Packages:
- ops.antrea.tanzu.vmware.com/v1alpha1
- security.antrea.tanzu.vmware.com/v1alpha1
- stats.antrea.tanzu.vmware.com/v1alpha1
- system.antrea.tanzu.vmware.com/v1beta1
- clusterinformation.antrea.tanzu.vmware.com/v1beta1
- controlplane.antrea.tanzu.vmware.com/v1beta1
- controlplane.antrea.tanzu.vmware.com/v1beta2
- core.antrea.tanzu.vmware.com/v1alpha2
ops.antrea.tanzu.vmware.com/v1alpha1
Resource Types:
Destination
(Appears on: TraceflowSpec)
Destination describes the destination spec of the traceflow.
| Field | Description |
|---|---|
namespace
string
|
Namespace is the destination namespace. |
pod
string
|
Pod is the destination pod, exclusive with destination service. |
service
string
|
Service is the destination service, exclusive with destination pod. |
ip
string
|
IP is the destination IP. |
ICMPEchoRequestHeader
(Appears on: TransportHeader)
ICMPEchoRequestHeader describes spec of an ICMP echo request header.
| Field | Description |
|---|---|
id
int32
|
ID is the ICMPEchoRequestHeader ID. |
sequence
int32
|
Sequence is the ICMPEchoRequestHeader sequence. |
IPHeader
(Appears on: Packet)
IPHeader describes spec of an IPv4 header. IPv6 not supported yet.
| Field | Description |
|---|---|
srcIP
string
|
SrcIP is the source IP. |
protocol
int32
|
Protocol is the IP protocol. |
ttl
int32
|
TTL is the IP TTL. |
flags
int32
|
Flags is the flags for IP. |
NodeResult
(Appears on: TraceflowStatus)
| Field | Description |
|---|---|
node
string
|
Node is the node of the observation. |
role
string
|
Role of the node like sender, receiver, etc. |
timestamp
int64
|
Timestamp is the timestamp of the observations on the node. |
observations
[]Observation
|
Observations includes all observations from sender nodes, receiver ones, etc. |
Observation
(Appears on: NodeResult)
Observation describes those from sender nodes or receiver nodes.
| Field | Description |
|---|---|
component
TraceflowComponent
|
Component is the observation component. |
componentInfo
string
|
ComponentInfo is the extension of Component field. |
action
TraceflowAction
|
Action is the action to the observation. |
pod
string
|
Pod is the combination of Pod name and Pod Namespace. |
dstMAC
string
|
DstMAC is the destination MAC. |
networkPolicy
string
|
NetworkPolicy is the combination of Namespace and NetworkPolicyName. |
ttl
int32
|
TTL is the observation TTL. |
translatedSrcIP
string
|
TranslatedSrcIP is the translated source IP. |
translatedDstIP
string
|
TranslatedSrcIP is the translated destination IP. |
tunnelDstIP
string
|
TunnelDstIP is the tunnel destination IP. |
Packet
(Appears on: TraceflowSpec)
Packet includes header info.
| Field | Description |
|---|---|
ipHeader
IPHeader
|
|
transportHeader
TransportHeader
|
Source
(Appears on: TraceflowSpec)
Source describes the source spec of the traceflow.
| Field | Description |
|---|---|
namespace
string
|
Namespace is the source namespace. |
pod
string
|
Pod is the source pod. |
TCPHeader
(Appears on: TransportHeader)
TCPHeader describes spec of a TCP header.
| Field | Description |
|---|---|
srcPort
int32
|
SrcPort is the source port. |
dstPort
int32
|
DstPort is the destination port. |
flags
int32
|
Flags are flags in the header. |
Traceflow
| Field | Description | ||||||
|---|---|---|---|---|---|---|---|
metadata
Kubernetes meta/v1.ObjectMeta
|
Refer to the Kubernetes API documentation for the fields of the
metadata field.
|
||||||
spec
TraceflowSpec
|
|
||||||
status
TraceflowStatus
|
TraceflowAction
(string alias)
(Appears on: Observation)
TraceflowComponent
(string alias)
(Appears on: Observation)
TraceflowPhase
(string alias)
(Appears on: TraceflowStatus)
TraceflowSpec
(Appears on: Traceflow)
TraceflowSpec describes the spec of the traceflow.
| Field | Description |
|---|---|
source
Source
|
|
destination
Destination
|
|
packet
Packet
|
TraceflowStatus
(Appears on: Traceflow)
TraceflowStatus describes current status of the traceflow.
| Field | Description |
|---|---|
phase
TraceflowPhase
|
Phase is the Traceflow phase. |
reason
string
|
Reason is a message indicating the reason of the traceflow’s current phase. |
dataplaneTag
byte
|
DataplaneTag is a tag to identify a traceflow session across Nodes. |
results
[]NodeResult
|
Results is the collection of all observations on different nodes. |
TransportHeader
(Appears on: Packet)
TransportHeader describes spec of a TransportHeader.
