{ "description": "CiliumLocalRedirectPolicy is a Kubernetes Custom Resource that contains a\nspecification to redirect traffic locally within a node.", "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { "description": "Spec is the desired behavior of the local redirect policy.", "properties": { "description": { "description": "Description can be used by the creator of the policy to describe the\npurpose of this policy.", "type": "string" }, "redirectBackend": { "description": "RedirectBackend specifies backend configuration to redirect traffic to.\nIt can not be empty.", "properties": { "localEndpointSelector": { "description": "LocalEndpointSelector selects node local pod(s) where traffic is redirected to.", "properties": { "matchExpressions": { "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "items": { "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { "key": { "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "enum": [ "In", "NotIn", "Exists", "DoesNotExist" ], "type": "string" }, "values": { "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "items": { "type": "string" }, "type": "array", "x-kubernetes-list-type": "atomic" } }, "required": [ "key", "operator" ], "type": "object", "additionalProperties": false }, "type": "array", "x-kubernetes-list-type": "atomic" }, "matchLabels": { "additionalProperties": { "description": "MatchLabelsValue represents the value from the MatchLabels {key,value} pair.", "maxLength": 63, "pattern": "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$", "type": "string" }, "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object" } }, "type": "object", "x-kubernetes-map-type": "atomic", "additionalProperties": false }, "toPorts": { "description": "ToPorts is a list of L4 ports with protocol of node local pod(s) where traffic\nis redirected to.\nWhen multiple ports are specified, the ports must be named.", "items": { "description": "PortInfo specifies L4 port number and name along with the transport protocol", "properties": { "name": { "description": "Name is a port name, which must contain at least one [a-z],\nand may also contain [0-9] and '-' anywhere except adjacent to another\n'-' or in the beginning or the end.", "pattern": "^([0-9]{1,4})|([a-zA-Z0-9]-?)*[a-zA-Z](-?[a-zA-Z0-9])*$", "type": "string" }, "port": { "description": "Port is an L4 port number. The string will be strictly parsed as a single uint16.", "pattern": "^()([1-9]|[1-5]?[0-9]{2,4}|6[1-4][0-9]{3}|65[1-4][0-9]{2}|655[1-2][0-9]|6553[1-5])$", "type": "string" }, "protocol": { "description": "Protocol is the L4 protocol.\nAccepted values: \"TCP\", \"UDP\"", "enum": [ "TCP", "UDP" ], "type": "string" } }, "required": [ "port", "protocol" ], "type": "object", "additionalProperties": false }, "type": "array" } }, "required": [ "localEndpointSelector", "toPorts" ], "type": "object", "x-kubernetes-validations": [ { "message": "redirectBackend is immutable", "rule": "self == oldSelf" } ], "additionalProperties": false }, "redirectFrontend": { "description": "RedirectFrontend specifies frontend configuration to redirect traffic from.\nIt can not be empty.", "oneOf": [ { "properties": { "addressMatcher": {} }, "required": [ "addressMatcher" ] }, { "properties": { "serviceMatcher": {} }, "required": [ "serviceMatcher" ] } ], "properties": { "addressMatcher": { "description": "AddressMatcher is a tuple {IP, port, protocol} that matches traffic to be\nredirected.", "properties": { "ip": { "description": "IP is a destination ip address for traffic to be redirected.\n\nExample:\nWhen it is set to \"169.254.169.254\", traffic destined to\n\"169.254.169.254\" is redirected.", "pattern": "((^\\s*((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))\\s*$)|(^\\s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3}))|:)))(%.+)?\\s*$))", "type": "string" }, "toPorts": { "description": "ToPorts is a list of destination L4 ports with protocol for traffic\nto be redirected.\nWhen multiple ports are specified, the ports must be named.\n\nExample:\nWhen set to Port: \"53\" and Protocol: UDP, traffic destined to port '53'\nwith UDP protocol is redirected.", "items": { "description": "PortInfo specifies L4 port number and name along with the transport protocol", "properties": { "name": { "description": "Name is a port name, which must contain at least one [a-z],\nand may also contain [0-9] and '-' anywhere except adjacent to another\n'-' or in the beginning or the end.", "pattern": "^([0-9]{1,4})|([a-zA-Z0-9]-?)