1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
|
// This file was autogenerated by go-to-protobuf. Do not edit it manually!
syntax = 'proto2';
package github.com.openshift.api.network.v1;
import "k8s.io/apimachinery/pkg/apis/meta/v1/generated.proto";
import "k8s.io/apimachinery/pkg/runtime/schema/generated.proto";
// Package-wide variables from generator "generated".
option go_package = "v1";
// ClusterNetwork describes the cluster network. There is normally only one object of this type,
// named "default", which is created by the SDN network plugin based on the master configuration
// when the cluster is brought up for the first time.
message ClusterNetwork {
// Standard object's metadata.
optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1;
// Network is a CIDR string specifying the global overlay network's L3 space
optional string network = 2;
// HostSubnetLength is the number of bits of network to allocate to each node. eg, 8 would mean that each node would have a /24 slice of the overlay network for its pods
optional uint32 hostsubnetlength = 3;
// ServiceNetwork is the CIDR range that Service IP addresses are allocated from
optional string serviceNetwork = 4;
// PluginName is the name of the network plugin being used
optional string pluginName = 5;
// ClusterNetworks is a list of ClusterNetwork objects that defines the global overlay network's L3 space by specifying a set of CIDR and netmasks that the SDN can allocate addressed from.
repeated ClusterNetworkEntry clusterNetworks = 6;
// VXLANPort sets the VXLAN destination port used by the cluster. It is set by the master configuration file on startup and cannot be edited manually. Valid values for VXLANPort are integers 1-65535 inclusive and if unset defaults to 4789. Changing VXLANPort allows users to resolve issues between openshift SDN and other software trying to use the same VXLAN destination port.
optional uint32 vxlanPort = 7;
}
// ClusterNetworkEntry defines an individual cluster network. The CIDRs cannot overlap with other cluster network CIDRs, CIDRs reserved for external ips, CIDRs reserved for service networks, and CIDRs reserved for ingress ips.
message ClusterNetworkEntry {
// CIDR defines the total range of a cluster networks address space.
optional string cidr = 1;
// HostSubnetLength is the number of bits of the accompanying CIDR address to allocate to each node. eg, 8 would mean that each node would have a /24 slice of the overlay network for its pods.
optional uint32 hostSubnetLength = 2;
}
// ClusterNetworkList is a collection of ClusterNetworks
message ClusterNetworkList {
// Standard object's metadata.
optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1;
// Items is the list of cluster networks
repeated ClusterNetwork items = 2;
}
// EgressNetworkPolicy describes the current egress network policy for a Namespace. When using
// the 'redhat/openshift-ovs-multitenant' network plugin, traffic from a pod to an IP address
// outside the cluster will be checked against each EgressNetworkPolicyRule in the pod's
// namespace's EgressNetworkPolicy, in order. If no rule matches (or no EgressNetworkPolicy
// is present) then the traffic will be allowed by default.
message EgressNetworkPolicy {
// metadata for EgressNetworkPolicy
optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1;
// spec is the specification of the current egress network policy
optional EgressNetworkPolicySpec spec = 2;
}
// EgressNetworkPolicyList is a collection of EgressNetworkPolicy
message EgressNetworkPolicyList {
// metadata for EgressNetworkPolicyList
optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1;
// items is the list of policies
repeated EgressNetworkPolicy items = 2;
}
// EgressNetworkPolicyPeer specifies a target to apply egress network policy to
message EgressNetworkPolicyPeer {
// cidrSelector is the CIDR range to allow/deny traffic to. If this is set, dnsName must be unset
optional string cidrSelector = 1;
// dnsName is the domain name to allow/deny traffic to. If this is set, cidrSelector must be unset
optional string dnsName = 2;
}
// EgressNetworkPolicyRule contains a single egress network policy rule
message EgressNetworkPolicyRule {
// type marks this as an "Allow" or "Deny" rule
optional string type = 1;
// to is the target that traffic is allowed/denied to
optional EgressNetworkPolicyPeer to = 2;
}
// EgressNetworkPolicySpec provides a list of policies on outgoing network traffic
message EgressNetworkPolicySpec {
// egress contains the list of egress policy rules
repeated EgressNetworkPolicyRule egress = 1;
}
// HostSubnet describes the container subnet network on a node. The HostSubnet object must have the
// same name as the Node object it corresponds to.
message HostSubnet {
// Standard object's metadata.
optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1;
// Host is the name of the node. (This is the same as the object's name, but both fields must be set.)
optional string host = 2;
// HostIP is the IP address to be used as a VTEP by other nodes in the overlay network
optional string hostIP = 3;
// Subnet is the CIDR range of the overlay network assigned to the node for its pods
optional string subnet = 4;
// EgressIPs is the list of automatic egress IP addresses currently hosted by this node.
// If EgressCIDRs is empty, this can be set by hand; if EgressCIDRs is set then the
// master will overwrite the value here with its own allocation of egress IPs.
// +optional
repeated string egressIPs = 5;
// EgressCIDRs is the list of CIDR ranges available for automatically assigning
// egress IPs to this node from. If this field is set then EgressIPs should be
// treated as read-only.
// +optional
repeated string egressCIDRs = 6;
}
// HostSubnetList is a collection of HostSubnets
message HostSubnetList {
// Standard object's metadata.
optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1;
// Items is the list of host subnets
repeated HostSubnet items = 2;
}
// NetNamespace describes a single isolated network. When using the redhat/openshift-ovs-multitenant
// plugin, every Namespace will have a corresponding NetNamespace object with the same name.
// (When using redhat/openshift-ovs-subnet, NetNamespaces are not used.)
message NetNamespace {
// Standard object's metadata.
optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1;
// NetName is the name of the network namespace. (This is the same as the object's name, but both fields must be set.)
optional string netname = 2;
// NetID is the network identifier of the network namespace assigned to each overlay network packet. This can be manipulated with the "oc adm pod-network" commands.
optional uint32 netid = 3;
// EgressIPs is a list of reserved IPs that will be used as the source for external traffic coming from pods in this namespace. (If empty, external traffic will be masqueraded to Node IPs.)
// +optional
repeated string egressIPs = 4;
}
// NetNamespaceList is a collection of NetNamespaces
message NetNamespaceList {
// Standard object's metadata.
optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1;
// Items is the list of net namespaces
repeated NetNamespace items = 2;
}
|