| Field | Description |
|---|---|
icmp
ICMPEchoRequestHeader
|
|
udp
UDPHeader
|
|
tcp
TCPHeader
|
UDPHeader
(Appears on: TransportHeader)
UDPHeader describes spec of a UDP header.
| Field | Description |
|---|---|
srcPort
int32
|
SrcPort is the source port. |
dstPort
int32
|
DstPort is the destination port. |
security.antrea.tanzu.vmware.com/v1alpha1
Resource Types:ClusterNetworkPolicy
| Field | Description | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
apiVersion
string |
security.antrea.tanzu.vmware.com/v1alpha1
|
||||||||||
kind
string
|
ClusterNetworkPolicy |
||||||||||
metadata
Kubernetes meta/v1.ObjectMeta
|
Standard metadata of the object. Refer to the Kubernetes API documentation for the fields of themetadata field.
|
||||||||||
spec
ClusterNetworkPolicySpec
|
Specification of the desired behavior of ClusterNetworkPolicy.
|
NetworkPolicy
| Field | Description | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
apiVersion
string |
security.antrea.tanzu.vmware.com/v1alpha1
|
||||||||||
kind
string
|
NetworkPolicy |
||||||||||
metadata
Kubernetes meta/v1.ObjectMeta
|
Standard metadata of the object. Refer to the Kubernetes API documentation for the fields of themetadata field.
|
||||||||||
spec
NetworkPolicySpec
|
Specification of the desired behavior of NetworkPolicy.
|
Tier
| Field | Description | ||||
|---|---|---|---|---|---|
apiVersion
string |
security.antrea.tanzu.vmware.com/v1alpha1
|
||||
kind
string
|
Tier |
||||
metadata
Kubernetes meta/v1.ObjectMeta
|
Standard metadata of the object. Refer to the Kubernetes API documentation for the fields of themetadata field.
|
||||
spec
TierSpec
|
Specification of the desired behavior of Tier.
|
ClusterNetworkPolicySpec
(Appears on: ClusterNetworkPolicy)
ClusterNetworkPolicySpec defines the desired state for ClusterNetworkPolicy.
| Field | Description |
|---|---|
tier
string
|
Tier specifies the tier to which this ClusterNetworkPolicy belongs to. The ClusterNetworkPolicy order will be determined based on the combination of the Tier’s Priority and the ClusterNetworkPolicy’s own Priority. If not specified, this policy will be created in the Application Tier right above the K8s NetworkPolicy which resides at the bottom. |
priority
float64
|
Priority specfies the order of the ClusterNetworkPolicy relative to other AntreaClusterNetworkPolicies. |
appliedTo
[]NetworkPolicyPeer
|
Select workloads on which the rules will be applied to. |
ingress
[]Rule
|
(Optional)
Set of ingress rules evaluated based on the order in which they are set.
Currently Ingress rule supports setting the |
egress
[]Rule
|
(Optional)
Set of egress rules evaluated based on the order in which they are set.
Currently Egress rule supports setting the |
IPBlock
(Appears on: NetworkPolicyPeer)
IPBlock describes a particular CIDR (Ex. “192.168.1.1⁄24”) that is allowed or denied to/from the workloads matched by a Spec.AppliedTo.
| Field | Description |
|---|---|
cidr
string
|
CIDR is a string representing the IP Block Valid examples are “192.168.1.1⁄24”. |
NetworkPolicyPeer
(Appears on: ClusterNetworkPolicySpec, NetworkPolicySpec, Rule)
NetworkPolicyPeer describes the grouping selector of workloads.
| Field | Description |
|---|---|
ipBlock
IPBlock
|
(Optional)
IPBlock describes the IPAddresses/IPBlocks that is matched in to/from. IPBlock cannot be set as part of the AppliedTo field. Cannot be set with any other selector. |
podSelector
Kubernetes meta/v1.LabelSelector
|
(Optional)
Select Pods from NetworkPolicy’s Namespace as workloads in AppliedTo/To/From fields. If set with NamespaceSelector, Pods are matched from Namespaces matched by the NamespaceSelector. Cannot be set with any other selector except NamespaceSelector. |
namespaceSelector
Kubernetes meta/v1.LabelSelector
|
(Optional)
Select all Pods from Namespaces matched by this selector, as workloads in To/From fields. If set with PodSelector, Pods are matched from Namespaces matched by the NamespaceSelector. Cannot be set with any other selector except PodSelector or ExternalEntitySelector. |
externalEntitySelector
Kubernetes meta/v1.LabelSelector
|
Select ExternalEntities from NetworkPolicy’s Namespace as workloads in AppliedTo/To/From fields. If set with NamespaceSelector, ExternalEntities are matched from Namespaces matched by the NamespaceSelector. Cannot be set with any other selector except NamespaceSelector. |
NetworkPolicyPort
(Appears on: Rule)
NetworkPolicyPort describes the port and protocol to match in a rule.
