k8s.io/kubernetes@v1.31.0-alpha.0.0.20240520171757-56147500dadc/cluster/addons/calico-policy-controller/hostendpoints-crd.yaml (about) 1 apiVersion: apiextensions.k8s.io/v1 2 kind: CustomResourceDefinition 3 metadata: 4 labels: 5 addonmanager.kubernetes.io/mode: Reconcile 6 name: hostendpoints.crd.projectcalico.org 7 spec: 8 group: crd.projectcalico.org 9 names: 10 kind: HostEndpoint 11 listKind: HostEndpointList 12 plural: hostendpoints 13 singular: hostendpoint 14 scope: Cluster 15 versions: 16 - name: v1 17 schema: 18 openAPIV3Schema: 19 properties: 20 apiVersion: 21 description: 'APIVersion defines the versioned schema of this representation 22 of an object. Servers should convert recognized schemas to the latest 23 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 24 type: string 25 kind: 26 description: 'Kind is a string value representing the REST resource this 27 object represents. Servers may infer this from the endpoint the client 28 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 29 type: string 30 metadata: 31 type: object 32 spec: 33 description: HostEndpointSpec contains the specification for a HostEndpoint 34 resource. 35 properties: 36 expectedIPs: 37 description: "The expected IP addresses (IPv4 and IPv6) of the endpoint. 38 If \"InterfaceName\" is not present, Calico will look for an interface 39 matching any of the IPs in the list and apply policy to that. Note: 40 \tWhen using the selector match criteria in an ingress or egress 41 security Policy \tor Profile, Calico converts the selector into 42 a set of IP addresses. For host \tendpoints, the ExpectedIPs field 43 is used for that purpose. (If only the interface \tname is specified, 44 Calico does not learn the IPs of the interface for use in match 45 \tcriteria.)" 46 items: 47 type: string 48 type: array 49 interfaceName: 50 description: "Either \"*\", or the name of a specific Linux interface 51 to apply policy to; or empty. \"*\" indicates that this HostEndpoint 52 governs all traffic to, from or through the default network namespace 53 of the host named by the \"Node\" field; entering and leaving that 54 namespace via any interface, including those from/to non-host-networked 55 local workloads. \n If InterfaceName is not \"*\", this HostEndpoint 56 only governs traffic that enters or leaves the host through the 57 specific interface named by InterfaceName, or - when InterfaceName 58 is empty - through the specific interface that has one of the IPs 59 in ExpectedIPs. Therefore, when InterfaceName is empty, at least 60 one expected IP must be specified. Only external interfaces (such 61 as “eth0”) are supported here; it isn't possible for a HostEndpoint 62 to protect traffic through a specific local workload interface. 63 \n Note: Only some kinds of policy are implemented for \"*\" HostEndpoints; 64 initially just pre-DNAT policy. Please check Calico documentation 65 for the latest position." 66 type: string 67 node: 68 description: The node name identifying the Calico node instance. 69 type: string 70 ports: 71 description: Ports contains the endpoint's named ports, which may 72 be referenced in security policy rules. 73 items: 74 properties: 75 name: 76 type: string 77 port: 78 type: integer 79 protocol: 80 anyOf: 81 - type: integer 82 - type: string 83 pattern: ^.* 84 x-kubernetes-int-or-string: true 85 required: 86 - name 87 - port 88 - protocol 89 type: object 90 type: array 91 profiles: 92 description: A list of identifiers of security Profile objects that 93 apply to this endpoint. Each profile is applied in the order that 94 they appear in this list. Profile rules are applied after the selector-based 95 security policy. 96 items: 97 type: string 98 type: array 99 type: object 100 type: object 101 served: true 102 storage: true 103 status: 104 acceptedNames: 105 kind: "" 106 plural: "" 107 conditions: [] 108 storedVersions: []