Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update domain selector to domainNames #232

Merged
merged 1 commit into from
Jun 3, 2024
Merged

Update domain selector to domainNames #232

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
30 changes: 15 additions & 15 deletions npeps/npep-133-fqdn-egress-selector.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -104,10 +104,10 @@ This NPEP proposes adding a new type of `AdminNetworkPolicyEgressPeer` called

```golang

// Domain describes one or more DNS names to be used as a peer.
// DomainName describes one or more domain names to be used as a peer.
//
// Domain can be an exact match, or use the wildcard specifier '*' to match one
// or more labels.
// DomainName can be an exact match, or use the wildcard specifier '*' to match
// one or more labels.
//
// '*', the wildcard specifier, matches one or more entire labels. It does not
// support partial matches. '*' may only be specified as a prefix.
Expand All @@ -124,24 +124,24 @@ This NPEP proposes adding a new type of `AdminNetworkPolicyEgressPeer` called
// "wikipedia.org" do not.
//
// +kubebuilder:validation:Pattern=`^(\*\.)?([a-zA-z0-9]([-a-zA-Z0-9_]*[a-zA-Z0-9])?\.)+[a-zA-z0-9]([-a-zA-Z0-9_]*[a-zA-Z0-9])?\.?$`
type Domain string
type DomainName string

type AdminNetworkPolicyEgressPeer struct {
<snipped>
// Domains provides a way to specify domain names as peers.
//
// Domains is only supported for ALLOW rules. In order to control access,
// Domain ALLOW rules should be used with a lower priority egress deny --
// this allows the admin to maintain an explicit "allowlist" of reachable
// domains.
//
// DomainNames provides a way to specify domain names as peers.
//
// DomainNames is only supported for ALLOW rules. In order to control
// access, DomainNames ALLOW rules should be used with a lower priority
// egress deny -- this allows the admin to maintain an explicit "allowlist"
// of reachable domains.
//
// Support: Extended
//
// <network-policy-api:experimental>
// +optional
// +listType=set
// +kubebuilder:validation:MinItems=1
Domains []Domain `json:"domains,omitempty"`
DomainNames []Domain `json:"domainNames,omitempty"`
}
```

Expand All @@ -164,7 +164,7 @@ spec:
- name: "allow-to-my-service"
action: "Allow"
to:
- domains:
- domainNames:
- "my-service.com"
- "*.cloud-provider.io"
ports:
Expand Down Expand Up @@ -194,7 +194,7 @@ spec:
- name: "allow-to-my-service"
action: "Allow"
to:
- domains:
- domainNames:
- "my-service.com"
- "*.cloud-provider.io"
ports:
Expand Down Expand Up @@ -225,7 +225,7 @@ spec:
- name: "allow-to-my-service"
action: "Allow"
to:
- domains:
- domainNames:
- "my-service.com"
- "*.cloud-provider.io"
ports:
Expand Down
Loading