| Field | Description |
|---|---|
protocol
Kubernetes core/v1.Protocol
|
(Optional)
The protocol (TCP, UDP, or SCTP) which traffic must match. If not specified, this field defaults to TCP. |
port
k8s.io/apimachinery/pkg/util/intstr.IntOrString
|
(Optional)
The port on the given protocol. This can either be a numerical or named port on a Pod. If this field is not provided, this matches all port names and numbers. TODO: extend it to include Port Range. |
NetworkPolicySpec
(Appears on: NetworkPolicy)
NetworkPolicySpec defines the desired state for NetworkPolicy.
| Field | Description |
|---|---|
tier
string
|
Tier specifies the tier to which this NetworkPolicy belongs to. The NetworkPolicy order will be determined based on the combination of the Tier’s Priority and the NetworkPolicy’s own Priority. If not specified, this policy will be created in the Application Tier right above the K8s NetworkPolicy which resides at the bottom. |
priority
float64
|
Priority specfies the order of the NetworkPolicy relative to other NetworkPolicies. |
appliedTo
[]NetworkPolicyPeer
|
Select workloads on which the rules will be applied to. |
ingress
[]Rule
|
(Optional)
Set of ingress rules evaluated based on the order in which they are set.
Currently Ingress rule supports setting the |
egress
[]Rule
|
(Optional)
Set of egress rules evaluated based on the order in which they are set.
Currently Egress rule supports setting the |
Rule
(Appears on: ClusterNetworkPolicySpec, NetworkPolicySpec)
Rule describes the traffic allowed to/from the workloads selected by Spec.AppliedTo. Based on the action specified in the rule, traffic is either allowed or denied which exactly match the specified ports and protocol.
| Field | Description |
|---|---|
action
RuleAction
|
Action specifies the action to be applied on the rule. |
ports
[]NetworkPolicyPort
|
(Optional)
Set of port and protocol allowed/denied by the rule. If this field is unset or empty, this rule matches all ports. |
from
[]NetworkPolicyPeer
|
(Optional)
Rule is matched if traffic originates from workloads selected by this field. If this field is empty, this rule matches all sources. |
to
[]NetworkPolicyPeer
|
(Optional)
Rule is matched if traffic is intended for workloads selected by this field. If this field is empty or missing, this rule matches all destinations. |
name
string
|
(Optional)
Name describes the intention of this rule. Name should be unique within the policy. |
enableLogging
bool
|
EnableLogging is used to indicate if agent should generate logs when rules are matched. Should be default to false. |
RuleAction
(string alias)
(Appears on: NetworkPolicyRule, NetworkPolicyRule, Rule)
RuleAction describes the action to be applied on traffic matching a rule.
TierSpec
(Appears on: Tier)
TierSpec defines the desired state for Tier.
| Field | Description |
|---|---|
priority
int32
|
Priority specfies the order of the Tier relative to other Tiers. |
description
string
|
Description is an optional field to add more information regarding the purpose of this Tier. |
stats.antrea.tanzu.vmware.com/v1alpha1
Package v1alpha1 is the v1alpha1 version of the Antrea Stats API.
Resource Types:AntreaClusterNetworkPolicyStats
AntreaClusterNetworkPolicyStats is the statistics of a Antrea ClusterNetworkPolicy.
| Field | Description |
|---|---|
apiVersion
string |
stats.antrea.tanzu.vmware.com/v1alpha1
|
kind
string
|
AntreaClusterNetworkPolicyStats |
metadata
Kubernetes meta/v1.ObjectMeta
|
Refer to the Kubernetes API documentation for the fields of the
metadata field.
|
trafficStats
TrafficStats
|
The traffic stats of the Antrea ClusterNetworkPolicy. |
AntreaNetworkPolicyStats
AntreaNetworkPolicyStats is the statistics of a Antrea NetworkPolicy.
| Field | Description |
|---|---|
apiVersion
string |
stats.antrea.tanzu.vmware.com/v1alpha1
|
kind
string
|
AntreaNetworkPolicyStats |
metadata
Kubernetes meta/v1.ObjectMeta
|
Refer to the Kubernetes API documentation for the fields of the
metadata field.
|
trafficStats
TrafficStats
|
The traffic stats of the Antrea NetworkPolicy. |
NetworkPolicyStats
NetworkPolicyStats is the statistics of a K8s NetworkPolicy.
| Field | Description |
|---|---|
apiVersion
string |
stats.antrea.tanzu.vmware.com/v1alpha1
|
kind
string
|
NetworkPolicyStats |
metadata
Kubernetes meta/v1.ObjectMeta
|
Refer to the Kubernetes API documentation for the fields of the
metadata field.
|
trafficStats
TrafficStats
|
The traffic stats of the K8s NetworkPolicy. |
TrafficStats
(Appears on: AntreaClusterNetworkPolicyStats, AntreaNetworkPolicyStats, NetworkPolicyStats, NetworkPolicyStats, NetworkPolicyStats)
TrafficStats contains the traffic stats of a NetworkPolicy.
| Field | Description |
|---|---|
packets
int64
|
Packets is the packets count hit by the NetworkPolicy. |
bytes
int64
|
Bytes is the bytes count hit by the NetworkPolicy. |
sessions
int64
|
Sessions is the sessions count hit by the NetworkPolicy. |
system.antrea.tanzu.vmware.com/v1beta1
Package v1beta1 contains the v1beta1 version of the Antrea “system” API group definitions.
