Logo

Documentation

Packages:

crd.antrea.io/v1beta1

Resource Types:

    AgentCondition

    (Appears on: AntreaAgentInfo)

    Field Description
    type
    AgentConditionType
    status
    Kubernetes core/v1.ConditionStatus

    One of the AgentConditionType listed above

    lastHeartbeatTime
    Kubernetes meta/v1.Time

    Mark certain type status, one of True, False, Unknown

    reason
    string

    The timestamp when AntreaAgentInfo is created/updated, ideally heartbeat interval is 60s

    message
    string

    Brief reason

    AgentConditionType (string alias)

    (Appears on: AgentCondition)

    AntreaAgentInfo

    Field Description
    metadata
    Kubernetes meta/v1.ObjectMeta
    Refer to the Kubernetes API documentation for the fields of the metadata field.
    version
    string
    podRef
    Kubernetes core/v1.ObjectReference

    Antrea binary version

    nodeRef
    Kubernetes core/v1.ObjectReference

    The Pod that Antrea Agent is running in

    nodeSubnets
    []string

    The Node that Antrea Agent is running in

    ovsInfo
    OVSInfo

    Node subnets

    networkPolicyControllerInfo
    NetworkPolicyControllerInfo

    OVS Information

    localPodNum
    int32

    Antrea Agent NetworkPolicy information

    agentConditions
    []AgentCondition

    The number of Pods which the agent is in charge of

    apiPort
    int

    Agent condition contains types like AgentHealthy

    AntreaControllerInfo

    Field Description
    metadata
    Kubernetes meta/v1.ObjectMeta
    Refer to the Kubernetes API documentation for the fields of the metadata field.
    version
    string
    podRef
    Kubernetes core/v1.ObjectReference

    Antrea binary version

    nodeRef
    Kubernetes core/v1.ObjectReference

    The Pod that Antrea Controller is running in

    serviceRef
    Kubernetes core/v1.ObjectReference

    The Node that Antrea Controller is running in

    networkPolicyControllerInfo
    NetworkPolicyControllerInfo

    Antrea Controller Service

    connectedAgentNum
    int32

    Antrea Controller NetworkPolicy information

    controllerConditions
    []ControllerCondition

    Number of agents which are connected to this controller

    apiPort
    int

    Controller condition contains types like ControllerHealthy

    ControllerCondition

    (Appears on: AntreaControllerInfo)

    Field Description
    type
    ControllerConditionType
    status
    Kubernetes core/v1.ConditionStatus

    One of the ControllerConditionType listed above, controllerHealthy

    lastHeartbeatTime
    Kubernetes meta/v1.Time

    Mark certain type status, one of True, False, Unknown

    reason
    string

    The timestamp when AntreaControllerInfo is created/updated, ideally heartbeat interval is 60s

    message
    string

    Brief reason

    ControllerConditionType (string alias)

    (Appears on: ControllerCondition)

    NetworkPolicyControllerInfo

    (Appears on: AntreaAgentInfo, AntreaControllerInfo)

    Field Description
    networkPolicyNum
    int32
    addressGroupNum
    int32
    appliedToGroupNum
    int32

    OVSInfo

    (Appears on: AntreaAgentInfo)

    Field Description
    version
    string
    bridgeName
    string
    flowTable
    map[string]int32

    stats.antrea.io/v1alpha1

    Package v1alpha1 is the v1alpha1 version of the Antrea Stats API.

    Resource Types:

    AntreaClusterNetworkPolicyStats

    AntreaClusterNetworkPolicyStats is the statistics of a Antrea ClusterNetworkPolicy.

    Field Description
    apiVersion
    string
    stats.antrea.io/v1alpha1
    kind
    string
    AntreaClusterNetworkPolicyStats
    metadata
    Kubernetes meta/v1.ObjectMeta
    Refer to the Kubernetes API documentation for the fields of the metadata field.
    trafficStats
    TrafficStats

    The traffic stats of the Antrea ClusterNetworkPolicy.

    ruleTrafficStats
    []RuleTrafficStats

    The traffic stats of the Antrea ClusterNetworkPolicy, from rule perspective.

    AntreaNetworkPolicyStats

    AntreaNetworkPolicyStats is the statistics of a Antrea NetworkPolicy.

    Field Description
    apiVersion
    string
    stats.antrea.io/v1alpha1
    kind
    string
    AntreaNetworkPolicyStats
    metadata
    Kubernetes meta/v1.ObjectMeta
    Refer to the Kubernetes API documentation for the fields of the metadata field.
    trafficStats
    TrafficStats

    The traffic stats of the Antrea NetworkPolicy.

    ruleTrafficStats
    []RuleTrafficStats

    The traffic stats of the Antrea NetworkPolicy, from rule perspective.

    NetworkPolicyStats

    NetworkPolicyStats is the statistics of a K8s NetworkPolicy.

    Field Description
    apiVersion
    string
    stats.antrea.io/v1alpha1
    kind
    string
    NetworkPolicyStats
    metadata
    Kubernetes meta/v1.ObjectMeta
    Refer to the Kubernetes API documentation for the fields of the metadata field.
    trafficStats
    TrafficStats

    The traffic stats of the K8s NetworkPolicy.

    RuleTrafficStats

    (Appears on: AntreaClusterNetworkPolicyStats, AntreaNetworkPolicyStats, NetworkPolicyStats, NetworkPolicyStats)

    RuleTrafficStats contains TrafficStats of single rule inside a NetworkPolicy.

    Field Description
    name
    string
    trafficStats
    TrafficStats

    TrafficStats

    (Appears on: AntreaClusterNetworkPolicyStats, AntreaNetworkPolicyStats, NetworkPolicyStats, NetworkPolicyStats, NetworkPolicyStats, RuleTrafficStats)

    TrafficStats contains the traffic stats of a NetworkPolicy.

    Field Description
    packets
    int64

    Packets is the packets count hit by the NetworkPolicy.

    bytes
    int64

    Bytes is the bytes count hit by the NetworkPolicy.

    sessions
    int64

    Sessions is the sessions count hit by the NetworkPolicy.


    system.antrea.io/v1beta1

    Package v1beta1 contains the v1beta1 version of the Antrea “system” API group definitions.

    Resource Types:

      BundleStatus (string alias)

      (Appears on: SupportBundle)

      SupportBundle

      Field Description
      metadata
      Kubernetes meta/v1.ObjectMeta
      Refer to the Kubernetes API documentation for the fields of the metadata field.
      status
      BundleStatus
      sum
      string
      size
      uint32
      -
      string

      controlplane.antrea.io/v1beta1

      Package v1beta1 is the v1beta1 version of the Antrea NetworkPolicy API messages.

      Resource Types:

      NodeStatsSummary

      NodeStatsSummary contains stats produced on a Node. It’s used by the antrea-agents to report stats to the antrea-controller.

