github.com/tigera/api@v0.0.0-20240320170621-278e89a8c5fb/pkg/apis/projectcalico/v3/profile.go (about) 1 // Copyright (c) 2017-2023 Tigera, Inc. All rights reserved. 2 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 15 package v3 16 17 import ( 18 metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" 19 ) 20 21 const ( 22 KindProfile = "Profile" 23 KindProfileList = "ProfileList" 24 ) 25 26 // +genclient:nonNamespaced 27 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object 28 29 // ProfileList is a list of Profile objects. 30 type ProfileList struct { 31 metav1.TypeMeta `json:",inline"` 32 metav1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` 33 34 Items []Profile `json:"items" protobuf:"bytes,2,rep,name=items"` 35 } 36 37 // +genclient 38 // +genclient:nonNamespaced 39 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object 40 41 type Profile struct { 42 metav1.TypeMeta `json:",inline"` 43 metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` 44 45 Spec ProfileSpec `json:"spec,omitempty" protobuf:"bytes,2,opt,name=spec"` 46 } 47 48 // ProfileSpec contains the specification for a security Profile resource. 49 type ProfileSpec struct { 50 // The ordered set of ingress rules. Each rule contains a set of packet match criteria and 51 // a corresponding action to apply. 52 Ingress []Rule `json:"ingress,omitempty" validate:"omitempty,dive"` 53 // The ordered set of egress rules. Each rule contains a set of packet match criteria and 54 // a corresponding action to apply. 55 Egress []Rule `json:"egress,omitempty" validate:"omitempty,dive"` 56 // An option set of labels to apply to each endpoint (in addition to their own labels) 57 // referencing this profile. If labels configured on the endpoint have keys matching those 58 // labels inherited from the profile, the endpoint label values take precedence. 59 LabelsToApply map[string]string `json:"labelsToApply,omitempty" validate:"omitempty,labels"` 60 // Egress control. 61 EgressGateway *EgressGatewaySpec `json:"egressGateway,omitempty" validate:"omitempty"` 62 } 63 64 // EgressGatewaySpec allows to define an egress gateway directly, or to refer to 65 // an egress gateway policy resource. 66 type EgressGatewaySpec struct { 67 // Only one of these may be set. 68 // Reference to an EgressGatewayPolicy to use. 69 Policy string `json:"policy,omitempty" validate:"omitempty"` 70 71 // Reference to a specific EgressGateway to use. 72 Gateway *EgressSpec `json:"gateway,omitempty" validate:"omitempty"` 73 } 74 75 // EgressSpec defines which egress gateway should be used. 76 type EgressSpec struct { 77 // NamespaceSelector selects one or more namespaces containing an egress gateway deployment. 78 NamespaceSelector string `json:"namespaceSelector,omitempty" validate:"omitempty,selector"` 79 80 // Selector is an expression used to pick out the egress gateway that the destination can 81 // be reached via. 82 Selector string `json:"selector,omitempty" validate:"omitempty,selector"` 83 84 // MaxNextHops specifies the maximum number of egress gateway replicas from the selected 85 // deployment that a pod should depend on. 86 MaxNextHops int `json:"maxNextHops,omitempty" validate:"omitempty,gte=0"` 87 } 88 89 // NewProfile creates a new (zeroed) Profile struct with the TypeMetadata initialised to the current 90 // version. 91 func NewProfile() *Profile { 92 return &Profile{ 93 TypeMeta: metav1.TypeMeta{ 94 Kind: KindProfile, 95 APIVersion: GroupVersionCurrent, 96 }, 97 } 98 }