Resource Types:BundleStatus
(string alias)
(Appears on: SupportBundle)
SupportBundle
| Field | Description |
|---|---|
metadata
Kubernetes meta/v1.ObjectMeta
|
Refer to the Kubernetes API documentation for the fields of the
metadata field.
|
status
BundleStatus
|
|
sum
string
|
|
size
uint32
|
|
-
string
|
clusterinformation.antrea.tanzu.vmware.com/v1beta1
Resource Types:AgentCondition
(Appears on: AntreaAgentInfo)
| Field | Description |
|---|---|
type
AgentConditionType
|
|
status
Kubernetes core/v1.ConditionStatus
|
One of the AgentConditionType listed above |
lastHeartbeatTime
Kubernetes meta/v1.Time
|
Mark certain type status, one of True, False, Unknown |
reason
string
|
The timestamp when AntreaAgentInfo is created/updated, ideally heartbeat interval is 60s |
message
string
|
Brief reason |
AgentConditionType
(string alias)
(Appears on: AgentCondition)
AntreaAgentInfo
| Field | Description |
|---|---|
metadata
Kubernetes meta/v1.ObjectMeta
|
Refer to the Kubernetes API documentation for the fields of the
metadata field.
|
version
string
|
|
podRef
Kubernetes core/v1.ObjectReference
|
Antrea binary version |
nodeRef
Kubernetes core/v1.ObjectReference
|
The Pod that Antrea Agent is running in |
nodeSubnet
[]string
|
The Node that Antrea Agent is running in |
ovsInfo
OVSInfo
|
Node subnet |
networkPolicyControllerInfo
NetworkPolicyControllerInfo
|
OVS Information |
localPodNum
int32
|
Antrea Agent NetworkPolicy information |
agentConditions
[]AgentCondition
|
The number of Pods which the agent is in charge of |
apiPort
int
|
Agent condition contains types like AgentHealthy |
AntreaControllerInfo
| Field | Description |
|---|---|
metadata
Kubernetes meta/v1.ObjectMeta
|
Refer to the Kubernetes API documentation for the fields of the
metadata field.
|
version
string
|
|
podRef
Kubernetes core/v1.ObjectReference
|
Antrea binary version |
nodeRef
Kubernetes core/v1.ObjectReference
|
The Pod that Antrea Controller is running in |
serviceRef
Kubernetes core/v1.ObjectReference
|
The Node that Antrea Controller is running in |
networkPolicyControllerInfo
NetworkPolicyControllerInfo
|
Antrea Controller Service |
connectedAgentNum
int32
|
Antrea Controller NetworkPolicy information |
controllerConditions
[]ControllerCondition
|
Number of agents which are connected to this controller |
apiPort
int
|
Controller condition contains types like ControllerHealthy |
ControllerCondition
(Appears on: AntreaControllerInfo)
| Field | Description |
|---|---|
type
ControllerConditionType
|
|
status
Kubernetes core/v1.ConditionStatus
|
One of the ControllerConditionType listed above, controllerHealthy |
lastHeartbeatTime
Kubernetes meta/v1.Time
|
Mark certain type status, one of True, False, Unknown |
reason
string
|
The timestamp when AntreaControllerInfo is created/updated, ideally heartbeat interval is 60s |
message
string
|
Brief reason |
ControllerConditionType
(string alias)
(Appears on: ControllerCondition)
NetworkPolicyControllerInfo
(Appears on: AntreaAgentInfo, AntreaControllerInfo)
| Field | Description |
|---|---|
networkPolicyNum
int32
|
|
addressGroupNum
int32
|
|
appliedToGroupNum
int32
|
OVSInfo
(Appears on: AntreaAgentInfo)
| Field | Description |
|---|---|
version
string
|
|
bridgeName
string
|
|
flowTable
map[string]int32
|
controlplane.antrea.tanzu.vmware.com/v1beta1
Package v1beta1 is the v1beta1 version of the Antrea NetworkPolicy API messages.
Resource Types:NodeStatsSummary
NodeStatsSummary contains stats produced on a Node. It’s used by the antrea-agents to report stats to the antrea-controller.
| Field | Description |
|---|---|
apiVersion
string |
controlplane.antrea.tanzu.vmware.com/v1beta1
|
kind
string
|
NodeStatsSummary |
metadata
Kubernetes meta/v1.ObjectMeta
|
Refer to the Kubernetes API documentation for the fields of the
metadata field.
|
networkPolicies
[]NetworkPolicyStats
|
The TrafficStats of K8s NetworkPolicies collected from the Node. |
antreaClusterNetworkPolicies
[]NetworkPolicyStats
|
The TrafficStats of Antrea ClusterNetworkPolicies collected from the Node. |
antreaNetworkPolicies
[]NetworkPolicyStats
|
The TrafficStats of Antrea NetworkPolicies collected from the Node. |
AddressGroup
AddressGroup is the message format of antrea/pkg/controller/types.AddressGroup in an API response.