      Field Description
      apiVersion
      string
      controlplane.antrea.io/v1beta1
      kind
      string
      NodeStatsSummary
      metadata
      Kubernetes meta/v1.ObjectMeta
      Refer to the Kubernetes API documentation for the fields of the metadata field.
      networkPolicies
      []NetworkPolicyStats

      The TrafficStats of K8s NetworkPolicies collected from the Node.

      antreaClusterNetworkPolicies
      []NetworkPolicyStats

      The TrafficStats of Antrea ClusterNetworkPolicies collected from the Node.

      antreaNetworkPolicies
      []NetworkPolicyStats

      The TrafficStats of Antrea NetworkPolicies collected from the Node.

      AddressGroup

      AddressGroup is the message format of antrea/pkg/controller/types.AddressGroup in an API response.

      Field Description
      metadata
      Kubernetes meta/v1.ObjectMeta
      Refer to the Kubernetes API documentation for the fields of the metadata field.
      pods
      []GroupMemberPod
      groupMembers
      []GroupMember

      AddressGroupPatch

      AddressGroupPatch describes the incremental update of an AddressGroup.

      Field Description
      metadata
      Kubernetes meta/v1.ObjectMeta
      Refer to the Kubernetes API documentation for the fields of the metadata field.
      addedPods
      []GroupMemberPod
      removedPods
      []GroupMemberPod
      addedGroupMembers
      []GroupMember
      removedGroupMembers
      []GroupMember

      AppliedToGroup

      AppliedToGroup is the message format of antrea/pkg/controller/types.AppliedToGroup in an API response.

      Field Description
      metadata
      Kubernetes meta/v1.ObjectMeta
      Refer to the Kubernetes API documentation for the fields of the metadata field.
      pods
      []GroupMemberPod

      Pods is a list of Pods selected by this group.

      groupMembers
      []GroupMember

      GroupMembers is list of resources selected by this group. This eventually will replace Pods

      AppliedToGroupPatch

      AppliedToGroupPatch describes the incremental update of an AppliedToGroup.

      Field Description
      metadata
      Kubernetes meta/v1.ObjectMeta
      Refer to the Kubernetes API documentation for the fields of the metadata field.
      addedPods
      []GroupMemberPod
      removedPods
      []GroupMemberPod
      addedGroupMembers
      []GroupMember
      removedGroupMembers
      []GroupMember

      Direction (string alias)

      (Appears on: NetworkPolicyRule)

      Direction defines traffic direction of NetworkPolicyRule.

      Endpoint

      (Appears on: GroupMember)

      Endpoint represents an external endpoint.

      Field Description
      ip
      IPAddress

      IP is the IP address of the Endpoint.

      ports
      []NamedPort

      Ports is the list NamedPort of the Endpoint.

      ExternalEntityReference

      (Appears on: GroupMember)

      ExternalEntityReference represents a ExternalEntity Reference.

      Field Description
      name
      string

      The name of this ExternalEntity.

      namespace
      string

      The namespace of this ExternalEntity.

      GroupMember

      (Appears on: AddressGroup, AddressGroupPatch, AppliedToGroup, AppliedToGroupPatch)

      GroupMember represents resource member to be populated in Groups. This supersedes GroupMemberPod, and will eventually replace it.

      Field Description
      pod
      PodReference

      Pod maintains the reference to the Pod.

      externalEntity
      ExternalEntityReference

      ExternalEntity maintains the reference to the ExternalEntity.

      endpoints
      []Endpoint

      Endpoints maintains a list of EndPoints associated with this groupMember.

      GroupMemberPod

      (Appears on: AddressGroup, AddressGroupPatch, AppliedToGroup, AppliedToGroupPatch)

      GroupMemberPod represents a GroupMember related to Pods.

      Field Description
      pod
      PodReference

      Pod maintains the reference to the Pod.

      ip
      IPAddress

      IP maintains the IPAddress associated with the Pod.

      ports
      []NamedPort

      Ports maintain the named port mapping of this Pod.

      GroupMemberPodSet (map[github.com/vmware-tanzu/antrea/pkg/apis/controlplane/v1beta1.groupMemberPodKey]*github.com/vmware-tanzu/antrea/pkg/apis/controlplane/v1beta1.GroupMemberPod alias)

      GroupMemberPodSet is a set of GroupMemberPods.

      GroupMemberSet (map[github.com/vmware-tanzu/antrea/pkg/apis/controlplane/v1beta1.groupMemberKey]*github.com/vmware-tanzu/antrea/pkg/apis/controlplane/v1beta1.GroupMember alias)

      GroupMemberSet is a set of GroupMembers.

      IPAddress ([]byte alias)

      (Appears on: Endpoint, GroupMemberPod, IPNet)

      IPAddress describes a single IP address. Either an IPv4 or IPv6 address must be set.

      IPBlock

      (Appears on: NetworkPolicyPeer)

      IPBlock describes a particular CIDR (Ex. “192.168.1.124”). The except entry describes CIDRs that should not be included within this rule.

      Field Description
      cidr
      IPNet

      CIDR is an IPNet represents the IP Block.

      except
      []IPNet
      (Optional)

      Except is a slice of IPNets that should not be included within an IP Block. Except values will be rejected if they are outside the CIDR range.

      IPNet

      (Appears on: IPBlock)

      IPNet describes an IP network.

      Field Description
      ip
      IPAddress
      prefixLength
      int32

      NamedPort

      (Appears on: Endpoint, GroupMemberPod)

      NamedPort represents a Port with a name on Pod.

      Field Description
      port
      int32

      Port represents the Port number.

      name
      string

      Name represents the associated name with this Port number.

      protocol
      Protocol

      Protocol for port. Must be UDP, TCP, or SCTP.

      NetworkPolicy

      NetworkPolicy is the message format of antrea/pkg/controller/types.NetworkPolicy in an API response.

      Field Description
      metadata
      Kubernetes meta/v1.ObjectMeta
      Refer to the Kubernetes API documentation for the fields of the metadata field.
      rules
      []NetworkPolicyRule

      Rules is a list of rules to be applied to the selected Pods.

      appliedToGroups
      []string

      AppliedToGroups is a list of names of AppliedToGroups to which this policy applies.

      priority
      float64

      Priority represents the relative priority of this Network Policy as compared to other Network Policies. Priority will be unset (nil) for K8s NetworkPolicy.

      tierPriority
      int32

      TierPriority represents the priority of the Tier associated with this Network Policy. The TierPriority will remain nil for K8s NetworkPolicy.

      sourceRef
      NetworkPolicyReference

      Reference to the original NetworkPolicy that the internal NetworkPolicy is created for.

