openshift · openshift-bot · Apr 18, 2017 · Nov 28, 2016 · Feb 10, 2017 · Apr 5, 2017
diff --git a/api/protobuf-spec/github_com_openshift_origin_pkg_sdn_api_v1.proto b/api/protobuf-spec/github_com_openshift_origin_pkg_sdn_api_v1.proto
diff --git a/api/swagger-spec/oapi-v1.json b/api/swagger-spec/oapi-v1.json
@@ -26928,13 +26928,14 @@
    "v1.EgressNetworkPolicyPeer": {
     "id": "v1.EgressNetworkPolicyPeer",
     "description": "EgressNetworkPolicyPeer specifies a target to apply egress network policy to",
-    "required": [
-     "cidrSelector"
-    ],
     "properties": {
      "cidrSelector": {
       "type": "string",
-      "description": "cidrSelector is the CIDR range to allow/deny traffic to"
+      "description": "cidrSelector is the CIDR range to allow/deny traffic to. If this is set, dnsName must be unset"
+     },
+     "dnsName": {
+      "type": "string",
+      "description": "dnsName is the domain name to allow/deny traffic to. If this is set, cidrSelector must be unset"
      }
     }
    },

diff --git a/api/swagger-spec/openshift-openapi-spec.json b/api/swagger-spec/openshift-openapi-spec.json
@@ -70141,12 +70141,13 @@
    },
    "v1.EgressNetworkPolicyPeer": {
     "description": "EgressNetworkPolicyPeer specifies a target to apply egress network policy to",
-    "required": [
-     "cidrSelector"
-    ],
     "properties": {
      "cidrSelector": {
-      "description": "cidrSelector is the CIDR range to allow/deny traffic to",
+      "description": "cidrSelector is the CIDR range to allow/deny traffic to. If this is set, dnsName must be unset",
+      "type": "string"
+     },
+     "dnsName": {
+      "description": "dnsName is the domain name to allow/deny traffic to. If this is set, cidrSelector must be unset",
       "type": "string"
      }
     }

diff --git a/images/node/Dockerfile b/images/node/Dockerfile
@@ -22,7 +22,7 @@ COPY system-container/manifest.json system-container/config.json.template system
 RUN INSTALL_PKGS="libmnl libnetfilter_conntrack conntrack-tools openvswitch \
       libnfnetlink iptables iproute bridge-utils procps-ng ethtool socat openssl \
       binutils xz kmod-libs kmod sysvinit-tools device-mapper-libs dbus \
-      iscsi-initiator-utils" && \
+      iscsi-initiator-utils bind-utils" && \
     yum install -y $INSTALL_PKGS && \
     rpm -V $INSTALL_PKGS && \
     yum clean all && \

diff --git a/images/node/Dockerfile.centos7 b/images/node/Dockerfile.centos7
@@ -17,7 +17,7 @@ COPY system-container/manifest.json system-container/config.json.template system
 RUN INSTALL_PKGS="origin-sdn-ovs libmnl libnetfilter_conntrack conntrack-tools openvswitch \
       libnfnetlink iptables iproute bridge-utils procps-ng ethtool socat openssl \
       binutils xz kmod-libs kmod sysvinit-tools device-mapper-libs dbus \
-      iscsi-initiator-utils" && \
+      iscsi-initiator-utils bind-utils" && \
     yum install -y $INSTALL_PKGS && \
     rpm -V $INSTALL_PKGS && \
     yum clean all && \

diff --git a/origin.spec b/origin.spec
@@ -173,6 +173,7 @@ Summary:          %{product_name} SDN Plugin for Open vSwitch
 Requires:         openvswitch >= %{openvswitch_version}
 Requires:         %{name}-node = %{version}-%{release}
 Requires:         bridge-utils
+Requires:         bind-utils
 Requires:         ethtool
 Requires:         procps-ng
 Requires:         iproute

diff --git a/pkg/cmd/cli/describe/describer.go b/pkg/cmd/cli/describe/describer.go
@@ -1653,7 +1653,11 @@ func (d *EgressNetworkPolicyDescriber) Describe(namespace, name string, settings
 	return tabbedString(func(out *tabwriter.Writer) error {
 		formatMeta(out, policy.ObjectMeta)
 		for _, rule := range policy.Spec.Egress {
-			fmt.Fprintf(out, "Rule:\t%s to %s\n", rule.Type, rule.To.CIDRSelector)
+			if len(rule.To.CIDRSelector) > 0 {
+				fmt.Fprintf(out, "Rule:\t%s to %s\n", rule.Type, rule.To.CIDRSelector)
+			} else {
+				fmt.Fprintf(out, "Rule:\t%s to %s\n", rule.Type, rule.To.DNSName)
+			}
 		}
 		return nil
 	})

