{ "$schema": "http://json-schema.org/draft-07/schema#", "properties": { "apiVersion": { "type": "string" }, "kind": { "type": "string" }, "metadata": { "type": "object" }, "spec": { "properties": { "egress": { "items": { "properties": { "action": { "enum": [ "Allow", "Deny" ], "type": "string" }, "name": { "maxLength": 100, "type": "string" }, "ports": { "items": { "maxProperties": 1, "minProperties": 1, "properties": { "namedPort": { "type": "string" }, "portNumber": { "properties": { "port": { "format": "int32", "maximum": 65535, "minimum": 1, "type": "integer" }, "protocol": { "default": "TCP", "type": "string" } }, "required": [ "port", "protocol" ], "type": "object" }, "portRange": { "properties": { "end": { "format": "int32", "maximum": 65535, "minimum": 1, "type": "integer" }, "protocol": { "default": "TCP", "type": "string" }, "start": { "format": "int32", "maximum": 65535, "minimum": 1, "type": "integer" } }, "required": [ "end", "start" ], "type": "object" } }, "type": "object" }, "maxItems": 100, "type": "array" }, "to": { "items": { "maxProperties": 1, "minProperties": 1, "properties": { "namespaces": { "properties": { "matchExpressions": { "items": { "properties": { "key": { "type": "string" }, "operator": { "type": "string" }, "values": { "items": { "type": "string" }, "type": "array" } }, "required": [ "key", "operator" ], "type": "object" }, "type": "array" }, "matchLabels": { "additionalProperties": { "type": "string" }, "type": "object" } }, "type": "object", "x-kubernetes-map-type": "atomic" }, "networks": { "items": { "maxLength": 43, "type": "string", "x-kubernetes-validations": [ { "message": "CIDR must be either an IPv4 or IPv6 address. IPv4 address embedded in IPv6 addresses are not supported", "rule": "self.contains(':') != self.contains('.')" } ] }, "maxItems": 25, "minItems": 1, "type": "array", "x-kubernetes-list-type": "set" }, "nodes": { "properties": { "matchExpressions": { "items": { "properties": { "key": { "type": "string" }, "operator": { "type": "string" }, "values": { "items": { "type": "string" }, "type": "array" } }, "required": [ "key", "operator" ], "type": "object" }, "type": "array" }, "matchLabels": { "additionalProperties": { "type": "string" }, "type": "object" } }, "type": "object", "x-kubernetes-map-type": "atomic" }, "pods": { "properties": { "namespaceSelector": { "properties": { "matchExpressions": { "items": { "properties": { "key": { "type": "string" }, "operator": { "type": "string" }, "values": { "items": { "type": "string" }, "type": "array" } }, "required": [ "key", "operator" ], "type": "object" }, "type": "array" }, "matchLabels": { "additionalProperties": { "type": "string" }, "type": "object" } }, "type": "object", "x-kubernetes-map-type": "atomic" }, "podSelector": { "properties": { "matchExpressions": { "items": { "properties": { "key": { "type": "string" }, "operator": { "type": "string" }, "values": { "items": { "type": "string" }, "type": "array" } }, "required": [ "key", "operator" ], "type": "object" }, "type": "array" }, "matchLabels": { "additionalProperties": { "type": "string" }, "type": "object" } }, "type": "object", "x-kubernetes-map-type": "atomic" } }, "required": [ "namespaceSelector", "podSelector" ], "type": "object" } }, "type": "object" }, "maxItems": 100, "minItems": 1, "type": "array" } }, "required": [ "action", "to" ], "type": "object", "x-kubernetes-validations": [ { "message": "networks/nodes peer cannot be set with namedPorts since there are no namedPorts for networks/nodes", "rule": "!(self.to.exists(peer, has(peer.networks) || has(peer.nodes)) && has(self.ports) && self.ports.exists(port, has(port.namedPort)))" } ] }, "maxItems": 100, "type": "array" }, "ingress": { "items": { "properties": { "action": { "enum": [ "Allow", "Deny" ], "type": "string" }, "from": { "items": { "maxProperties": 1, "minProperties": 1, "properties": { "namespaces": { "properties": { "matchExpressions": { "items": { "properties": { "key": { "type": "string" }, "operator": { "type": "string" }, "values": { "items": { "type": "string" }, "type": "array" } }, "required": [ "key", "operator" ], "type": "object" }, "type": "array" }, "matchLabels": { "additionalProperties": { "type": "string" }, "type": "object" } }, "type": "object", "x-kubernetes-map-type": "atomic" }, "pods": { "properties": { "namespaceSelector": { "properties": { "matchExpressions": { "items": { "properties": { "key": { "type": "string" }, "operator": { "type": "string" }, "values": { "items": { "type": "string" }, "type": "array" } }, "required": [ "key", "operator" ], "type": "object" }, "type": "array" }, "matchLabels": { "additionalProperties": { "type": "string" }, "type": "object" } }, "type": "object", "x-kubernetes-map-type": "atomic" }, "podSelector": { "properties": { "matchExpressions": { "items": { "properties": { "key": { "type": "string" }, "operator": { "type": "string" }, "values": { "items": { "type": "string" }, "type": "array" } }, "required": [ "key", "operator" ], "type": "object" }, "type": "array" }, "matchLabels": { "additionalProperties": { "type": "string" }, "type": "object" } }, "type": "object", "x-kubernetes-map-type": "atomic" } }, "required": [ "namespaceSelector", "podSelector" ], "type": "object" } }, "type": "object" }, "maxItems": 100, "minItems": 1, "type": "array" }, "name": { "maxLength": 100, "type": "string" }, "ports": { "items": { "maxProperties": 1, "minProperties": 1, "properties": { "namedPort": { "type": "string" }, "portNumber": { "properties": { "port": { "format": "int32", "maximum": 65535, "minimum": 1, "type": "integer" }, "protocol": { "default": "TCP", "type": "string" } }, "required": [ "port", "protocol" ], "type": "object" }, "portRange": { "properties": { "end": { "format": "int32", "maximum": 65535, "minimum": 1, "type": "integer" }, "protocol": { "default": "TCP", "type": "string" }, "start": { "format": "int32", "maximum": 65535, "minimum": 1, "type": "integer" } }, "required": [ "end", "start" ], "type": "object" } }, "type": "object" }, "maxItems": 100, "type": "array" } }, "required": [ "action", "from" ], "type": "object" }, "maxItems": 100, "type": "array" }, "subject": { "maxProperties": 1, "minProperties": 1, "properties": { "namespaces": { "properties": { "matchExpressions": { "items": { "properties": { "key": { "type": "string" }, "operator": { "type": "string" }, "values": { "items": { "type": "string" }, "type": "array" } }, "required": [ "key", "operator" ], "type": "object" }, "type": "array" }, "matchLabels": { "additionalProperties": { "type": "string" }, "type": "object" } }, "type": "object", "x-kubernetes-map-type": "atomic" }, "pods": { "properties": { "namespaceSelector": { "properties": { "matchExpressions": { "items": { "properties": { "key": { "type": "string" }, "operator": { "type": "string" }, "values": { "items": { "type": "string" }, "type": "array" } }, "required": [ "key", "operator" ], "type": "object" }, "type": "array" }, "matchLabels": { "additionalProperties": { "type": "string" }, "type": "object" } }, "type": "object", "x-kubernetes-map-type": "atomic" }, "podSelector": { "properties": { "matchExpressions": { "items": { "properties": { "key": { "type": "string" }, "operator": { "type": "string" }, "values": { "items": { "type": "string" }, "type": "array" } }, "required": [ "key", "operator" ], "type": "object" }, "type": "array" }, "matchLabels": { "additionalProperties": { "type": "string" }, "type": "object" } }, "type": "object", "x-kubernetes-map-type": "atomic" } }, "required": [ "namespaceSelector", "podSelector" ], "type": "object" } }, "type": "object" } }, "required": [ "subject" ], "type": "object" }, "status": { "properties": { "conditions": { "items": { "properties": { "lastTransitionTime": { "format": "date-time", "type": "string" }, "message": { "maxLength": 32768, "type": "string" }, "observedGeneration": { "format": "int64", "minimum": 0, "type": "integer" }, "reason": { "maxLength": 1024, "minLength": 1, "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$", "type": "string" }, "status": { "enum": [ "True", "False", "Unknown" ], "type": "string" }, "type": { "maxLength": 316, "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", "type": "string" } }, "required": [ "lastTransitionTime", "message", "reason", "status", "type" ], "type": "object" }, "type": "array", "x-kubernetes-list-map-keys": [ "type" ], "x-kubernetes-list-type": "map" } }, "required": [ "conditions" ], "type": "object" } }, "required": [ "metadata", "spec" ], "type": "object", "x-kubernetes-validations": [ { "message": "Only one baseline admin network policy with metadata.name=\"default\" can be created in the cluster", "rule": "self.metadata.name == 'default'" } ] }