      NetworkPolicyPeer

      (Appears on: NetworkPolicyRule)

      NetworkPolicyPeer describes a peer of NetworkPolicyRules. It could be a list of names of AddressGroups and/or a list of IPBlock.

      Field Description
      addressGroups
      []string

      A list of names of AddressGroups.

      ipBlocks
      []IPBlock

      A list of IPBlock.

      NetworkPolicyReference

      (Appears on: NetworkPolicy, NetworkPolicyStats)

      Field Description
      type
      NetworkPolicyType

      Type of the NetworkPolicy.

      namespace
      string

      Namespace of the NetworkPolicy. It’s empty for Antrea ClusterNetworkPolicy.

      name
      string

      Name of the NetworkPolicy.

      uid
      k8s.io/apimachinery/pkg/types.UID

      UID of the NetworkPolicy.

      NetworkPolicyRule

      (Appears on: NetworkPolicy)

      NetworkPolicyRule describes a particular set of traffic that is allowed.

      Field Description
      direction
      Direction

      The direction of this rule. If it’s set to In, From must be set and To must not be set. If it’s set to Out, To must be set and From must not be set.

      from
      NetworkPolicyPeer

      From represents sources which should be able to access the pods selected by the policy.

      to
      NetworkPolicyPeer

      To represents destinations which should be able to be accessed by the pods selected by the policy.

      services
      []Service

      Services is a list of services which should be matched.

      priority
      int32

      Priority defines the priority of the Rule as compared to other rules in the NetworkPolicy.

      action
      RuleAction

      Action specifies the action to be applied on the rule. i.e. Allow/Drop. An empty action “nil” defaults to Allow action, which would be the case for rules created for K8s Network Policy.

      enableLogging
      bool

      EnableLogging indicates whether or not to generate logs when rules are matched. Default to false.

      NetworkPolicyStats

      (Appears on: NodeStatsSummary)

      NetworkPolicyStats contains the information and traffic stats of a NetworkPolicy.

      Field Description
      networkPolicy
      NetworkPolicyReference

      The reference of the NetworkPolicy.

      trafficStats
      TrafficStats

      The stats of the NetworkPolicy.

      ruleTrafficStats
      []RuleTrafficStats

      The stats of the NetworkPolicy rules. It’s empty for K8s NetworkPolicies as they don’t have rule name to identify a rule.

      NetworkPolicyType (string alias)

      (Appears on: NetworkPolicyReference)

      PodReference

      (Appears on: GroupMember, GroupMemberPod)

      PodReference represents a Pod Reference.

      Field Description
      name
      string

      The name of this pod.

      namespace
      string

      The namespace of this pod.

      Protocol (string alias)

      (Appears on: NamedPort, Service)

      Protocol defines network protocols supported for things like container ports.

      Service

      (Appears on: NetworkPolicyRule)

      Service describes a port to allow traffic on.

      Field Description
      protocol
      Protocol
      (Optional)

      The protocol (TCP, UDP, or SCTP) which traffic must match. If not specified, this field defaults to TCP.

      port
      k8s.io/apimachinery/pkg/util/intstr.IntOrString
      (Optional)

      The port name or number on the given protocol. If not specified, this matches all port numbers.


      controlplane.antrea.io/v1beta2

      Package v1beta2 is the v1beta2 version of the Antrea NetworkPolicy API messages.

      Resource Types:

      NodeStatsSummary

      NodeStatsSummary contains stats produced on a Node. It’s used by the antrea-agents to report stats to the antrea-controller.

      Field Description
      apiVersion
      string
      controlplane.antrea.io/v1beta2
      kind
      string
      NodeStatsSummary
      metadata
      Kubernetes meta/v1.ObjectMeta
      Refer to the Kubernetes API documentation for the fields of the metadata field.
      networkPolicies
      []NetworkPolicyStats

      The TrafficStats of K8s NetworkPolicies collected from the Node.

      antreaClusterNetworkPolicies
      []NetworkPolicyStats

      The TrafficStats of Antrea ClusterNetworkPolicies collected from the Node.

      antreaNetworkPolicies
      []NetworkPolicyStats

      The TrafficStats of Antrea NetworkPolicies collected from the Node.

      AddressGroup

      AddressGroup is the message format of antrea/pkg/controller/types.AddressGroup in an API response.

      Field Description
      metadata
      Kubernetes meta/v1.ObjectMeta
      Refer to the Kubernetes API documentation for the fields of the metadata field.
      groupMembers
      []GroupMember

      AddressGroupPatch

      AddressGroupPatch describes the incremental update of an AddressGroup.

      Field Description
      metadata
      Kubernetes meta/v1.ObjectMeta
      Refer to the Kubernetes API documentation for the fields of the metadata field.
      addedGroupMembers
      []GroupMember
      removedGroupMembers
      []GroupMember

      AppliedToGroup

      AppliedToGroup is the message format of antrea/pkg/controller/types.AppliedToGroup in an API response.

      Field Description
      metadata
      Kubernetes meta/v1.ObjectMeta
      Refer to the Kubernetes API documentation for the fields of the metadata field.
      groupMembers
      []GroupMember

      GroupMembers is list of resources selected by this group.

      AppliedToGroupPatch

      AppliedToGroupPatch describes the incremental update of an AppliedToGroup.

      Field Description
      metadata
      Kubernetes meta/v1.ObjectMeta
      Refer to the Kubernetes API documentation for the fields of the metadata field.
      addedGroupMembers
      []GroupMember
      removedGroupMembers
      []GroupMember

      ClusterGroupMembers

      ClusterGroupMembers is a list of GroupMember objects that are currently selected by a ClusterGroup.

      Field Description
      metadata
      Kubernetes meta/v1.ObjectMeta
      Refer to the Kubernetes API documentation for the fields of the metadata field.
      effectiveMembers
      []GroupMember

      Direction (string alias)

      (Appears on: NetworkPolicyRule)

      Direction defines traffic direction of NetworkPolicyRule.

      EgressGroup

      Field Description
      metadata
      Kubernetes meta/v1.ObjectMeta
      Refer to the Kubernetes API documentation for the fields of the metadata field.
      groupMembers
      []GroupMember

      GroupMembers is list of resources selected by this group.

      EgressGroupPatch

      EgressGroupPatch describes the incremental update of an EgressGroup.

      Field Description
      ObjectMeta
      Kubernetes meta/v1.ObjectMeta
      Refer to the Kubernetes API documentation for the fields of the metadata field.
      AddedGroupMembers
      []GroupMember
      RemovedGroupMembers
      []GroupMember

      ExternalEntityReference

      (Appears on: GroupMember)

      ExternalEntityReference represents a ExternalEntity Reference.

      Field Description
      name
      string

      The name of this ExternalEntity.

      namespace
      string

      The Namespace of this ExternalEntity.

