github.com/tigera/api@v0.0.0-20240320170621-278e89a8c5fb/pkg/apis/projectcalico/v3/hostendpoint.go

github.com/tigera/api@v0.0.0-20240320170621-278e89a8c5fb/pkg/apis/projectcalico/v3/hostendpoint.go (about)

     1  // Copyright (c) 2017,2020-2021 Tigera, Inc. All rights reserved.
     2  
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //     http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  
    15  package v3
    16  
    17  import (
    18  	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
    19  
    20  	"github.com/tigera/api/pkg/lib/numorstring"
    21  )
    22  
    23  const (
    24  	KindHostEndpoint     = "HostEndpoint"
    25  	KindHostEndpointList = "HostEndpointList"
    26  )
    27  
    28  // +genclient:nonNamespaced
    29  // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
    30  
    31  // HostEndpointList is a list of HostEndpoint objects.
    32  type HostEndpointList struct {
    33  	metav1.TypeMeta `json:",inline"`
    34  	metav1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"`
    35  
    36  	Items []HostEndpoint `json:"items" protobuf:"bytes,2,rep,name=items"`
    37  }
    38  
    39  // +genclient
    40  // +genclient:nonNamespaced
    41  // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
    42  
    43  type HostEndpoint struct {
    44  	metav1.TypeMeta   `json:",inline"`
    45  	metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"`
    46  
    47  	Spec HostEndpointSpec `json:"spec,omitempty" protobuf:"bytes,2,opt,name=spec"`
    48  }
    49  
    50  // HostEndpointSpec contains the specification for a HostEndpoint resource.
    51  type HostEndpointSpec struct {
    52  	// The node name identifying the Calico node instance.
    53  	Node string `json:"node,omitempty" validate:"omitempty,name"`
    54  	// Either "*", or the name of a specific Linux interface to apply policy to; or empty.  "*"
    55  	// indicates that this HostEndpoint governs all traffic to, from or through the default
    56  	// network namespace of the host named by the "Node" field; entering and leaving that
    57  	// namespace via any interface, including those from/to non-host-networked local workloads.
    58  	//
    59  	// If InterfaceName is not "*", this HostEndpoint only governs traffic that enters or leaves
    60  	// the host through the specific interface named by InterfaceName, or - when InterfaceName
    61  	// is empty - through the specific interface that has one of the IPs in ExpectedIPs.
    62  	// Therefore, when InterfaceName is empty, at least one expected IP must be specified.  Only
    63  	// external interfaces (such as "eth0") are supported here; it isn't possible for a
    64  	// HostEndpoint to protect traffic through a specific local workload interface.
    65  	//
    66  	// Note: Only some kinds of policy are implemented for "*" HostEndpoints; initially just
    67  	// pre-DNAT policy.  Please check Calico documentation for the latest position.
    68  	InterfaceName string `json:"interfaceName,omitempty" validate:"omitempty,interface"`
    69  	// The expected IP addresses (IPv4 and IPv6) of the endpoint.
    70  	// If "InterfaceName" is not present, Calico will look for an interface matching any
    71  	// of the IPs in the list and apply policy to that.
    72  	// Note:
    73  	// 	When using the selector match criteria in an ingress or egress security Policy
    74  	// 	or Profile, Calico converts the selector into a set of IP addresses. For host
    75  	// 	endpoints, the ExpectedIPs field is used for that purpose. (If only the interface
    76  	// 	name is specified, Calico does not learn the IPs of the interface for use in match
    77  	// 	criteria.)
    78  	ExpectedIPs []string `json:"expectedIPs,omitempty" validate:"omitempty,dive,ip"`
    79  	// A list of identifiers of security Profile objects that apply to this endpoint. Each
    80  	// profile is applied in the order that they appear in this list.  Profile rules are applied
    81  	// after the selector-based security policy.
    82  	Profiles []string `json:"profiles,omitempty" validate:"omitempty,dive,name"`
    83  	// Ports contains the endpoint's named ports, which may be referenced in security policy rules.
    84  	Ports []EndpointPort `json:"ports,omitempty" validate:"dive"`
    85  }
    86  
    87  type EndpointPort struct {
    88  	Name     string               `json:"name" validate:"portName"`
    89  	Protocol numorstring.Protocol `json:"protocol"`
    90  	Port     uint16               `json:"port" validate:"gt=0"`
    91  }
    92  
    93  // NewHostEndpoint creates a new (zeroed) HostEndpoint struct with the TypeMetadata initialised to the current
    94  // version.
    95  func NewHostEndpoint() *HostEndpoint {
    96  	return &HostEndpoint{
    97  		TypeMeta: metav1.TypeMeta{
    98  			Kind:       KindHostEndpoint,
    99  			APIVersion: GroupVersionCurrent,
   100  		},
   101  	}
   102  }