apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
kubectl.kubernetes.io/last-applied-configuration: '{"apiVersion":"apiextensions.k8s.io/v1","kind":"CustomResourceDefinition","metadata":{"annotations":{},"name":"hostendpoints.crd.projectcalico.org"},"spec":{"group":"crd.projectcalico.org","names":{"kind":"HostEndpoint","listKind":"HostEndpointList","plural":"hostendpoints","singular":"hostendpoint"},"scope":"Cluster","versions":[{"name":"v1","schema":{"openAPIV3Schema":{"properties":{"apiVersion":{"description":"APIVersion
defines the versioned schema of this representation of an object. Servers should
convert recognized schemas to the latest internal value, and may reject unrecognized
values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources","type":"string"},"kind":{"description":"Kind
is a string value representing the REST resource this object represents. Servers
may infer this from the endpoint the client submits requests to. Cannot be updated.
In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds","type":"string"},"metadata":{"type":"object"},"spec":{"description":"HostEndpointSpec
contains the specification for a HostEndpoint resource.","properties":{"expectedIPs":{"description":"The
expected IP addresses (IPv4 and IPv6) of the endpoint. If \"InterfaceName\"
is not present, Calico will look for an interface matching any of the IPs in
the list and apply policy to that. Note: \tWhen using the selector match criteria
in an ingress or egress security Policy \tor Profile, Calico converts the selector
into a set of IP addresses. For host \tendpoints, the ExpectedIPs field is used
for that purpose. (If only the interface \tname is specified, Calico does not
learn the IPs of the interface for use in match \tcriteria.)","items":{"type":"string"},"type":"array"},"interfaceName":{"description":"Either
\"*\", or the name of a specific Linux interface to apply policy to; or empty. \"*\"
indicates that this HostEndpoint governs all traffic to, from or through the
default network namespace of the host named by the \"Node\" field; entering
and leaving that namespace via any interface, including those from/to non-host-networked
local workloads. \n If InterfaceName is not \"*\", this HostEndpoint only governs
traffic that enters or leaves the host through the specific interface named
by InterfaceName, or - when InterfaceName is empty - through the specific interface
that has one of the IPs in ExpectedIPs. Therefore, when InterfaceName is empty,
at least one expected IP must be specified. Only external interfaces (such
as \"eth0\") are supported here; it isn''t possible for a HostEndpoint to protect
traffic through a specific local workload interface. \n Note: Only some kinds
of policy are implemented for \"*\" HostEndpoints; initially just pre-DNAT policy. Please
check Calico documentation for the latest position.","type":"string"},"node":{"description":"The
node name identifying the Calico node instance.","type":"string"},"ports":{"description":"Ports
contains the endpoint''s named ports, which may be referenced in security policy
rules.","items":{"properties":{"name":{"type":"string"},"port":{"type":"integer"},"protocol":{"anyOf":[{"type":"integer"},{"type":"string"}],"pattern":"^.*","x-kubernetes-int-or-string":true}},"required":["name","port","protocol"],"type":"object"},"type":"array"},"profiles":{"description":"A
list of identifiers of security Profile objects that apply to this endpoint.
