From a85a7bc8b1761eb748ccf16430fe77587bc764c2 Mon Sep 17 00:00:00 2001 From: Maysa Macedo Date: Fri, 14 Jun 2019 15:09:36 +0000 Subject: [PATCH] Add CRD validation to KuryrNet and KuryrNetPolicy This commits adds validation to important fields of KuryrNet and KuryrNetPolicy CRDs. Change-Id: I0262d60291e8f163e72f6c078c341984b5e5020c --- kubernetes_crds/kuryrnet.yaml | 30 ++++++++ kubernetes_crds/kuryrnetpolicy.yaml | 104 ++++++++++++++++++++++++++++ 2 files changed, 134 insertions(+) diff --git a/kubernetes_crds/kuryrnet.yaml b/kubernetes_crds/kuryrnet.yaml index b7c6b51ea..6a1e46e1e 100644 --- a/kubernetes_crds/kuryrnet.yaml +++ b/kubernetes_crds/kuryrnet.yaml @@ -10,3 +10,33 @@ spec: plural: kuryrnets singular: kuryrnet kind: KuryrNet + additionalPrinterColumns: + - name: SUBNET-CIDR + type: string + description: The subnet CIDR allocated to the namespace + JSONPath: .spec.subnetCIDR + - name: Age + type: date + JSONPath: .metadata.creationTimestamp + validation: + openAPIV3Schema: + properties: + spec: + required: + - netId + - routerId + - subnetCIDR + - subnetId + properties: + netId: + type: string + populated: + type: boolean + routerId: + type: string + sgId: + type: string + subnetCIDR: + type: string + subnetId: + type: string diff --git a/kubernetes_crds/kuryrnetpolicy.yaml b/kubernetes_crds/kuryrnetpolicy.yaml index 018ed6b53..7c5537c18 100644 --- a/kubernetes_crds/kuryrnetpolicy.yaml +++ b/kubernetes_crds/kuryrnetpolicy.yaml @@ -12,3 +12,107 @@ spec: kind: KuryrNetPolicy shortNames: - knp + additionalPrinterColumns: + - name: SG-ID + type: string + description: The ID of the SG associated to the policy + JSONPath: .spec.securityGroupId + - name: Age + type: date + JSONPath: .metadata.creationTimestamp + validation: + openAPIV3Schema: + properties: + spec: + required: + - egressSgRules + - ingressSgRules + - networkpolicy_spec + - podSelector + - securityGroupId + properties: + egressSgRules: + type: array + items: + type: object + required: + - security_group_rule + properties: + remote_ip_prefixes: + type: object + namespace: + type: string + security_group_rule: + type: object + required: + - id + properties: + description: + type: string + direction: + type: string + ethertype: + type: string + id: + type: string + port_range_max: + type: integer + port_range_min: + type: integer + protocol: + type: string + remote_ip_prefix: + type: string + security_group_id: + type: string + ingressSgRules: + type: array + items: + type: object + required: + - security_group_rule + properties: + remote_ip_prefixes: + type: object + namespace: + type: string + security_group_rule: + type: object + required: + - id + properties: + description: + type: string + direction: + type: string + ethertype: + type: string + id: + type: string + port_range_max: + type: integer + port_range_min: + type: integer + protocol: + type: string + remote_ip_prefix: + type: string + security_group_id: + type: string + networkpolicy_spec: + type: object + properties: + podSelector: + type: object + policyTypes: + type: array + ingress: + type: array + egress: + type: array + podSelector: + type: object + securityGroupId: + type: string + securityGroupName: + type: string