| Field | Description |
|---|---|
metadata
Kubernetes meta/v1.ObjectMeta
|
Refer to the Kubernetes API documentation for the fields of the
metadata field.
|
pods
[]GroupMemberPod
|
|
groupMembers
[]GroupMember
|
AddressGroupPatch
AddressGroupPatch describes the incremental update of an AddressGroup.
| Field | Description |
|---|---|
metadata
Kubernetes meta/v1.ObjectMeta
|
Refer to the Kubernetes API documentation for the fields of the
metadata field.
|
addedPods
[]GroupMemberPod
|
|
removedPods
[]GroupMemberPod
|
|
addedGroupMembers
[]GroupMember
|
|
removedGroupMembers
[]GroupMember
|
AppliedToGroup
AppliedToGroup is the message format of antrea/pkg/controller/types.AppliedToGroup in an API response.
| Field | Description |
|---|---|
metadata
Kubernetes meta/v1.ObjectMeta
|
Refer to the Kubernetes API documentation for the fields of the
metadata field.
|
pods
[]GroupMemberPod
|
Pods is a list of Pods selected by this group. |
groupMembers
[]GroupMember
|
GroupMembers is list of resources selected by this group. This eventually will replace Pods |
AppliedToGroupPatch
AppliedToGroupPatch describes the incremental update of an AppliedToGroup.
| Field | Description |
|---|---|
metadata
Kubernetes meta/v1.ObjectMeta
|
Refer to the Kubernetes API documentation for the fields of the
metadata field.
|
addedPods
[]GroupMemberPod
|
|
removedPods
[]GroupMemberPod
|
|
addedGroupMembers
[]GroupMember
|
|
removedGroupMembers
[]GroupMember
|
Direction
(string alias)
(Appears on: NetworkPolicyRule)
Direction defines traffic direction of NetworkPolicyRule.
Endpoint
(Appears on: GroupMember)
Endpoint represents an external endpoint.
| Field | Description |
|---|---|
ip
IPAddress
|
IP is the IP address of the Endpoint. |
ports
[]NamedPort
|
Ports is the list NamedPort of the Endpoint. |
ExternalEntityReference
(Appears on: GroupMember)
ExternalEntityReference represents a ExternalEntity Reference.
| Field | Description |
|---|---|
name
string
|
The name of this ExternalEntity. |
namespace
string
|
The namespace of this ExternalEntity. |
GroupMember
(Appears on: AddressGroup, AddressGroupPatch, AppliedToGroup, AppliedToGroupPatch)
GroupMember represents resource member to be populated in Groups. This supersedes GroupMemberPod, and will eventually replace it.
| Field | Description |
|---|---|
pod
PodReference
|
Pod maintains the reference to the Pod. |
externalEntity
ExternalEntityReference
|
ExternalEntity maintains the reference to the ExternalEntity. |
endpoints
[]Endpoint
|
Endpoints maintains a list of EndPoints associated with this groupMember. |
GroupMemberPod
(Appears on: AddressGroup, AddressGroupPatch, AppliedToGroup, AppliedToGroupPatch)
GroupMemberPod represents a GroupMember related to Pods.
| Field | Description |
|---|---|
pod
PodReference
|
Pod maintains the reference to the Pod. |
ip
IPAddress
|
IP maintains the IPAddress associated with the Pod. |
ports
[]NamedPort
|
Ports maintain the named port mapping of this Pod. |
GroupMemberPodSet
(map[github.com/vmware-tanzu/antrea/pkg/apis/controlplane/v1beta1.groupMemberPodKey]*github.com/vmware-tanzu/antrea/pkg/apis/controlplane/v1beta1.GroupMemberPod alias)
GroupMemberPodSet is a set of GroupMemberPods.
GroupMemberSet
(map[github.com/vmware-tanzu/antrea/pkg/apis/controlplane/v1beta1.groupMemberKey]*github.com/vmware-tanzu/antrea/pkg/apis/controlplane/v1beta1.GroupMember alias)
GroupMemberSet is a set of GroupMembers.
IPAddress
([]byte alias)
(Appears on: Endpoint, GroupMemberPod, IPNet)
IPAddress describes a single IP address. Either an IPv4 or IPv6 address must be set.
IPBlock
(Appears on: NetworkPolicyPeer)
IPBlock describes a particular CIDR (Ex. “192.168.1.1⁄24”). The except entry describes CIDRs that should not be included within this rule.
| Field | Description |
|---|---|
cidr
IPNet
|
CIDR is an IPNet represents the IP Block. |
except
[]IPNet
|
(Optional)
Except is a slice of IPNets that should not be included within an IP Block. Except values will be rejected if they are outside the CIDR range. |
IPNet
(Appears on: IPBlock)
IPNet describes an IP network.
| Field | Description |
|---|---|
ip
IPAddress
|
|
prefixLength
int32
|
NamedPort
(Appears on: Endpoint, GroupMemberPod)
NamedPort represents a Port with a name on Pod.