Each profile is applied in the order that they appear in this list. Profile
rules are applied after the selector-based security policy.","items":{"type":"string"},"type":"array"}},"type":"object"}},"type":"object"}},"served":true,"storage":true}]},"status":{"acceptedNames":{"kind":"","plural":""},"conditions":[],"storedVersions":[]}}
'
creationTimestamp: '2021-08-30T18:56:44Z'
generation: 1
managedFields:
- apiVersion: apiextensions.k8s.io/v1
fieldsType: FieldsV1
fieldsV1:
f:status:
f:acceptedNames:
f:kind: {}
f:listKind: {}
f:plural: {}
f:singular: {}
f:conditions:
k:{"type":"Established"}:
.: {}
f:lastTransitionTime: {}
f:message: {}
f:reason: {}
f:status: {}
f:type: {}
k:{"type":"NamesAccepted"}:
.: {}
f:lastTransitionTime: {}
f:message: {}
f:reason: {}
f:status: {}
f:type: {}
manager: k3s
operation: Update
time: '2021-08-30T18:56:44Z'
- apiVersion: apiextensions.k8s.io/v1
fieldsType: FieldsV1
fieldsV1:
f:metadata:
f:annotations:
.: {}
f:kubectl.kubernetes.io/last-applied-configuration: {}
f:spec:
f:conversion:
.: {}
f:strategy: {}
f:group: {}
f:names:
f:kind: {}
f:listKind: {}
f:plural: {}
f:singular: {}
f:scope: {}
f:versions: {}
manager: kubectl-client-side-apply
operation: Update
time: '2021-08-30T18:56:44Z'
name: hostendpoints.crd.projectcalico.org
resourceVersion: '3243'
uid: 925d7692-142d-4943-a784-05c0f18469df
spec:
conversion:
strategy: None
group: crd.projectcalico.org
names:
kind: HostEndpoint
listKind: HostEndpointList
plural: hostendpoints
singular: hostendpoint
scope: Cluster
versions:
- name: v1
schema:
openAPIV3Schema:
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: HostEndpointSpec contains the specification for a HostEndpoint
resource.
properties:
expectedIPs:
description: "The expected IP addresses (IPv4 and IPv6) of the endpoint.\
\ If \"InterfaceName\" is not present, Calico will look for an interface\
\ matching any of the IPs in the list and apply policy to that.\
\ Note: \tWhen using the selector match criteria in an ingress or\
\ egress security Policy \tor Profile, Calico converts the selector\
\ into a set of IP addresses. For host \tendpoints, the ExpectedIPs\
\ field is used for that purpose. (If only the interface \tname\
\ is specified, Calico does not learn the IPs of the interface for\
\ use in match \tcriteria.)"
items:
type: string
type: array
interfaceName:
description: "Either \"*\", or the name of a specific Linux interface\
\ to apply policy to; or empty. \"*\" indicates that this HostEndpoint\
\ governs all traffic to, from or through the default network namespace\
\ of the host named by the \"Node\" field; entering and leaving\
\ that namespace via any interface, including those from/to non-host-networked\
\ local workloads. \n If InterfaceName is not \"*\", this HostEndpoint\
\ only governs traffic that enters or leaves the host through the\
\ specific interface named by InterfaceName, or - when InterfaceName\
\ is empty - through the specific interface that has one of the\
\ IPs in ExpectedIPs. Therefore, when InterfaceName is empty, at\
\ least one expected IP must be specified. Only external interfaces\
\ (such as \"eth0\") are supported here; it isn't possible for a\
\ HostEndpoint to protect traffic through a specific local workload\
\ interface. \n Note: Only some kinds of policy are implemented\
\ for \"*\" HostEndpoints; initially just pre-DNAT policy. Please\
\ check Calico documentation for the latest position."
type: string
node:
description: The node name identifying the Calico node instance.
type: string
ports:
description: Ports contains the endpoint's named ports, which may
be referenced in security policy rules.
items:
properties:
name:
type: string
port:
type: integer
protocol:
anyOf:
- type: integer
- type: string
pattern: ^.*
x-kubernetes-int-or-string: true
required:
- name
- port
- protocol
type: object
type: array
profiles:
description: A list of identifiers of security Profile objects that
apply to this endpoint. Each profile is applied in the order that
they appear in this list. Profile rules are applied after the selector-based
security policy.
items:
type: string
type: array
type: object
type: object
served: true
storage: true
status:
acceptedNames:
kind: HostEndpoint
listKind: HostEndpointList
plural: hostendpoints
singular: hostendpoint
conditions:
- lastTransitionTime: '2021-08-30T18:56:44Z'
message: no conflicts found
reason: NoConflicts
status: 'True'
type: NamesAccepted
- lastTransitionTime: '2021-08-30T18:56:44Z'
message: the initial names have been accepted
reason: InitialNamesAccepted
status: 'True'
type: Established
storedVersions:
- v1