      GroupAssociation

      GroupAssociation is the message format in an API response for groupassociation queries.

      Field Description
      metadata
      Kubernetes meta/v1.ObjectMeta
      Refer to the Kubernetes API documentation for the fields of the metadata field.
      associatedGroups
      []GroupReference

      AssociatedGroups is a list of GroupReferences that is associated with the Pod/ExternalEntity being queried.

      GroupMember

      (Appears on: AddressGroup, AddressGroupPatch, AppliedToGroup, AppliedToGroupPatch, ClusterGroupMembers, EgressGroup, EgressGroupPatch)

      GroupMember represents resource member to be populated in Groups.

      Field Description
      pod
      PodReference

      Pod maintains the reference to the Pod.

      externalEntity
      ExternalEntityReference

      ExternalEntity maintains the reference to the ExternalEntity.

      ips
      []IPAddress

      IP is the IP address of the Endpoints associated with the GroupMember.

      ports
      []NamedPort

      Ports is the list NamedPort of the GroupMember.

      GroupMemberSet (map[github.com/vmware-tanzu/antrea/pkg/apis/controlplane/v1beta2.groupMemberKey]*github.com/vmware-tanzu/antrea/pkg/apis/controlplane/v1beta2.GroupMember alias)

      GroupMemberSet is a set of GroupMembers.

      GroupReference

      (Appears on: GroupAssociation)

      Field Description
      namespace
      string

      Namespace of the Group. Empty for ClusterGroup.

      name
      string

      Name of the Group.

      uid
      k8s.io/apimachinery/pkg/types.UID

      UID of the Group.

      IPAddress ([]byte alias)

      (Appears on: GroupMember, IPNet)

      IPAddress describes a single IP address. Either an IPv4 or IPv6 address must be set.

      IPBlock

      (Appears on: NetworkPolicyPeer)

      IPBlock describes a particular CIDR (Ex. “192.168.1.124”). The except entry describes CIDRs that should not be included within this rule.

      Field Description
      cidr
      IPNet

      CIDR is an IPNet represents the IP Block.

      except
      []IPNet
      (Optional)

      Except is a slice of IPNets that should not be included within an IP Block. Except values will be rejected if they are outside the CIDR range.

      IPNet

      (Appears on: IPBlock)

      IPNet describes an IP network.

      Field Description
      ip
      IPAddress
      prefixLength
      int32

      NamedPort

      (Appears on: GroupMember)

      NamedPort represents a Port with a name on Pod.

      Field Description
      port
      int32

      Port represents the Port number.

      name
      string

      Name represents the associated name with this Port number.

      protocol
      Protocol

      Protocol for port. Must be UDP, TCP, or SCTP.

      NetworkPolicy

      NetworkPolicy is the message format of antrea/pkg/controller/types.NetworkPolicy in an API response.

      Field Description
      metadata
      Kubernetes meta/v1.ObjectMeta
      Refer to the Kubernetes API documentation for the fields of the metadata field.
      rules
      []NetworkPolicyRule

      Rules is a list of rules to be applied to the selected GroupMembers.

      appliedToGroups
      []string

      AppliedToGroups is a list of names of AppliedToGroups to which this policy applies. Cannot be set in conjunction with any NetworkPolicyRule.AppliedToGroups in Rules.

      priority
      float64

      Priority represents the relative priority of this Network Policy as compared to other Network Policies. Priority will be unset (nil) for K8s NetworkPolicy.

      tierPriority
      int32

      TierPriority represents the priority of the Tier associated with this Network Policy. The TierPriority will remain nil for K8s NetworkPolicy.

      sourceRef
      NetworkPolicyReference

      Reference to the original NetworkPolicy that the internal NetworkPolicy is created for.

      NetworkPolicyNodeStatus

      (Appears on: NetworkPolicyStatus)

      NetworkPolicyNodeStatus is the status of a NetworkPolicy on a Node.

      Field Description
      nodeName
      string

      The name of the Node that produces the status.

      generation
      int64

      The generation realized by the Node.

      NetworkPolicyPeer

      (Appears on: NetworkPolicyRule)

      NetworkPolicyPeer describes a peer of NetworkPolicyRules. It could be a list of names of AddressGroups and/or a list of IPBlock.

      Field Description
      addressGroups
      []string

      A list of names of AddressGroups.

      ipBlocks
      []IPBlock

      A list of IPBlock.

      NetworkPolicyReference

      (Appears on: NetworkPolicy, NetworkPolicyStats)

      Field Description
      type
      NetworkPolicyType

      Type of the NetworkPolicy.

      namespace
      string

      Namespace of the NetworkPolicy. It’s empty for Antrea ClusterNetworkPolicy.

      name
      string

      Name of the NetworkPolicy.

      uid
      k8s.io/apimachinery/pkg/types.UID

      UID of the NetworkPolicy.

      NetworkPolicyRule

      (Appears on: NetworkPolicy)

      NetworkPolicyRule describes a particular set of traffic that is allowed.

      Field Description
      direction
      Direction

      The direction of this rule. If it’s set to In, From must be set and To must not be set. If it’s set to Out, To must be set and From must not be set.

      from
      NetworkPolicyPeer

      From represents sources which should be able to access the GroupMembers selected by the policy.

      to
      NetworkPolicyPeer

      To represents destinations which should be able to be accessed by the GroupMembers selected by the policy.

      services
      []Service

      Services is a list of services which should be matched.

      priority
      int32

      Priority defines the priority of the Rule as compared to other rules in the NetworkPolicy.

      action
      RuleAction

      Action specifies the action to be applied on the rule. i.e. Allow/Drop. An empty action “nil” defaults to Allow action, which would be the case for rules created for K8s Network Policy.

      enableLogging
      bool

      EnableLogging indicates whether or not to generate logs when rules are matched. Default to false.

      appliedToGroups
      []string

      AppliedToGroups is a list of names of AppliedToGroups to which this rule applies. Cannot be set in conjunction with NetworkPolicy.AppliedToGroups of the NetworkPolicy that this Rule is referred to.

      name
      string

      Name describes the intention of this rule. Name should be unique within the policy.

      NetworkPolicyStats

      (Appears on: NodeStatsSummary)

      NetworkPolicyStats contains the information and traffic stats of a NetworkPolicy.

      Field Description
      networkPolicy
      NetworkPolicyReference

      The reference of the NetworkPolicy.

      trafficStats
      TrafficStats

      The stats of the NetworkPolicy.

      ruleTrafficStats
      []RuleTrafficStats

      The stats of the NetworkPolicy rules. It’s empty for K8s NetworkPolicies as they don’t have rule name to identify a rule.

      NetworkPolicyStatus

      NetworkPolicyStatus is the status of a NetworkPolicy.

