From a92d42cf1a2ccc5140d39ea7c6c6afd636a5c7b1 Mon Sep 17 00:00:00 2001 From: Surya Seetharaman Date: Thu, 18 Apr 2024 13:23:43 +0200 Subject: [PATCH] Ensure we clarify subjects don't include host-net pods Signed-off-by: Surya Seetharaman --- apis/v1alpha1/adminnetworkpolicy_types.go | 1 + apis/v1alpha1/baselineadminnetworkpolicy_types.go | 1 + .../policy.networking.k8s.io_adminnetworkpolicies.yaml | 1 + .../policy.networking.k8s.io_baselineadminnetworkpolicies.yaml | 1 + .../standard/policy.networking.k8s.io_adminnetworkpolicies.yaml | 1 + .../policy.networking.k8s.io_baselineadminnetworkpolicies.yaml | 1 + 6 files changed, 6 insertions(+) diff --git a/apis/v1alpha1/adminnetworkpolicy_types.go b/apis/v1alpha1/adminnetworkpolicy_types.go index 0919cfba..912d4d3f 100644 --- a/apis/v1alpha1/adminnetworkpolicy_types.go +++ b/apis/v1alpha1/adminnetworkpolicy_types.go @@ -69,6 +69,7 @@ type AdminNetworkPolicySpec struct { Priority int32 `json:"priority"` // Subject defines the pods to which this AdminNetworkPolicy applies. + // Note that host-networked pods are not included in subject selection. // // Support: Core // diff --git a/apis/v1alpha1/baselineadminnetworkpolicy_types.go b/apis/v1alpha1/baselineadminnetworkpolicy_types.go index 61241fca..120e2325 100644 --- a/apis/v1alpha1/baselineadminnetworkpolicy_types.go +++ b/apis/v1alpha1/baselineadminnetworkpolicy_types.go @@ -55,6 +55,7 @@ type BaselineAdminNetworkPolicyStatus struct { // BaselineAdminNetworkPolicy. type BaselineAdminNetworkPolicySpec struct { // Subject defines the pods to which this BaselineAdminNetworkPolicy applies. + // Note that host-networked pods are not included in subject selection. // // Support: Core // diff --git a/config/crd/experimental/policy.networking.k8s.io_adminnetworkpolicies.yaml b/config/crd/experimental/policy.networking.k8s.io_adminnetworkpolicies.yaml index b5ac26fd..174d4c1a 100644 --- a/config/crd/experimental/policy.networking.k8s.io_adminnetworkpolicies.yaml +++ b/config/crd/experimental/policy.networking.k8s.io_adminnetworkpolicies.yaml @@ -832,6 +832,7 @@ spec: subject: description: |- Subject defines the pods to which this AdminNetworkPolicy applies. + Note that host-networked pods are not included in subject selection. Support: Core diff --git a/config/crd/experimental/policy.networking.k8s.io_baselineadminnetworkpolicies.yaml b/config/crd/experimental/policy.networking.k8s.io_baselineadminnetworkpolicies.yaml index e3d54a77..587e27ac 100644 --- a/config/crd/experimental/policy.networking.k8s.io_baselineadminnetworkpolicies.yaml +++ b/config/crd/experimental/policy.networking.k8s.io_baselineadminnetworkpolicies.yaml @@ -804,6 +804,7 @@ spec: subject: description: |- Subject defines the pods to which this BaselineAdminNetworkPolicy applies. + Note that host-networked pods are not included in subject selection. Support: Core diff --git a/config/crd/standard/policy.networking.k8s.io_adminnetworkpolicies.yaml b/config/crd/standard/policy.networking.k8s.io_adminnetworkpolicies.yaml index 21bdc68a..9494e478 100644 --- a/config/crd/standard/policy.networking.k8s.io_adminnetworkpolicies.yaml +++ b/config/crd/standard/policy.networking.k8s.io_adminnetworkpolicies.yaml @@ -716,6 +716,7 @@ spec: subject: description: |- Subject defines the pods to which this AdminNetworkPolicy applies. + Note that host-networked pods are not included in subject selection. Support: Core diff --git a/config/crd/standard/policy.networking.k8s.io_baselineadminnetworkpolicies.yaml b/config/crd/standard/policy.networking.k8s.io_baselineadminnetworkpolicies.yaml index 0a74d303..6d62098d 100644 --- a/config/crd/standard/policy.networking.k8s.io_baselineadminnetworkpolicies.yaml +++ b/config/crd/standard/policy.networking.k8s.io_baselineadminnetworkpolicies.yaml @@ -688,6 +688,7 @@ spec: subject: description: |- Subject defines the pods to which this BaselineAdminNetworkPolicy applies. + Note that host-networked pods are not included in subject selection. Support: Core