Merge pull request #16 from k8snetworkplumbingwg/dev/v1beta2

Support endPort in multi-networkpolicy in v1beta2

README.md

@@ -11,9 +11,18 @@ It is now actively developping hence not stable yet. Bug report and feature requ
 Kubernetes provides [Network Policies](https://kubernetes.io/docs/concepts/services-networking/network-policies/) for network security. Currently net-attach-def does not support Network Policies because net-attach-def is CRD, user defined resources, outside of Kubernetes.
 multi-network policy implements Network Policiy functionality for net-attach-def, by iptables and provies network security for net-attach-def networks.
 
+## Current API version / branch
+
+Currently API version and branch are mapped as following. `master` branch is working version, hence the CRD will be changed sometimes. If you want to have stable API, we recommend to use previous one.
+
+| branch name | API version                          |
+|-------------|--------------------------------------|
+| master      | v1beta2 (working version, not fixed) |
+| v1beta1     | v1beta1 (fixed)                      |
+
 ## Current Implementations
 
-- [multi-networkpolicy-iptables](https://github.com/k8snetworkplumbingwg/multi-networkpolicy-iptables)
+- [multi-networkpolicy-iptables](https://github.com/k8snetworkplumbingwg/multi-networkpolicy-iptables) supports v1beta1
 
 ## MultiNetworkPolicy CRD
 

pkg/apis/k8s.cni.cncf.io/v1beta2/doc.go

@@ -0,0 +1,5 @@
+// +k8s:deepcopy-gen=package,register
+// +groupName=k8s.cni.cncf.io
+// +groupGoName=K8sCniCncfIo
+
+package v1beta1

pkg/apis/k8s.cni.cncf.io/v1beta2/register.go

@@ -0,0 +1,42 @@
+package v1beta1
+
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/apimachinery/pkg/runtime/schema"
+
+	k8scnicncfio "github.com/k8snetworkplumbingwg/multi-networkpolicy/pkg/apis/k8s.cni.cncf.io"
+)
+
+// SchemeGroupVersion is group version used to register these objects
+var SchemeGroupVersion = schema.GroupVersion{Group: k8scnicncfio.GroupName, Version: "v1beta1"}
+
+// Resource takes an unqualified resource and returns a Group qualified GroupResource
+func Resource(resource string) schema.GroupResource {
+	return SchemeGroupVersion.WithResource(resource).GroupResource()
+}
+
+var (
+	// SchemeBuilder : localSchemeBuilder and AddToScheme will stay in k8s.io/kubernetes.
+	SchemeBuilder      runtime.SchemeBuilder
+	localSchemeBuilder = &SchemeBuilder
+	// AddToScheme ...
+	AddToScheme = localSchemeBuilder.AddToScheme
+)
+
+func init() {
+	// We only register manually written functions here. The registration of the
+	// generated functions takes place in the generated files. The separation
+	// makes the code compile even when the generated files are missing.
+	localSchemeBuilder.Register(addKnownTypes)
+}
+
+// Adds the list of known types to api.Scheme.
+func addKnownTypes(scheme *runtime.Scheme) error {
+	scheme.AddKnownTypes(SchemeGroupVersion,
+		&MultiNetworkPolicy{},
+		&MultiNetworkPolicyList{},
+	)
+	metav1.AddToGroupVersion(scheme, SchemeGroupVersion)
+	return nil
+}

pkg/apis/k8s.cni.cncf.io/v1beta2/types.go

@@ -0,0 +1,123 @@
+/*
+Copyright 2020 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1beta1
+
+import (
+	"k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/util/intstr"
+)
+
+// +genclient
+// +genclient:noStatus
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+// +resourceName=multi-networkpolicies
+
+// MultiNetworkPolicy ...
+type MultiNetworkPolicy struct {
+	metav1.TypeMeta `json:",inline"`
+	// Standard object's metadata.
+	// +optional
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+
+	// +optional
+	Spec MultiNetworkPolicySpec `json:"spec,omitempty"`
+}
+
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+
+// MultiNetworkPolicyList ...
+type MultiNetworkPolicyList struct {
+	metav1.TypeMeta `json:",inline"`
+	// Standard object's metadata.
+	// +optional
+	metav1.ListMeta `json:"metadata,omitempty"`
+
+	Items []MultiNetworkPolicy `json:"items"`
+}
+
+// MultiPolicyType ...
+type MultiPolicyType string
+
+const (
+	// PolicyTypeIngress ...
+	PolicyTypeIngress MultiPolicyType = "Ingress"
+	// PolicyTypeEgress ...
+	PolicyTypeEgress MultiPolicyType = "Egress"
+)
+
+// MultiNetworkPolicySpec ...
+type MultiNetworkPolicySpec struct {
+	PodSelector metav1.LabelSelector `json:"podSelector"`
+
+	// +optional
+	Ingress []MultiNetworkPolicyIngressRule `json:"ingress,omitempty"`
+
+	// +optional
+	Egress []MultiNetworkPolicyEgressRule `json:"egress,omitempty"`
+	// +optional
+	PolicyTypes []MultiPolicyType `json:"policyTypes,omitempty"`
+}
+
+// MultiNetworkPolicyIngressRule ...
+type MultiNetworkPolicyIngressRule struct {
+	// +optional
+	Ports []MultiNetworkPolicyPort `json:"ports,omitempty"`
+
+	// +optional
+	From []MultiNetworkPolicyPeer `json:"from,omitempty"`
+}
+
+// MultiNetworkPolicyEgressRule ...
+type MultiNetworkPolicyEgressRule struct {
+	// +optional
+	Ports []MultiNetworkPolicyPort `json:"ports,omitempty"`
+
+	// +optional
+	To []MultiNetworkPolicyPeer `json:"to,omitempty"`
+}
+
+// MultiNetworkPolicyPort ...
+type MultiNetworkPolicyPort struct {
+	// +optional
+	Protocol *v1.Protocol `json:"protocol,omitempty"`
+
+	// +optional
+	Port *intstr.IntOrString `json:"port,omitempty"`
+
+	// +optional
+	EndPort *int `json:"endPort,omitempty"`
+}
+
+// IPBlock ...
+type IPBlock struct {
+	CIDR string `json:"cidr"`
+	// +optional
+	Except []string `json:"except,omitempty"`
+}
+
+// MultiNetworkPolicyPeer ...
+type MultiNetworkPolicyPeer struct {
+	// +optional
+	PodSelector *metav1.LabelSelector `json:"podSelector,omitempty"`
+
+	// +optional
+	NamespaceSelector *metav1.LabelSelector `json:"namespaceSelector,omitempty"`
+
+	// +optional
+	IPBlock *IPBlock `json:"ipBlock,omitempty"`
+}