      Field Description
      metadata
      Kubernetes meta/v1.ObjectMeta
      Refer to the Kubernetes API documentation for the fields of the metadata field.
      nodes
      []NetworkPolicyNodeStatus

      Nodes contains statuses produced on a list of Nodes.

      NetworkPolicyType (string alias)

      (Appears on: NetworkPolicyReference)

      PodReference

      (Appears on: GroupMember)

      PodReference represents a Pod Reference.

      Field Description
      name
      string

      The name of this Pod.

      namespace
      string

      The Namespace of this Pod.

      Protocol (string alias)

      (Appears on: NamedPort, Service)

      Protocol defines network protocols supported for things like container ports.

      Service

      (Appears on: NetworkPolicyRule)

      Service describes a port to allow traffic on.

      Field Description
      protocol
      Protocol
      (Optional)

      The protocol (TCP, UDP, or SCTP) which traffic must match. If not specified, this field defaults to TCP.

      port
      k8s.io/apimachinery/pkg/util/intstr.IntOrString
      (Optional)

      The port name or number on the given protocol. If not specified, this matches all port numbers.

      endPort
      int32
      (Optional)

      EndPort defines the end of the port range, being the end included within the range. It can only be specified when a numerical port is specified.

      ServiceReference

      ServiceReference represents reference to a v1.Service.

      Field Description
      name
      string

      The name of this Service.

      namespace
      string

      The Namespace of this Service.


      crd.antrea.io/v1alpha1

      Resource Types:

      ClusterNetworkPolicy

      Field Description
      apiVersion
      string
      crd.antrea.io/v1alpha1
      kind
      string
      ClusterNetworkPolicy
      metadata
      Kubernetes meta/v1.ObjectMeta

      Standard metadata of the object.

      Refer to the Kubernetes API documentation for the fields of the metadata field.
      spec
      ClusterNetworkPolicySpec

      Specification of the desired behavior of ClusterNetworkPolicy.



      tier
      string

      Tier specifies the tier to which this ClusterNetworkPolicy belongs to. The ClusterNetworkPolicy order will be determined based on the combination of the Tier’s Priority and the ClusterNetworkPolicy’s own Priority. If not specified, this policy will be created in the Application Tier right above the K8s NetworkPolicy which resides at the bottom.

      priority
      float64

      Priority specfies the order of the ClusterNetworkPolicy relative to other AntreaClusterNetworkPolicies.

      appliedTo
      []NetworkPolicyPeer
      (Optional)

      Select workloads on which the rules will be applied to. Cannot be set in conjunction with AppliedTo in each rule.

      ingress
      []Rule
      (Optional)

      Set of ingress rules evaluated based on the order in which they are set. Currently Ingress rule supports setting the From field but not the To field within a Rule.

      egress
      []Rule
      (Optional)

      Set of egress rules evaluated based on the order in which they are set. Currently Egress rule supports setting the To field but not the From field within a Rule.

      status
      NetworkPolicyStatus

      Most recently observed status of the NetworkPolicy.

      NetworkPolicy

      Field Description
      apiVersion
      string
      crd.antrea.io/v1alpha1
      kind
      string
      NetworkPolicy
      metadata
      Kubernetes meta/v1.ObjectMeta

      Standard metadata of the object.

      Refer to the Kubernetes API documentation for the fields of the metadata field.
      spec
      NetworkPolicySpec

      Specification of the desired behavior of NetworkPolicy.



      tier
      string

      Tier specifies the tier to which this NetworkPolicy belongs to. The NetworkPolicy order will be determined based on the combination of the Tier’s Priority and the NetworkPolicy’s own Priority. If not specified, this policy will be created in the Application Tier right above the K8s NetworkPolicy which resides at the bottom.

      priority
      float64

      Priority specfies the order of the NetworkPolicy relative to other NetworkPolicies.

      appliedTo
      []NetworkPolicyPeer
      (Optional)

      Select workloads on which the rules will be applied to. Cannot be set in conjunction with AppliedTo in each rule.

      ingress
      []Rule
      (Optional)

      Set of ingress rules evaluated based on the order in which they are set. Currently Ingress rule supports setting the From field but not the To field within a Rule.

      egress
      []Rule
      (Optional)

      Set of egress rules evaluated based on the order in which they are set. Currently Egress rule supports setting the To field but not the From field within a Rule.

      status
      NetworkPolicyStatus

      Most recently observed status of the NetworkPolicy.

      Tier

      Field Description
      apiVersion
      string
      crd.antrea.io/v1alpha1
      kind
      string
      Tier
      metadata
      Kubernetes meta/v1.ObjectMeta

      Standard metadata of the object.

      Refer to the Kubernetes API documentation for the fields of the metadata field.
      spec
      TierSpec

      Specification of the desired behavior of Tier.



      priority
      int32

      Priority specfies the order of the Tier relative to other Tiers.

      description
      string

      Description is an optional field to add more information regarding the purpose of this Tier.

      ClusterNetworkPolicySpec

      (Appears on: ClusterNetworkPolicy)

      ClusterNetworkPolicySpec defines the desired state for ClusterNetworkPolicy.

      Field Description
      tier
      string

      Tier specifies the tier to which this ClusterNetworkPolicy belongs to. The ClusterNetworkPolicy order will be determined based on the combination of the Tier’s Priority and the ClusterNetworkPolicy’s own Priority. If not specified, this policy will be created in the Application Tier right above the K8s NetworkPolicy which resides at the bottom.

      priority
      float64

      Priority specfies the order of the ClusterNetworkPolicy relative to other AntreaClusterNetworkPolicies.

      appliedTo
      []NetworkPolicyPeer
      (Optional)

      Select workloads on which the rules will be applied to. Cannot be set in conjunction with AppliedTo in each rule.

      ingress
      []Rule
      (Optional)

      Set of ingress rules evaluated based on the order in which they are set. Currently Ingress rule supports setting the From field but not the To field within a Rule.

      egress
      []Rule
      (Optional)

      Set of egress rules evaluated based on the order in which they are set. Currently Egress rule supports setting the To field but not the From field within a Rule.

      Destination

      (Appears on: TraceflowSpec)

      Destination describes the destination spec of the traceflow.

      Field Description
      namespace
      string

      Namespace is the destination namespace.

      pod
      string

      Pod is the destination pod, exclusive with destination service.

      service
      string

      Service is the destination service, exclusive with destination pod.

      ip
      string

      IP is the destination IPv4 or IPv6 address.

      ICMPEchoRequestHeader

      (Appears on: TransportHeader)

      ICMPEchoRequestHeader describes spec of an ICMP echo request header.

      Field Description
      id
      int32

      ID is the ICMPEchoRequestHeader ID.

      sequence
      int32

      Sequence is the ICMPEchoRequestHeader sequence.

