openshift-docs/rest_api/network_apis/network-apis-index.adoc

// Automatically generated by 'openshift-apidocs-gen'. Do not edit.
:_mod-docs-content-type: ASSEMBLY
[id="network-apis"]
= Network APIs
:toc: macro
:toc-title:

toc::[]

== ClusterUserDefinedNetwork [k8s.ovn.org/v1]

Description::
+
--
ClusterUserDefinedNetwork describe network request for a shared network across namespaces.
--

Type::
  `object`

== AdminNetworkPolicy [policy.networking.k8s.io/v1alpha1]

Description::
+
--
AdminNetworkPolicy is  a cluster level resource that is part of the
AdminNetworkPolicy API.
--

Type::
  `object`

== AdminPolicyBasedExternalRoute [k8s.ovn.org/v1]

Description::
+
--
AdminPolicyBasedExternalRoute is a CRD allowing the cluster administrators to configure policies for external gateway IPs to be applied to all the pods contained in selected namespaces. Egress traffic from the pods that belong to the selected namespaces to outside the cluster is routed through these external gateway IPs.
--

Type::
  `object`

== BaselineAdminNetworkPolicy [policy.networking.k8s.io/v1alpha1]

Description::
+
--
BaselineAdminNetworkPolicy is a cluster level resource that is part of the
AdminNetworkPolicy API.
--

Type::
  `object`

== CloudPrivateIPConfig [cloud.network.openshift.io/v1]

Description::
+
--
CloudPrivateIPConfig performs an assignment of a private IP address to the
primary NIC associated with cloud VMs. This is done by specifying the IP and
Kubernetes node which the IP should be assigned to. This CRD is intended to
be used by the network plugin which manages the cluster network. The spec
side represents the desired state requested by the network plugin, and the
status side represents the current state that this CRD's controller has
executed. No users will have permission to modify it, and if a cluster-admin
decides to edit it for some reason, their changes will be overwritten the
next time the network plugin reconciles the object. Note: the CR's name
must specify the requested private IP address (can be IPv4 or IPv6).

Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
--

Type::
  `object`

== DNSNameResolver [network.openshift.io/v1alpha1]

Description::
+
--
DNSNameResolver stores the DNS name resolution information of a DNS name. It can be enabled by the TechPreviewNoUpgrade feature set.
It can also be enabled by the feature gate DNSNameResolver when using CustomNoUpgrade feature set.

Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.
--

Type::
  `object`

== EgressFirewall [k8s.ovn.org/v1]

Description::
+
--
EgressFirewall describes the current egress firewall for a Namespace.
Traffic from a pod to an IP address outside the cluster will be checked against
each EgressFirewallRule in the pod's namespace's EgressFirewall, in
order. If no rule matches (or no EgressFirewall is present) then the traffic
will be allowed by default.
--

Type::
  `object`

== EgressIP [k8s.ovn.org/v1]

Description::
+
--
EgressIP is a CRD allowing the user to define a fixed source IP for all egress traffic originating from any pods which match the EgressIP resource according to its spec definition.
--

Type::
  `object`

== EgressQoS [k8s.ovn.org/v1]

Description::
+
--
EgressQoS is a CRD that allows the user to define a DSCP value
for pods egress traffic on its namespace to specified CIDRs.
Traffic from these pods will be checked against each EgressQoSRule in
the namespace's EgressQoS, and if there is a match the traffic is marked
with the relevant DSCP value.
--

Type::
  `object`

== EgressService [k8s.ovn.org/v1]

Description::
+
--
EgressService is a CRD that allows the user to request that the source
IP of egress packets originating from all of the pods that are endpoints
of the corresponding LoadBalancer Service would be its ingress IP.
In addition, it allows the user to request that egress packets originating from
all of the pods that are endpoints of the LoadBalancer service would use a different
network than the main one.
--

Type::
  `object`

== Endpoints [v1]

Description::
+
--
Endpoints is a collection of endpoints that implement the actual service. Example:

	 Name: "mysvc",
	 Subsets: [
	   {
	     Addresses: [{"ip": "10.10.1.1"}, {"ip": "10.10.2.2"}],
	     Ports: [{"name": "a", "port": 8675}, {"name": "b", "port": 309}]
	   },
	   {
	     Addresses: [{"ip": "10.10.3.3"}],
	     Ports: [{"name": "a", "port": 93}, {"name": "b", "port": 76}]
	   },
	]

Endpoints is a legacy API and does not contain information about all Service features. Use discoveryv1.EndpointSlice for complete information about Service endpoints.

