then this NetworkPolicy limits all outgoing traffic (and serves solely to ensure that the pods it selects are isolated by default). This field is beta-level in 1.8",
+ "policyTypes": "List of rule types that the NetworkPolicy relates to. Valid options are Ingress, Egress, or Ingress,Egress. If this field is not specified, it will default based on the existence of Ingress or Egress rules; policies that contain an Egress section are assumed to affect Egress, and all policies (whether or not they contain an Ingress section) are assumed to affect Ingress. If you want to write an egress-only policy, you must explicitly specify policyTypes [ \"Egress\" ]. Likewise, if you want to write a policy that specifies that no egress is allowed, you must specify a policyTypes value that include \"Egress\" (since such a policy would not include an Egress section and would otherwise default to just [ \"Ingress\" ]). This field is beta-level in 1.8",
}
func (NetworkPolicySpec) SwaggerDoc() map[string]string {
diff --git a/staging/src/k8s.io/api/networking/v1/zz_generated.deepcopy.go b/staging/src/k8s.io/api/networking/v1/zz_generated.deepcopy.go
index 94948b14168e..0e6709667de4 100644
--- a/staging/src/k8s.io/api/networking/v1/zz_generated.deepcopy.go
+++ b/staging/src/k8s.io/api/networking/v1/zz_generated.deepcopy.go
@@ -47,6 +47,10 @@ func RegisterDeepCopies(scheme *runtime.Scheme) error {
in.(*NetworkPolicy).DeepCopyInto(out.(*NetworkPolicy))
return nil
}, InType: reflect.TypeOf(&NetworkPolicy{})},
+ conversion.GeneratedDeepCopyFunc{Fn: func(in interface{}, out interface{}, c *conversion.Cloner) error {
+ in.(*NetworkPolicyEgressRule).DeepCopyInto(out.(*NetworkPolicyEgressRule))
+ return nil
+ }, InType: reflect.TypeOf(&NetworkPolicyEgressRule{})},
conversion.GeneratedDeepCopyFunc{Fn: func(in interface{}, out interface{}, c *conversion.Cloner) error {
in.(*NetworkPolicyIngressRule).DeepCopyInto(out.(*NetworkPolicyIngressRule))
return nil
@@ -119,6 +123,36 @@ func (in *NetworkPolicy) DeepCopyObject() runtime.Object {
}
}
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *NetworkPolicyEgressRule) DeepCopyInto(out *NetworkPolicyEgressRule) {
+ *out = *in
+ if in.Ports != nil {
+ in, out := &in.Ports, &out.Ports
+ *out = make([]NetworkPolicyPort, len(*in))
+ for i := range *in {
+ (*in)[i].DeepCopyInto(&(*out)[i])
+ }
+ }
+ if in.To != nil {
+ in, out := &in.To, &out.To
+ *out = make([]NetworkPolicyPeer, len(*in))
+ for i := range *in {
+ (*in)[i].DeepCopyInto(&(*out)[i])
+ }
+ }
+ return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkPolicyEgressRule.
+func (in *NetworkPolicyEgressRule) DeepCopy() *NetworkPolicyEgressRule {
+ if in == nil {
+ return nil
+ }
+ out := new(NetworkPolicyEgressRule)
+ in.DeepCopyInto(out)
+ return out
+}
+
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *NetworkPolicyIngressRule) DeepCopyInto(out *NetworkPolicyIngressRule) {
*out = *in
@@ -271,6 +305,18 @@ func (in *NetworkPolicySpec) DeepCopyInto(out *NetworkPolicySpec) {
(*in)[i].DeepCopyInto(&(*out)[i])
}
}
+ if in.Egress != nil {
+ in, out := &in.Egress, &out.Egress
+ *out = make([]NetworkPolicyEgressRule, len(*in))
+ for i := range *in {
+ (*in)[i].DeepCopyInto(&(*out)[i])
+ }
+ }
+ if in.PolicyTypes != nil {
+ in, out := &in.PolicyTypes, &out.PolicyTypes
+ *out = make([]PolicyType, len(*in))
+ copy(*out, *in)
+ }
return
}