      IPBlock

      (Appears on: GroupSpec, NetworkPolicyPeer)

      IPBlock describes a particular CIDR (Ex. “192.168.1.124”) that is allowed or denied to/from the workloads matched by a Spec.AppliedTo.

      Field Description
      cidr
      string

      CIDR is a string representing the IP Block Valid examples are “192.168.1.124”.

      IPHeader

      (Appears on: Packet)

      IPHeader describes spec of an IPv4 header.

      Field Description
      srcIP
      string

      SrcIP is the source IP.

      protocol
      int32

      Protocol is the IP protocol.

      ttl
      int32

      TTL is the IP TTL.

      flags
      int32

      Flags is the flags for IP.

      IPv6Header

      (Appears on: Packet)

      IPv6Header describes spec of an IPv6 header.

      Field Description
      srcIP
      string

      SrcIP is the source IPv6.

      nextHeader
      int32

      NextHeader is the IPv6 protocol.

      hopLimit
      int32

      HopLimit is the IPv6 Hop Limit.

      NetworkPolicyPeer

      (Appears on: ClusterNetworkPolicySpec, NetworkPolicySpec, Rule)

      NetworkPolicyPeer describes the grouping selector of workloads.

      Field Description
      ipBlock
      IPBlock
      (Optional)

      IPBlock describes the IPAddresses/IPBlocks that is matched in to/from. IPBlock cannot be set as part of the AppliedTo field. Cannot be set with any other selector.

      podSelector
      Kubernetes meta/v1.LabelSelector
      (Optional)

      Select Pods from NetworkPolicy’s Namespace as workloads in AppliedTo/To/From fields. If set with NamespaceSelector, Pods are matched from Namespaces matched by the NamespaceSelector. Cannot be set with any other selector except NamespaceSelector.

      namespaceSelector
      Kubernetes meta/v1.LabelSelector
      (Optional)

      Select all Pods from Namespaces matched by this selector, as workloads in To/From fields. If set with PodSelector, Pods are matched from Namespaces matched by the NamespaceSelector. Cannot be set with any other selector except PodSelector or ExternalEntitySelector.

      externalEntitySelector
      Kubernetes meta/v1.LabelSelector
      (Optional)

      Select ExternalEntities from NetworkPolicy’s Namespace as workloads in AppliedTo/To/From fields. If set with NamespaceSelector, ExternalEntities are matched from Namespaces matched by the NamespaceSelector. Cannot be set with any other selector except NamespaceSelector.

      group
      string

      Group is the name of the ClusterGroup which can be set as an AppliedTo or within an Ingress or Egress rule in place of a stand-alone selector. A Group cannot be set with any other selector.

      NetworkPolicyPhase (string alias)

      (Appears on: NetworkPolicyStatus)

      NetworkPolicyPhase defines the phase in which a NetworkPolicy is.

      NetworkPolicyPort

      (Appears on: Rule)

      NetworkPolicyPort describes the port and protocol to match in a rule.

      Field Description
      protocol
      Kubernetes core/v1.Protocol
      (Optional)

      The protocol (TCP, UDP, or SCTP) which traffic must match. If not specified, this field defaults to TCP.

      port
      k8s.io/apimachinery/pkg/util/intstr.IntOrString
      (Optional)

      The port on the given protocol. This can be either a numerical or named port on a Pod. If this field is not provided, this matches all port names and numbers.

      endPort
      int32
      (Optional)

      EndPort defines the end of the port range, being the end included within the range. It can only be specified when a numerical port is specified.

      NetworkPolicySpec

      (Appears on: NetworkPolicy)

      NetworkPolicySpec defines the desired state for NetworkPolicy.

      Field Description
      tier
      string

      Tier specifies the tier to which this NetworkPolicy belongs to. The NetworkPolicy order will be determined based on the combination of the Tier’s Priority and the NetworkPolicy’s own Priority. If not specified, this policy will be created in the Application Tier right above the K8s NetworkPolicy which resides at the bottom.

      priority
      float64

      Priority specfies the order of the NetworkPolicy relative to other NetworkPolicies.

      appliedTo
      []NetworkPolicyPeer
      (Optional)

      Select workloads on which the rules will be applied to. Cannot be set in conjunction with AppliedTo in each rule.

      ingress
      []Rule
      (Optional)

      Set of ingress rules evaluated based on the order in which they are set. Currently Ingress rule supports setting the From field but not the To field within a Rule.

      egress
      []Rule
      (Optional)

      Set of egress rules evaluated based on the order in which they are set. Currently Egress rule supports setting the To field but not the From field within a Rule.

      NetworkPolicyStatus

      (Appears on: ClusterNetworkPolicy, NetworkPolicy)

      NetworkPolicyStatus represents information about the status of a NetworkPolicy.

      Field Description
      phase
      NetworkPolicyPhase

      The phase of a NetworkPolicy is a simple, high-level summary of the NetworkPolicy’s status.

      observedGeneration
      int64

      The generation observed by Antrea.

      currentNodesRealized
      int32

      The number of nodes that have realized the NetworkPolicy.

      desiredNodesRealized
      int32

      The total number of nodes that should realize the NetworkPolicy.

      NodeResult

      (Appears on: TraceflowStatus)

      Field Description
      node
      string

      Node is the node of the observation.

      role
      string

      Role of the node like sender, receiver, etc.

      timestamp
      int64

      Timestamp is the timestamp of the observations on the node.

      observations
      []Observation

      Observations includes all observations from sender nodes, receiver ones, etc.

      Observation

      (Appears on: NodeResult)

      Observation describes those from sender nodes or receiver nodes.

      Field Description
      component
      TraceflowComponent

      Component is the observation component.

      componentInfo
      string

      ComponentInfo is the extension of Component field.

      action
      TraceflowAction

      Action is the action to the observation.

      pod
      string

      Pod is the combination of Pod name and Pod Namespace.

      dstMAC
      string

      DstMAC is the destination MAC.

      networkPolicy
      string

      NetworkPolicy is the combination of Namespace and NetworkPolicyName.

      ttl
      int32

      TTL is the observation TTL.

      translatedSrcIP
      string

      TranslatedSrcIP is the translated source IP.

      translatedDstIP
      string

      TranslatedDstIP is the translated destination IP.

      tunnelDstIP
      string

      TunnelDstIP is the tunnel destination IP.

      Packet

      (Appears on: TraceflowSpec, TraceflowStatus)

      Packet includes header info.

      Field Description
      srcIP
      string
      dstIP
      string
      length
      uint16

      Length is the IP packet length (includes the IPv4 or IPv6 header length).

      ipHeader
      IPHeader

      TODO: change type IPHeader to *IPHeader and correct all internal references

      ipv6Header
      IPv6Header
      transportHeader
      TransportHeader

      Rule

      (Appears on: ClusterNetworkPolicySpec, NetworkPolicySpec)

      Rule describes the traffic allowed to/from the workloads selected by Spec.AppliedTo. Based on the action specified in the rule, traffic is either allowed or denied which exactly match the specified ports and protocol.