| Field | Description |
|---|---|
port
int32
|
Port represents the Port number. |
name
string
|
Name represents the associated name with this Port number. |
protocol
Protocol
|
Protocol for port. Must be UDP, TCP, or SCTP. |
NetworkPolicy
NetworkPolicy is the message format of antrea/pkg/controller/types.NetworkPolicy in an API response.
| Field | Description |
|---|---|
metadata
Kubernetes meta/v1.ObjectMeta
|
Refer to the Kubernetes API documentation for the fields of the
metadata field.
|
rules
[]NetworkPolicyRule
|
Rules is a list of rules to be applied to the selected Pods. |
appliedToGroups
[]string
|
AppliedToGroups is a list of names of AppliedToGroups to which this policy applies. |
priority
float64
|
Priority represents the relative priority of this Network Policy as compared to other Network Policies. Priority will be unset (nil) for K8s Network Policy. |
tierPriority
int32
|
TierPriority represents the priority of the Tier associated with this Network Policy. The TierPriority will remain nil for K8s NetworkPolicy. |
sourceRef
NetworkPolicyReference
|
Reference to the original NetworkPolicy that the internal NetworkPolicy is created for. |
NetworkPolicyPeer
(Appears on: NetworkPolicyRule)
NetworkPolicyPeer describes a peer of NetworkPolicyRules. It could be a list of names of AddressGroups and/or a list of IPBlock.
| Field | Description |
|---|---|
addressGroups
[]string
|
A list of names of AddressGroups. |
ipBlocks
[]IPBlock
|
A list of IPBlock. |
NetworkPolicyReference
(Appears on: NetworkPolicy, NetworkPolicyStats)
| Field | Description |
|---|---|
type
NetworkPolicyType
|
Type of the NetworkPolicy. |
namespace
string
|
Namespace of the NetworkPolicy. It’s empty for Antrea ClusterNetworkPolicy. |
name
string
|
Name of the NetworkPolicy. |
uid
k8s.io/apimachinery/pkg/types.UID
|
UID of the NetworkPolicy. |
NetworkPolicyRule
(Appears on: NetworkPolicy)
NetworkPolicyRule describes a particular set of traffic that is allowed.
| Field | Description |
|---|---|
direction
Direction
|
The direction of this rule. If it’s set to In, From must be set and To must not be set. If it’s set to Out, To must be set and From must not be set. |
from
NetworkPolicyPeer
|
From represents sources which should be able to access the pods selected by the policy. |
to
NetworkPolicyPeer
|
To represents destinations which should be able to be accessed by the pods selected by the policy. |
services
[]Service
|
Services is a list of services which should be matched. |
priority
int32
|
Priority defines the priority of the Rule as compared to other rules in the NetworkPolicy. |
action
RuleAction
|
Action specifies the action to be applied on the rule. i.e. Allow/Drop. An empty action “nil” defaults to Allow action, which would be the case for rules created for K8s Network Policy. |
enableLogging
bool
|
EnableLogging indicates whether or not to generate logs when rules are matched. Default to false. |
NetworkPolicyStats
(Appears on: NodeStatsSummary)
NetworkPolicyStats contains the information and traffic stats of a NetworkPolicy.
| Field | Description |
|---|---|
networkPolicy
NetworkPolicyReference
|
The reference of the NetworkPolicy. |
trafficStats
TrafficStats
|
The stats of the NetworkPolicy. |
NetworkPolicyType
(string alias)
(Appears on: NetworkPolicyReference)
PodReference
(Appears on: GroupMember, GroupMemberPod)
PodReference represents a Pod Reference.
| Field | Description |
|---|---|
name
string
|
The name of this pod. |
namespace
string
|
The namespace of this pod. |
Protocol
(string alias)
(Appears on: NamedPort, Service)
Protocol defines network protocols supported for things like container ports.
Service
(Appears on: NetworkPolicyRule)
Service describes a port to allow traffic on.
| Field | Description |
|---|---|
protocol
Protocol
|
(Optional)
The protocol (TCP, UDP, or SCTP) which traffic must match. If not specified, this field defaults to TCP. |
port
k8s.io/apimachinery/pkg/util/intstr.IntOrString
|
(Optional)
The port name or number on the given protocol. If not specified, this matches all port numbers. |
controlplane.antrea.tanzu.vmware.com/v1beta2
Package v1beta2 is the v1beta2 version of the Antrea NetworkPolicy API messages.