Deprecated: This API is deprecated in v1.33+. Use discoveryv1.EndpointSlice.
--

Type::
  `object`

== EndpointSlice [discovery.k8s.io/v1]

Description::
+
--
EndpointSlice represents a set of service endpoints. Most EndpointSlices are created by the EndpointSlice controller to represent the Pods selected by Service objects. For a given service there may be multiple EndpointSlice objects which must be joined to produce the full set of endpoints; you can find all of the slices for a given service by listing EndpointSlices in the service's namespace whose `kubernetes.io/service-name` label contains the service's name.
--

Type::
  `object`

== EgressRouter [network.operator.openshift.io/v1]

Description::
+
--
EgressRouter is a feature allowing the user to define an egress router
that acts as a bridge between pods and external systems. The egress router runs
a service that redirects egress traffic originating from a pod or a group of
pods to a remote external system or multiple destinations as per configuration.

It is consumed by the cluster-network-operator.
More specifically, given an EgressRouter CR with <name>, the CNO will create and manage:
- A service called <name>
- An egress pod called <name>
- A NAD called <name>

Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).

EgressRouter is a single egressrouter pod configuration object.
--

Type::
  `object`

== GRPCRoute [gateway.networking.k8s.io/v1]

Description::
+
--
GRPCRoute provides a way to route gRPC requests. This includes the capability
to match requests by hostname, gRPC service, gRPC method, or HTTP/2 header.
Filters can be used to specify additional processing steps. Backends specify
where matching requests will be routed.

GRPCRoute falls under extended support within the Gateway API. Within the
following specification, the word "MUST" indicates that an implementation
supporting GRPCRoute must conform to the indicated requirement, but an
implementation not supporting this route type need not follow the requirement
unless explicitly indicated.

Implementations supporting `GRPCRoute` with the `HTTPS` `ProtocolType` MUST
accept HTTP/2 connections without an initial upgrade from HTTP/1.1, i.e. via
ALPN. If the implementation does not support this, then it MUST set the
"Accepted" condition to "False" for the affected listener with a reason of
"UnsupportedProtocol".  Implementations MAY also accept HTTP/2 connections
with an upgrade from HTTP/1.

Implementations supporting `GRPCRoute` with the `HTTP` `ProtocolType` MUST
support HTTP/2 over cleartext TCP (h2c,
https://www.rfc-editor.org/rfc/rfc7540#section-3.1) without an initial
upgrade from HTTP/1.1, i.e. with prior knowledge
(https://www.rfc-editor.org/rfc/rfc7540#section-3.4). If the implementation
does not support this, then it MUST set the "Accepted" condition to "False"
for the affected listener with a reason of "UnsupportedProtocol".
Implementations MAY also accept HTTP/2 connections with an upgrade from
HTTP/1, i.e. without prior knowledge.
--

Type::
  `object`

== Gateway [gateway.networking.k8s.io/v1]

Description::
+
--
Gateway represents an instance of a service-traffic handling infrastructure
by binding Listeners to a set of IP addresses.
--

Type::
  `object`

== GatewayClass [gateway.networking.k8s.io/v1]

Description::
+
--
GatewayClass describes a class of Gateways available to the user for creating
Gateway resources.

It is recommended that this resource be used as a template for Gateways. This
means that a Gateway is based on the state of the GatewayClass at the time it
was created and changes to the GatewayClass or associated parameters are not
propagated down to existing Gateways. This recommendation is intended to
limit the blast radius of changes to GatewayClass or associated parameters.
If implementations choose to propagate GatewayClass changes to existing
Gateways, that MUST be clearly documented by the implementation.

Whenever one or more Gateways are using a GatewayClass, implementations SHOULD
add the `gateway-exists-finalizer.gateway.networking.k8s.io` finalizer on the
associated GatewayClass. This ensures that a GatewayClass associated with a
Gateway is not deleted while in use.