      Field Description
      action
      RuleAction

      Action specifies the action to be applied on the rule.

      ports
      []NetworkPolicyPort
      (Optional)

      Set of port and protocol allowed/denied by the rule. If this field is unset or empty, this rule matches all ports.

      from
      []NetworkPolicyPeer
      (Optional)

      Rule is matched if traffic originates from workloads selected by this field. If this field is empty, this rule matches all sources.

      to
      []NetworkPolicyPeer
      (Optional)

      Rule is matched if traffic is intended for workloads selected by this field. If this field is empty or missing, this rule matches all destinations.

      name
      string
      (Optional)

      Name describes the intention of this rule. Name should be unique within the policy.

      enableLogging
      bool

      EnableLogging is used to indicate if agent should generate logs when rules are matched. Should be default to false.

      appliedTo
      []NetworkPolicyPeer
      (Optional)

      Select workloads on which this rule will be applied to. Cannot be set in conjunction with NetworkPolicySpec/ClusterNetworkPolicySpec.AppliedTo.

      RuleAction (string alias)

      (Appears on: NetworkPolicyRule, NetworkPolicyRule, Rule)

      RuleAction describes the action to be applied on traffic matching a rule.

      Source

      (Appears on: TraceflowSpec)

      Source describes the source spec of the traceflow.

      Field Description
      namespace
      string

      Namespace is the source namespace.

      pod
      string

      Pod is the source pod.

      TCPHeader

      (Appears on: TransportHeader)

      TCPHeader describes spec of a TCP header.

      Field Description
      srcPort
      int32

      SrcPort is the source port.

      dstPort
      int32

      DstPort is the destination port.

      flags
      int32

      Flags are flags in the header.

      TierSpec

      (Appears on: Tier)

      TierSpec defines the desired state for Tier.

      Field Description
      priority
      int32

      Priority specfies the order of the Tier relative to other Tiers.

      description
      string

      Description is an optional field to add more information regarding the purpose of this Tier.

      Traceflow

      Field Description
      metadata
      Kubernetes meta/v1.ObjectMeta
      Refer to the Kubernetes API documentation for the fields of the metadata field.
      spec
      TraceflowSpec


      source
      Source
      destination
      Destination
      packet
      Packet
      liveTraffic
      bool

      LiveTraffic indicates the Traceflow is to trace the live traffic rather than an injected packet, when set to true. The first packet of the first connection that matches the packet spec will be traced.

      droppedOnly
      bool

      DroppedOnly indicates only the dropped packet should be captured in a live-traffic Traceflow.

      timeout
      uint16

      Timeout specifies the timeout of the Traceflow in seconds. Defaults to 20 seconds if not set.

      status
      TraceflowStatus

      TraceflowAction (string alias)

      (Appears on: Observation)

      TraceflowComponent (string alias)

      (Appears on: Observation)

      TraceflowPhase (string alias)

      (Appears on: TraceflowStatus)

      TraceflowSpec

      (Appears on: Traceflow)

      TraceflowSpec describes the spec of the traceflow.

      Field Description
      source
      Source
      destination
      Destination
      packet
      Packet
      liveTraffic
      bool

      LiveTraffic indicates the Traceflow is to trace the live traffic rather than an injected packet, when set to true. The first packet of the first connection that matches the packet spec will be traced.

      droppedOnly
      bool

      DroppedOnly indicates only the dropped packet should be captured in a live-traffic Traceflow.

      timeout
      uint16

      Timeout specifies the timeout of the Traceflow in seconds. Defaults to 20 seconds if not set.

      TraceflowStatus

      (Appears on: Traceflow)

      TraceflowStatus describes current status of the traceflow.

      Field Description
      phase
      TraceflowPhase

      Phase is the Traceflow phase.

      reason
      string

      Reason is a message indicating the reason of the traceflow’s current phase.

      dataplaneTag
      byte

      DataplaneTag is a tag to identify a traceflow session across Nodes.

      results
      []NodeResult

      Results is the collection of all observations on different nodes.

      capturedPacket
      Packet

      CapturedPacket is the captured packet in live-traffic Traceflow.

      TransportHeader

      (Appears on: Packet)

      TransportHeader describes spec of a TransportHeader.

      Field Description
      icmp
      ICMPEchoRequestHeader
      udp
      UDPHeader
      tcp
      TCPHeader

      UDPHeader

      (Appears on: TransportHeader)

      UDPHeader describes spec of a UDP header.

      Field Description
      srcPort
      int32

      SrcPort is the source port.

      dstPort
      int32

      DstPort is the destination port.


      crd.antrea.io/v1alpha2

      Resource Types:

      ClusterGroup

      Field Description
      apiVersion
      string
      crd.antrea.io/v1alpha2
      kind
      string
      ClusterGroup
      metadata
      Kubernetes meta/v1.ObjectMeta

      Standard metadata of the object.

      Refer to the Kubernetes API documentation for the fields of the metadata field.
      spec
      GroupSpec

      Desired state of the group.



      podSelector
      Kubernetes meta/v1.LabelSelector
      (Optional)

      Select Pods matching the labels set in the PodSelector in AppliedTo/To/From fields. If set with NamespaceSelector, Pods are matched from Namespaces matched by the NamespaceSelector. Cannot be set with any other selector except NamespaceSelector.

      namespaceSelector
      Kubernetes meta/v1.LabelSelector
      (Optional)

      Select all Pods from Namespaces matched by this selector, as workloads in AppliedTo/To/From fields. If set with PodSelector, Pods are matched from Namespaces matched by the NamespaceSelector. Cannot be set with any other selector except PodSelector.

      ipBlock
      IPBlock
      (Optional)

      IPBlock describes the IPAddresses/IPBlocks that is matched in to/from. IPBlock cannot be set as part of the AppliedTo field. Cannot be set with any other selector or ServiceReference. Cannot be set with IPBlocks.

      ipBlocks
      []IPBlock
      (Optional)

      IPBlocks is a list of IPAddresses/IPBlocks that is matched in to/from. IPBlock cannot be set as part of the AppliedTo field. Cannot be set with any other selector or ServiceReference. Cannot be set with IPBlock.

      serviceReference
      ServiceReference
      (Optional)

      Select backend Pods of the referred Service. Cannot be set with any other selector or ipBlock.

      externalEntitySelector
      Kubernetes meta/v1.LabelSelector
      (Optional)

      Select ExternalEntities from all Namespaces as workloads in AppliedTo/To/From fields. If set with NamespaceSelector, ExternalEntities are matched from Namespaces matched by the NamespaceSelector. Cannot be set with any other selector except NamespaceSelector.

      childGroups
      []ClusterGroupReference
      (Optional)

      Select other ClusterGroups by name. The ClusterGroups must already exist and must not contain ChildGroups themselves. Cannot be set with any selector/IPBlock/ServiceReference.

      status
      GroupStatus

      Most recently observed status of the group.

