Skip to content

Commit

Permalink
Remove same-not-same-labels
Browse files Browse the repository at this point in the history
Signed-off-by: Surya Seetharaman <[email protected]>
  • Loading branch information
tssurya committed Feb 20, 2024
1 parent 06d584d commit ac70784
Show file tree
Hide file tree
Showing 6 changed files with 522 additions and 1,034 deletions.
75 changes: 7 additions & 68 deletions apis/v1alpha1/shared_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -30,12 +30,12 @@ type AdminNetworkPolicySubject struct {
Namespaces *metav1.LabelSelector `json:"namespaces,omitempty"`
// Pods is used to select pods via namespace AND pod selectors.
// +optional
Pods *NamespacedPodSubject `json:"pods,omitempty"`
Pods *NamespacedPod `json:"pods,omitempty"`
}

// NamespacedPodSubject allows the user to select a given set of pod(s) in
// NamespacedPod allows the user to select a given set of pod(s) in
// selected namespace(s).
type NamespacedPodSubject struct {
type NamespacedPod struct {
// NamespaceSelector follows standard label selector semantics; if empty,
// it selects all Namespaces.
NamespaceSelector metav1.LabelSelector `json:"namespaceSelector"`
Expand Down Expand Up @@ -133,15 +133,15 @@ type AdminNetworkPolicyIngressPeer struct {
// Support: Core
//
// +optional
Namespaces *NamespacedPeer `json:"namespaces,omitempty"`
Namespaces *metav1.LabelSelector `json:"namespaceSelector,omitempty"`
// Pods defines a way to select a set of pods in
// a set of namespaces. Note that host-networked pods
// are not included in this type of peer.
//
// Support: Core
//
// +optional
Pods *NamespacedPodPeer `json:"pods,omitempty"`
Pods *NamespacedPod `json:"pods,omitempty"`
}

// AdminNetworkPolicyEgressPeer defines a peer to allow traffic to.
Expand All @@ -157,15 +157,15 @@ type AdminNetworkPolicyEgressPeer struct {
// Support: Core
//
// +optional
Namespaces *NamespacedPeer `json:"namespaces,omitempty"`
Namespaces *metav1.LabelSelector `json:"namespaceSelector,omitempty"`
// Pods defines a way to select a set of pods in
// a set of namespaces. Note that host-networked pods
// are not included in this type of peer.
//
// Support: Core
//
// +optional
Pods *NamespacedPodPeer `json:"pods,omitempty"`
Pods *NamespacedPod `json:"pods,omitempty"`
// Nodes defines a way to select a set of nodes in
// the cluster. This field follows standard label selector
// semantics; if present but empty, it selects all Nodes.
Expand All @@ -176,64 +176,3 @@ type AdminNetworkPolicyEgressPeer struct {
// +optional
Nodes *metav1.LabelSelector `json:"nodes,omitempty"`
}

// NamespacedPeer defines a flexible way to select Namespaces in a cluster.
// Exactly one of the selectors must be set. If a consumer observes none of
// its fields are set, they must assume an unknown option has been specified
// and fail closed.
// +kubebuilder:validation:MaxProperties=1
// +kubebuilder:validation:MinProperties=1
type NamespacedPeer struct {
// NamespaceSelector is a labelSelector used to select Namespaces, This field
// follows standard label selector semantics; if present but empty, it selects
// all Namespaces.
//
// Support: Core
//
// +optional
NamespaceSelector *metav1.LabelSelector `json:"namespaceSelector,omitempty"`

// SameLabels is used to select a set of Namespaces that share the same values
// for a set of labels.
// To be selected a Namespace must have all of the labels defined in SameLabels,
// AND they must all have the same value as the subject of this policy.
// If Samelabels is Empty then nothing is selected.
//
// Support: Extended
//
// <network-policy-api:experimental>
// +optional
// +kubebuilder:validation:MaxItems=100
SameLabels []string `json:"sameLabels,omitempty"`

// NotSameLabels is used to select a set of Namespaces that do not have certain
// values for a set of label(s).
// To be selected a Namespace must have all of the labels defined in NotSameLabels,
// AND at least one of them must have different values than the subject of this policy.
// If NotSameLabels is empty then nothing is selected.
//
// Support: Extended
//
// <network-policy-api:experimental>
// +optional
// +kubebuilder:validation:MaxItems=100
NotSameLabels []string `json:"notSameLabels,omitempty"`
}

// NamespacedPodPeer defines a flexible way to select Namespaces and pods in a
// cluster. The `Namespaces` and `PodSelector` fields are required.
type NamespacedPodPeer struct {
// Namespaces is used to select a set of Namespaces.
//
// Support: Core
//
Namespaces NamespacedPeer `json:"namespaces"`

// PodSelector is a labelSelector used to select Pods, This field is NOT optional,
// follows standard label selector semantics and if present but empty, it selects
// all Pods.
//
// Support: Core
//
PodSelector metav1.LabelSelector `json:"podSelector"`
}
65 changes: 9 additions & 56 deletions apis/v1alpha1/zz_generated.deepcopy.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading

0 comments on commit ac70784

Please sign in to comment.