diff --git a/pkg/openapi/zz_generated.openapi.go b/pkg/openapi/zz_generated.openapi.go
@@ -11887,13 +11887,19 @@ var OpenAPIDefinitions *common.OpenAPIDefinitions = &common.OpenAPIDefinitions{
 				Properties: map[string]spec.Schema{
 					"cidrSelector": {
 						SchemaProps: spec.SchemaProps{
-							Description: "cidrSelector is the CIDR range to allow/deny traffic to",
+							Description: "cidrSelector is the CIDR range to allow/deny traffic to. If this is set, dnsName must be unset",
+							Type:        []string{"string"},
+							Format:      "",
+						},
+					},
+					"dnsName": {
+						SchemaProps: spec.SchemaProps{
+							Description: "dnsName is the domain name to allow/deny traffic to. If this is set, cidrSelector must be unset",
 							Type:        []string{"string"},
 							Format:      "",
 						},
 					},
 				},
-				Required: []string{"cidrSelector"},
 			},
 		},
 		Dependencies: []string{},

diff --git a/pkg/sdn/api/types.go b/pkg/sdn/api/types.go
@@ -73,6 +73,7 @@ const (
 // EgressNetworkPolicyPeer specifies a target to apply egress policy to
 type EgressNetworkPolicyPeer struct {
 	CIDRSelector string
+	DNSName      string
 }
 
 // EgressNetworkPolicyRule contains a single egress network policy rule

diff --git a/pkg/sdn/api/v1/generated.pb.go b/pkg/sdn/api/v1/generated.pb.go
diff --git a/pkg/sdn/api/v1/generated.proto b/pkg/sdn/api/v1/generated.proto
diff --git a/pkg/sdn/api/v1/swagger_doc.go b/pkg/sdn/api/v1/swagger_doc.go
@@ -50,7 +50,8 @@ func (EgressNetworkPolicyList) SwaggerDoc() map[string]string {
 
 var map_EgressNetworkPolicyPeer = map[string]string{
 	"":             "EgressNetworkPolicyPeer specifies a target to apply egress network policy to",
-	"cidrSelector": "cidrSelector is the CIDR range to allow/deny traffic to",
+	"cidrSelector": "cidrSelector is the CIDR range to allow/deny traffic to. If this is set, dnsName must be unset",
+	"dnsName":      "dnsName is the domain name to allow/deny traffic to. If this is set, cidrSelector must be unset",
 }
 
 func (EgressNetworkPolicyPeer) SwaggerDoc() map[string]string {

diff --git a/pkg/sdn/api/v1/types.go b/pkg/sdn/api/v1/types.go
@@ -95,8 +95,10 @@ const (
 
 // EgressNetworkPolicyPeer specifies a target to apply egress network policy to
 type EgressNetworkPolicyPeer struct {
-	// cidrSelector is the CIDR range to allow/deny traffic to
-	CIDRSelector string `json:"cidrSelector" protobuf:"bytes,1,rep,name=cidrSelector"`
+	// cidrSelector is the CIDR range to allow/deny traffic to. If this is set, dnsName must be unset
+	CIDRSelector string `json:"cidrSelector,omitempty" protobuf:"bytes,1,rep,name=cidrSelector"`
+	// dnsName is the domain name to allow/deny traffic to. If this is set, cidrSelector must be unset
+	DNSName string `json:"dnsName,omitempty" protobuf:"bytes,2,rep,name=dnsName"`
 }
 
 // EgressNetworkPolicyRule contains a single egress network policy rule

diff --git a/pkg/sdn/api/v1/zz_generated.conversion.go b/pkg/sdn/api/v1/zz_generated.conversion.go
@@ -185,6 +185,7 @@ func Convert_api_EgressNetworkPolicyList_To_v1_EgressNetworkPolicyList(in *api.E
 
 func autoConvert_v1_EgressNetworkPolicyPeer_To_api_EgressNetworkPolicyPeer(in *EgressNetworkPolicyPeer, out *api.EgressNetworkPolicyPeer, s conversion.Scope) error {
 	out.CIDRSelector = in.CIDRSelector
+	out.DNSName = in.DNSName
 	return nil
 }
 
@@ -194,6 +195,7 @@ func Convert_v1_EgressNetworkPolicyPeer_To_api_EgressNetworkPolicyPeer(in *Egres
 
 func autoConvert_api_EgressNetworkPolicyPeer_To_v1_EgressNetworkPolicyPeer(in *api.EgressNetworkPolicyPeer, out *EgressNetworkPolicyPeer, s conversion.Scope) error {
 	out.CIDRSelector = in.CIDRSelector
+	out.DNSName = in.DNSName
 	return nil
 }
 

diff --git a/pkg/sdn/api/v1/zz_generated.deepcopy.go b/pkg/sdn/api/v1/zz_generated.deepcopy.go
@@ -111,6 +111,7 @@ func DeepCopy_v1_EgressNetworkPolicyPeer(in interface{}, out interface{}, c *con
 		in := in.(*EgressNetworkPolicyPeer)
 		out := out.(*EgressNetworkPolicyPeer)
 		out.CIDRSelector = in.CIDRSelector
+		out.DNSName = in.DNSName
 		return nil
 	}
 }