Resource Types:NodeStatsSummary
NodeStatsSummary contains stats produced on a Node. It’s used by the antrea-agents to report stats to the antrea-controller.
| Field | Description |
|---|---|
apiVersion
string |
controlplane.antrea.tanzu.vmware.com/v1beta2
|
kind
string
|
NodeStatsSummary |
metadata
Kubernetes meta/v1.ObjectMeta
|
Refer to the Kubernetes API documentation for the fields of the
metadata field.
|
networkPolicies
[]NetworkPolicyStats
|
The TrafficStats of K8s NetworkPolicies collected from the Node. |
antreaClusterNetworkPolicies
[]NetworkPolicyStats
|
The TrafficStats of Antrea ClusterNetworkPolicies collected from the Node. |
antreaNetworkPolicies
[]NetworkPolicyStats
|
The TrafficStats of Antrea NetworkPolicies collected from the Node. |
AddressGroup
AddressGroup is the message format of antrea/pkg/controller/types.AddressGroup in an API response.
| Field | Description |
|---|---|
metadata
Kubernetes meta/v1.ObjectMeta
|
Refer to the Kubernetes API documentation for the fields of the
metadata field.
|
groupMembers
[]GroupMember
|
AddressGroupPatch
AddressGroupPatch describes the incremental update of an AddressGroup.
| Field | Description |
|---|---|
metadata
Kubernetes meta/v1.ObjectMeta
|
Refer to the Kubernetes API documentation for the fields of the
metadata field.
|
addedGroupMembers
[]GroupMember
|
|
removedGroupMembers
[]GroupMember
|
AppliedToGroup
AppliedToGroup is the message format of antrea/pkg/controller/types.AppliedToGroup in an API response.
| Field | Description |
|---|---|
metadata
Kubernetes meta/v1.ObjectMeta
|
Refer to the Kubernetes API documentation for the fields of the
metadata field.
|
groupMembers
[]GroupMember
|
GroupMembers is list of resources selected by this group. |
AppliedToGroupPatch
AppliedToGroupPatch describes the incremental update of an AppliedToGroup.
| Field | Description |
|---|---|
metadata
Kubernetes meta/v1.ObjectMeta
|
Refer to the Kubernetes API documentation for the fields of the
metadata field.
|
addedGroupMembers
[]GroupMember
|
|
removedGroupMembers
[]GroupMember
|
Direction
(string alias)
(Appears on: NetworkPolicyRule)
Direction defines traffic direction of NetworkPolicyRule.
ExternalEntityReference
(Appears on: GroupMember)
ExternalEntityReference represents a ExternalEntity Reference.
| Field | Description |
|---|---|
name
string
|
The name of this ExternalEntity. |
namespace
string
|
The namespace of this ExternalEntity. |
GroupMember
(Appears on: AddressGroup, AddressGroupPatch, AppliedToGroup, AppliedToGroupPatch)
GroupMember represents resource member to be populated in Groups. This supersedes GroupMemberPod, and will eventually replace it.
| Field | Description |
|---|---|
pod
PodReference
|
Pod maintains the reference to the Pod. |
externalEntity
ExternalEntityReference
|
ExternalEntity maintains the reference to the ExternalEntity. |
ips
[]IPAddress
|
IP is the IP address of the Endpoints associated with the GroupMember. |
ports
[]NamedPort
|
Ports is the list NamedPort of the GroupMember. |
GroupMemberSet
(map[github.com/vmware-tanzu/antrea/pkg/apis/controlplane/v1beta2.groupMemberKey]*github.com/vmware-tanzu/antrea/pkg/apis/controlplane/v1beta2.GroupMember alias)
GroupMemberSet is a set of GroupMembers.
IPAddress
([]byte alias)
(Appears on: GroupMember, IPNet)
IPAddress describes a single IP address. Either an IPv4 or IPv6 address must be set.
IPBlock
(Appears on: NetworkPolicyPeer)
IPBlock describes a particular CIDR (Ex. “192.168.1.1⁄24”). The except entry describes CIDRs that should not be included within this rule.
| Field | Description |
|---|---|
cidr
IPNet
|
CIDR is an IPNet represents the IP Block. |
except
[]IPNet
|
(Optional)
Except is a slice of IPNets that should not be included within an IP Block. Except values will be rejected if they are outside the CIDR range. |
IPNet
(Appears on: IPBlock)
IPNet describes an IP network.
| Field | Description |
|---|---|
ip
IPAddress
|
|
prefixLength
int32
|
NamedPort
(Appears on: GroupMember)
NamedPort represents a Port with a name on Pod.
| Field | Description |
|---|---|
port
int32
|
Port represents the Port number. |
name
string
|
Name represents the associated name with this Port number. |
protocol
Protocol
|
Protocol for port. Must be UDP, TCP, or SCTP. |
NetworkPolicy
NetworkPolicy is the message format of antrea/pkg/controller/types.NetworkPolicy in an API response.
| Field | Description |
|---|---|
metadata
Kubernetes meta/v1.ObjectMeta
|
Refer to the Kubernetes API documentation for the fields of the
metadata field.
|
rules
[]NetworkPolicyRule
|
Rules is a list of rules to be applied to the selected GroupMembers. |
appliedToGroups
[]string
|
AppliedToGroups is a list of names of AppliedToGroups to which this policy applies. |
priority
float64
|
Priority represents the relative priority of this Network Policy as compared to other Network Policies. Priority will be unset (nil) for K8s Network Policy. |
tierPriority
int32
|
TierPriority represents the priority of the Tier associated with this Network Policy. The TierPriority will remain nil for K8s NetworkPolicy. |
sourceRef
NetworkPolicyReference
|
Reference to the original NetworkPolicy that the internal NetworkPolicy is created for. |
NetworkPolicyPeer
(Appears on: NetworkPolicyRule)
NetworkPolicyPeer describes a peer of NetworkPolicyRules. It could be a list of names of AddressGroups and/or a list of IPBlock.