      Egress

      Egress defines which egress (SNAT) IP the traffic from the selected Pods to the external network should use.

      Field Description
      apiVersion
      string
      crd.antrea.io/v1alpha2
      kind
      string
      Egress
      metadata
      Kubernetes meta/v1.ObjectMeta

      Standard metadata of the object.

      Refer to the Kubernetes API documentation for the fields of the metadata field.
      spec
      EgressSpec

      Specification of the desired behavior of Egress.



      appliedTo
      AppliedTo

      AppliedTo selects Pods to which the Egress will be applied.

      egressIP
      string

      EgressIP specifies the SNAT IP address for the selected workloads.

      ExternalEntity

      Field Description
      apiVersion
      string
      crd.antrea.io/v1alpha2
      kind
      string
      ExternalEntity
      metadata
      Kubernetes meta/v1.ObjectMeta

      Standard metadata of the object.

      Refer to the Kubernetes API documentation for the fields of the metadata field.
      spec
      ExternalEntitySpec

      Desired state of the external entity.



      endpoints
      []Endpoint

      Endpoints is a list of external endpoints associated with this entity.

      ports
      []NamedPort

      Ports maintain the list of named ports.

      externalNode
      string

      ExternalNode is the opaque identifier of the agent/controller responsible for additional processing or handling of this external entity.

      AppliedTo

      (Appears on: EgressSpec)

      AppliedTo selects the entities to which a policy is applied.

      Field Description
      podSelector
      Kubernetes meta/v1.LabelSelector
      (Optional)

      Select Pods matched by this selector. If set with NamespaceSelector, Pods are matched from Namespaces matched by the NamespaceSelector; otherwise, Pods are matched from all Namespaces.

      namespaceSelector
      Kubernetes meta/v1.LabelSelector
      (Optional)

      Select all Pods from Namespaces matched by this selector. If set with PodSelector, Pods are matched from Namespaces matched by the NamespaceSelector.

      groups
      []string
      (Optional)

      Groups is the set of ClusterGroup names.

      ClusterGroupReference (string alias)

      (Appears on: GroupSpec)

      ClusterGroupReference represent reference to a ClusterGroup.

      EgressSpec

      (Appears on: Egress)

      EgressSpec defines the desired state for Egress.

      Field Description
      appliedTo
      AppliedTo

      AppliedTo selects Pods to which the Egress will be applied.

      egressIP
      string

      EgressIP specifies the SNAT IP address for the selected workloads.

      Endpoint

      (Appears on: ExternalEntitySpec)

      Endpoint refers to an endpoint associated with the ExternalEntity.

      Field Description
      ip
      string

      IP associated with this endpoint.

      name
      string
      (Optional)

      Name identifies this endpoint. Could be the network interface name in case of VMs.

      ExternalEntitySpec

      (Appears on: ExternalEntity)

      ExternalEntitySpec defines the desired state for ExternalEntity.

      Field Description
      endpoints
      []Endpoint

      Endpoints is a list of external endpoints associated with this entity.

      ports
      []NamedPort

      Ports maintain the list of named ports.

      externalNode
      string

      ExternalNode is the opaque identifier of the agent/controller responsible for additional processing or handling of this external entity.

      GroupCondition

      (Appears on: GroupStatus)

      Field Description
      type
      GroupConditionType
      status
      Kubernetes core/v1.ConditionStatus
      lastTransitionTime
      Kubernetes meta/v1.Time

      GroupConditionType (string alias)

      (Appears on: GroupCondition)

      GroupSpec

      (Appears on: ClusterGroup)

      Field Description
      podSelector
      Kubernetes meta/v1.LabelSelector
      (Optional)

      Select Pods matching the labels set in the PodSelector in AppliedTo/To/From fields. If set with NamespaceSelector, Pods are matched from Namespaces matched by the NamespaceSelector. Cannot be set with any other selector except NamespaceSelector.

      namespaceSelector
      Kubernetes meta/v1.LabelSelector
      (Optional)

      Select all Pods from Namespaces matched by this selector, as workloads in AppliedTo/To/From fields. If set with PodSelector, Pods are matched from Namespaces matched by the NamespaceSelector. Cannot be set with any other selector except PodSelector.

      ipBlock
      IPBlock
      (Optional)

      IPBlock describes the IPAddresses/IPBlocks that is matched in to/from. IPBlock cannot be set as part of the AppliedTo field. Cannot be set with any other selector or ServiceReference. Cannot be set with IPBlocks.

      ipBlocks
      []IPBlock
      (Optional)

      IPBlocks is a list of IPAddresses/IPBlocks that is matched in to/from. IPBlock cannot be set as part of the AppliedTo field. Cannot be set with any other selector or ServiceReference. Cannot be set with IPBlock.

      serviceReference
      ServiceReference
      (Optional)

      Select backend Pods of the referred Service. Cannot be set with any other selector or ipBlock.

      externalEntitySelector
      Kubernetes meta/v1.LabelSelector
      (Optional)

      Select ExternalEntities from all Namespaces as workloads in AppliedTo/To/From fields. If set with NamespaceSelector, ExternalEntities are matched from Namespaces matched by the NamespaceSelector. Cannot be set with any other selector except NamespaceSelector.

      childGroups
      []ClusterGroupReference
      (Optional)

      Select other ClusterGroups by name. The ClusterGroups must already exist and must not contain ChildGroups themselves. Cannot be set with any selector/IPBlock/ServiceReference.

      GroupStatus

      (Appears on: ClusterGroup)

      GroupStatus represents information about the status of a Group.

      Field Description
      conditions
      []GroupCondition

      NamedPort

      (Appears on: ExternalEntitySpec)

      NamedPort describes the port and protocol to match in a rule.

      Field Description
      protocol
      Kubernetes core/v1.Protocol
      (Optional)

      The protocol (TCP, UDP, or SCTP) which traffic must match. If not specified, this field defaults to TCP.

      port
      int32
      (Optional)

      The port on the given protocol.

      name
      string
      (Optional)

      Name associated with the Port.

      ServiceReference

      (Appears on: GroupSpec)

      ServiceReference represent reference to a v1.Service.

      Field Description
      name
      string

      Name of the Service

      namespace
      string

      Namespace of the Service

      WebhookImpl

      WebhookImpl implements webhook validator of a resource.


      Generated with gen-crd-api-reference-docs on git commit a37a34aa.

      Getting Started

      To help you get started, see the documentation.