*[a-zA-Z](-?[a-zA-Z0-9])*$", "type": "string" }, "port": { "description": "Port is an L4 port number. The string will be strictly parsed as a single uint16.", "pattern": "^()([1-9]|[1-5]?[0-9]{2,4}|6[1-4][0-9]{3}|65[1-4][0-9]{2}|655[1-2][0-9]|6553[1-5])$", "type": "string" }, "protocol": { "description": "Protocol is the L4 protocol.\nAccepted values: \"TCP\", \"UDP\"", "enum": [ "TCP", "UDP" ], "type": "string" } }, "required": [ "port", "protocol" ], "type": "object", "additionalProperties": false }, "type": "array" } }, "required": [ "ip", "toPorts" ], "type": "object", "additionalProperties": false }, "serviceMatcher": { "description": "ServiceMatcher specifies Kubernetes service and port that matches\ntraffic to be redirected.", "properties": { "namespace": { "description": "Namespace is the Kubernetes service namespace.\nThe service namespace must match the namespace of the parent Local\nRedirect Policy. For Cluster-wide Local Redirect Policy, this\ncan be any namespace.", "type": "string" }, "serviceName": { "description": "Name is the name of a destination Kubernetes service that identifies traffic\nto be redirected.\nThe service type needs to be ClusterIP.\n\nExample:\nWhen this field is populated with 'serviceName:myService', all the traffic\ndestined to the cluster IP of this service at the (specified)\nservice port(s) will be redirected.", "type": "string" }, "toPorts": { "description": "ToPorts is a list of destination service L4 ports with protocol for\ntraffic to be redirected. If not specified, traffic for all the service\nports will be redirected.\nWhen multiple ports are specified, the ports must be named.", "items": { "description": "PortInfo specifies L4 port number and name along with the transport protocol", "properties": { "name": { "description": "Name is a port name, which must contain at least one [a-z],\nand may also contain [0-9] and '-' anywhere except adjacent to another\n'-' or in the beginning or the end.", "pattern": "^([0-9]{1,4})|([a-zA-Z0-9]-?)*[a-zA-Z](-?[a-zA-Z0-9])*$", "type": "string" }, "port": { "description": "Port is an L4 port number. The string will be strictly parsed as a single uint16.", "pattern": "^()([1-9]|[1-5]?[0-9]{2,4}|6[1-4][0-9]{3}|65[1-4][0-9]{2}|655[1-2][0-9]|6553[1-5])$", "type": "string" }, "protocol": { "description": "Protocol is the L4 protocol.\nAccepted values: \"TCP\", \"UDP\"", "enum": [ "TCP", "UDP" ], "type": "string" } }, "required": [ "port", "protocol" ], "type": "object", "additionalProperties": false }, "type": "array" } }, "required": [ "namespace", "serviceName" ], "type": "object", "additionalProperties": false } }, "type": "object", "x-kubernetes-validations": [ { "message": "redirectFrontend is immutable", "rule": "self == oldSelf" } ], "additionalProperties": false }, "skipRedirectFromBackend": { "default": false, "description": "SkipRedirectFromBackend indicates whether traffic matching RedirectFrontend\nfrom RedirectBackend should skip redirection, and hence the traffic will\nbe forwarded as-is.\n\nThe default is false which means traffic matching RedirectFrontend will\nget redirected from all pods, including the RedirectBackend(s).\n\nExample: If RedirectFrontend is configured to \"169.254.169.254:80\" as the traffic\nthat needs to be redirected to backends selected by RedirectBackend, if\nSkipRedirectFromBackend is set to true, traffic going to \"169.254.169.254:80\"\nfrom such backends will not be redirected back to the backends. Instead,\nthe matched traffic from the backends will be forwarded to the original\ndestination \"169.254.169.254:80\".", "type": "boolean", "x-kubernetes-validations": [ { "message": "skipRedirectFromBackend is immutable", "rule": "self == oldSelf" } ] } }, "required": [ "redirectBackend", "redirectFrontend" ], "type": "object", "additionalProperties": false }, "status": { "description": "Status is the most recent status of the local redirect policy.\nIt is a read-only field.", "properties": { "ok": { "type": "boolean" } }, "type": "object", "additionalProperties": false } }, "required": [ "metadata" ], "type": "object" }