| Field | Description |
|---|---|
addressGroups
[]string
|
A list of names of AddressGroups. |
ipBlocks
[]IPBlock
|
A list of IPBlock. |
NetworkPolicyReference
(Appears on: NetworkPolicy, NetworkPolicyStats)
| Field | Description |
|---|---|
type
NetworkPolicyType
|
Type of the NetworkPolicy. |
namespace
string
|
Namespace of the NetworkPolicy. It’s empty for Antrea ClusterNetworkPolicy. |
name
string
|
Name of the NetworkPolicy. |
uid
k8s.io/apimachinery/pkg/types.UID
|
UID of the NetworkPolicy. |
NetworkPolicyRule
(Appears on: NetworkPolicy)
NetworkPolicyRule describes a particular set of traffic that is allowed.
| Field | Description |
|---|---|
direction
Direction
|
The direction of this rule. If it’s set to In, From must be set and To must not be set. If it’s set to Out, To must be set and From must not be set. |
from
NetworkPolicyPeer
|
From represents sources which should be able to access the GroupMembers selected by the policy. |
to
NetworkPolicyPeer
|
To represents destinations which should be able to be accessed by the GroupMembers selected by the policy. |
services
[]Service
|
Services is a list of services which should be matched. |
priority
int32
|
Priority defines the priority of the Rule as compared to other rules in the NetworkPolicy. |
action
RuleAction
|
Action specifies the action to be applied on the rule. i.e. Allow/Drop. An empty action “nil” defaults to Allow action, which would be the case for rules created for K8s Network Policy. |
enableLogging
bool
|
EnableLogging indicates whether or not to generate logs when rules are matched. Default to false. |
NetworkPolicyStats
(Appears on: NodeStatsSummary)
NetworkPolicyStats contains the information and traffic stats of a NetworkPolicy.
| Field | Description |
|---|---|
networkPolicy
NetworkPolicyReference
|
The reference of the NetworkPolicy. |
trafficStats
TrafficStats
|
The stats of the NetworkPolicy. |
NetworkPolicyType
(string alias)
(Appears on: NetworkPolicyReference)
PodReference
(Appears on: GroupMember)
PodReference represents a Pod Reference.
| Field | Description |
|---|---|
name
string
|
The name of this pod. |
namespace
string
|
The namespace of this pod. |
Protocol
(string alias)
(Appears on: NamedPort, Service)
Protocol defines network protocols supported for things like container ports.
Service
(Appears on: NetworkPolicyRule)
Service describes a port to allow traffic on.
| Field | Description |
|---|---|
protocol
Protocol
|
(Optional)
The protocol (TCP, UDP, or SCTP) which traffic must match. If not specified, this field defaults to TCP. |
port
k8s.io/apimachinery/pkg/util/intstr.IntOrString
|
(Optional)
The port name or number on the given protocol. If not specified, this matches all port numbers. |
core.antrea.tanzu.vmware.com/v1alpha2
Resource Types:ExternalEntity
| Field | Description | ||||||
|---|---|---|---|---|---|---|---|
apiVersion
string |
core.antrea.tanzu.vmware.com/v1alpha2
|
||||||
kind
string
|
ExternalEntity |
||||||
metadata
Kubernetes meta/v1.ObjectMeta
|
Standard metadata of the object. Refer to the Kubernetes API documentation for the fields of themetadata field.
|
||||||
spec
ExternalEntitySpec
|
Desired state of the external entity.
|
Endpoint
(Appears on: ExternalEntitySpec)
Endpoint refers to an endpoint associated with the ExternalEntity.
| Field | Description |
|---|---|
ip
string
|
IP associated with this endpoint. |
name
string
|
(Optional)
Name identifies this endpoint. Could be the network interface name in case of VMs. |
ExternalEntitySpec
(Appears on: ExternalEntity)
ExternalEntitySpec defines the desired state for ExternalEntity.
| Field | Description |
|---|---|
endpoints
[]Endpoint
|
Endpoints is a list of external endpoints associated with this entity. |
ports
[]NamedPort
|
Ports maintain the list of named ports. |
externalNode
string
|
ExternalNode is the opaque identifier of the agent/controller responsible for additional processing or handling of this external entity. |
NamedPort
(Appears on: ExternalEntitySpec)
NamedPort describes the port and protocol to match in a rule.
| Field | Description |
|---|---|
protocol
Kubernetes core/v1.Protocol
|
(Optional)
The protocol (TCP, UDP, or SCTP) which traffic must match. If not specified, this field defaults to TCP. |
port
int32
|
(Optional)
The port on the given protocol. |
name
string
|
(Optional)
Name associated with the Port. |
WebhookImpl
WebhookImpl implements webhook validator of a resource.
Generated with gen-crd-api-reference-docs
on git commit d8e9c978.
Getting Started
To help you get started, see the documentation.