Chapter 1. Network APIs
1.1. AdminPolicyBasedExternalRoute [k8s.ovn.org/v1]
- Description
- AdminPolicyBasedExternalRoute is a CRD allowing the cluster administrators to configure policies for external gateway IPs to be applied to all the pods contained in selected namespaces. Egress traffic from the pods that belong to the selected namespaces to outside the cluster is routed through these external gateway IPs.
- Type
-
object
1.2. CloudPrivateIPConfig [cloud.network.openshift.io/v1]
- Description
- CloudPrivateIPConfig performs an assignment of a private IP address to the primary NIC associated with cloud VMs. This is done by specifying the IP and Kubernetes node which the IP should be assigned to. This CRD is intended to be used by the network plugin which manages the cluster network. The spec side represents the desired state requested by the network plugin, and the status side represents the current state that this CRD’s controller has executed. No users will have permission to modify it, and if a cluster-admin decides to edit it for some reason, their changes will be overwritten the next time the network plugin reconciles the object. Note: the CR’s name must specify the requested private IP address (can be IPv4 or IPv6). Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
- Type
-
object
1.3. EgressFirewall [k8s.ovn.org/v1]
- Description
- EgressFirewall describes the current egress firewall for a Namespace. Traffic from a pod to an IP address outside the cluster will be checked against each EgressFirewallRule in the pod’s namespace’s EgressFirewall, in order. If no rule matches (or no EgressFirewall is present) then the traffic will be allowed by default.
- Type
-
object
1.4. EgressIP [k8s.ovn.org/v1]
- Description
- EgressIP is a CRD allowing the user to define a fixed source IP for all egress traffic originating from any pods which match the EgressIP resource according to its spec definition.
- Type
-
object
1.5. EgressQoS [k8s.ovn.org/v1]
- Description
- EgressQoS is a CRD that allows the user to define a DSCP value for pods egress traffic on its namespace to specified CIDRs. Traffic from these pods will be checked against each EgressQoSRule in the namespace’s EgressQoS, and if there is a match the traffic is marked with the relevant DSCP value.
- Type
-
object
1.6. EgressService [k8s.ovn.org/v1]
- Description
- EgressService is a CRD that allows the user to request that the source IP of egress packets originating from all of the pods that are endpoints of the corresponding LoadBalancer Service would be its ingress IP. In addition, it allows the user to request that egress packets originating from all of the pods that are endpoints of the LoadBalancer service would use a different network than the main one.
- Type
-
object
1.7. Endpoints [v1]
- Description
Endpoints is a collection of endpoints that implement the actual service. Example:
Name: "mysvc", Subsets: [ { Addresses: [{"ip": "10.10.1.1"}, {"ip": "10.10.2.2"}], Ports: [{"name": "a", "port": 8675}, {"name": "b", "port": 309}] }, { Addresses: [{"ip": "10.10.3.3"}], Ports: [{"name": "a", "port": 93}, {"name": "b", "port": 76}] }, ]
- Type
-
object
1.8. EndpointSlice [discovery.k8s.io/v1]
- Description
- EndpointSlice represents a subset of the endpoints that implement a service. For a given service there may be multiple EndpointSlice objects, selected by labels, which must be joined to produce the full set of endpoints.
- Type
-
object
1.9. EgressRouter [network.operator.openshift.io/v1]
- Description
- EgressRouter is a feature allowing the user to define an egress router that acts as a bridge between pods and external systems. The egress router runs a service that redirects egress traffic originating from a pod or a group of pods to a remote external system or multiple destinations as per configuration. It is consumed by the cluster-network-operator. More specifically, given an EgressRouter CR with <name>, the CNO will create and manage: - A service called <name> - An egress pod called <name> - A NAD called <name> Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). EgressRouter is a single egressrouter pod configuration object.
- Type
-
object
1.10. Ingress [networking.k8s.io/v1]
- Description
- Ingress is a collection of rules that allow inbound connections to reach the endpoints defined by a backend. An Ingress can be configured to give services externally-reachable urls, load balance traffic, terminate SSL, offer name based virtual hosting etc.
- Type
-
object
1.11. IngressClass [networking.k8s.io/v1]
- Description
-
IngressClass represents the class of the Ingress, referenced by the Ingress Spec. The
ingressclass.kubernetes.io/is-default-class
annotation can be used to indicate that an IngressClass should be considered default. When a single IngressClass resource has this annotation set to true, new Ingress resources without a class specified will be assigned this default class. - Type
-
object
1.12. IPPool [whereabouts.cni.cncf.io/v1alpha1]
- Description
- IPPool is the Schema for the ippools API
- Type
-
object
1.13. NetworkAttachmentDefinition [k8s.cni.cncf.io/v1]
- Description
- NetworkAttachmentDefinition is a CRD schema specified by the Network Plumbing Working Group to express the intent for attaching pods to one or more logical or physical networks. More information available at: https://github.com/k8snetworkplumbingwg/multi-net-spec
- Type
-
object
1.14. NetworkPolicy [networking.k8s.io/v1]
- Description
- NetworkPolicy describes what network traffic is allowed for a set of Pods
- Type
-
object
1.15. OverlappingRangeIPReservation [whereabouts.cni.cncf.io/v1alpha1]
- Description
- OverlappingRangeIPReservation is the Schema for the OverlappingRangeIPReservations API
- Type
-
object
1.16. PodNetworkConnectivityCheck [controlplane.operator.openshift.io/v1alpha1]
- Description
- PodNetworkConnectivityCheck Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.
- Type
-
object
1.17. Route [route.openshift.io/v1]
- Description
A route allows developers to expose services through an HTTP(S) aware load balancing and proxy layer via a public DNS entry. The route may further specify TLS options and a certificate, or specify a public CNAME that the router should also accept for HTTP and HTTPS traffic. An administrator typically configures their router to be visible outside the cluster firewall, and may also add additional security, caching, or traffic controls on the service content. Routers usually talk directly to the service endpoints.
Once a route is created, the
host
field may not be changed. Generally, routers use the oldest route with a given host when resolving conflicts.Routers are subject to additional customization and may support additional controls via the annotations field.
Because administrators may configure multiple routers, the route status field is used to return information to clients about the names and states of the route under each router. If a client chooses a duplicate name, for instance, the route status conditions are used to indicate the route cannot be chosen.
To enable HTTP/2 ALPN on a route it requires a custom (non-wildcard) certificate. This prevents connection coalescing by clients, notably web browsers. We do not support HTTP/2 ALPN on routes that use the default certificate because of the risk of connection re-use/coalescing. Routes that do not have their own custom certificate will not be HTTP/2 ALPN-enabled on either the frontend or the backend.
Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
- Type
-
object
1.18. Service [v1]
- Description
- Service is a named abstraction of software service (for example, mysql) consisting of local port (for example 3306) that the proxy listens on, and the selector that determines which pods will answer requests sent through the proxy.
- Type
-
object