GatewayClass is a Cluster level resource.
--

Type::
  `object`

== HTTPRoute [gateway.networking.k8s.io/v1]

Description::
+
--
HTTPRoute provides a way to route HTTP requests. This includes the capability
to match requests by hostname, path, header, or query param. Filters can be
used to specify additional processing steps. Backends specify where matching
requests should be routed.
--

Type::
  `object`

== Ingress [networking.k8s.io/v1]

Description::
+
--
Ingress is a collection of rules that allow inbound connections to reach the endpoints defined by a backend. An Ingress can be configured to give services externally-reachable urls, load balance traffic, terminate SSL, offer name based virtual hosting etc.
--

Type::
  `object`

== IngressClass [networking.k8s.io/v1]

Description::
+
--
IngressClass represents the class of the Ingress, referenced by the Ingress Spec. The `ingressclass.kubernetes.io/is-default-class` annotation can be used to indicate that an IngressClass should be considered default. When a single IngressClass resource has this annotation set to true, new Ingress resources without a class specified will be assigned this default class.
--

Type::
  `object`

== IPAddress [networking.k8s.io/v1]

Description::
+
--
IPAddress represents a single IP of a single IP Family. The object is designed to be used by APIs that operate on IP addresses. The object is used by the Service core API for allocation of IP addresses. An IP address can be represented in different formats, to guarantee the uniqueness of the IP, the name of the object is the IP address in canonical format, four decimal digits separated by dots suppressing leading zeros for IPv4 and the representation defined by RFC 5952 for IPv6. Valid: 192.168.1.5 or 2001:db8::1 or 2001:db8:aaaa:bbbb:cccc:dddd:eeee:1 Invalid: 10.01.2.3 or 2001:db8:0:0:0::1
--

Type::
  `object`

== IPAMClaim [k8s.cni.cncf.io/v1alpha1]

Description::
+
--
IPAMClaim is the Schema for the IPAMClaim API
--

Type::
  `object`

== IPPool [whereabouts.cni.cncf.io/v1alpha1]

Description::
+
--
IPPool is the Schema for the ippools API
--

Type::
  `object`

== MultiNetworkPolicy [k8s.cni.cncf.io/v1beta1]

Description::
+
--
MultiNetworkPolicy is a CRD schema to provide NetworkPolicy mechanism for net-attach-def which is specified by the Network Plumbing Working Group. MultiNetworkPolicy is identical to Kubernetes NetworkPolicy, See: https://kubernetes.io/docs/concepts/services-networking/network-policies/ .
--

Type::
  `object`

== NetworkAttachmentDefinition [k8s.cni.cncf.io/v1]

Description::
+
--
NetworkAttachmentDefinition is a CRD schema specified by the Network Plumbing Working Group to express the intent for attaching pods to one or more logical or physical networks. More information available at: https://github.com/k8snetworkplumbingwg/multi-net-spec
--

Type::
  `object`

== NetworkPolicy [networking.k8s.io/v1]

Description::
+
--
NetworkPolicy describes what network traffic is allowed for a set of Pods
--

Type::
  `object`

== NodeSlicePool [whereabouts.cni.cncf.io/v1alpha1]

Description::
+
--
NodeSlicePool is the Schema for the nodesliceippools API
--

Type::
  `object`

== OverlappingRangeIPReservation [whereabouts.cni.cncf.io/v1alpha1]

Description::
+
--
OverlappingRangeIPReservation is the Schema for the OverlappingRangeIPReservations API
--

Type::
  `object`

== PodNetworkConnectivityCheck [controlplane.operator.openshift.io/v1alpha1]

Description::
+
--
PodNetworkConnectivityCheck

Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.
--

Type::
  `object`

== ReferenceGrant [gateway.networking.k8s.io/v1beta1]

Description::
+
--
ReferenceGrant identifies kinds of resources in other namespaces that are
trusted to reference the specified kinds of resources in the same namespace
as the policy.

Each ReferenceGrant can be used to represent a unique trust relationship.
Additional Reference Grants can be used to add to the set of trusted
sources of inbound references for the namespace they are defined within.

All cross-namespace references in Gateway API (with the exception of cross-namespace
Gateway-route attachment) require a ReferenceGrant.

ReferenceGrant is a form of runtime verification allowing users to assert
which cross-namespace object references are permitted. Implementations that
support ReferenceGrant MUST NOT permit cross-namespace references which have
no grant, and MUST respond to the removal of a grant by revoking the access
that the grant allowed.
--

Type::
  `object`

== Route [route.openshift.io/v1]

Description::
+
--
A route allows developers to expose services through an HTTP(S) aware load balancing and proxy layer via a public DNS entry. The route may further specify TLS options and a certificate, or specify a public CNAME that the router should also accept for HTTP and HTTPS traffic. An administrator typically configures their router to be visible outside the cluster firewall, and may also add additional security, caching, or traffic controls on the service content. Routers usually talk directly to the service endpoints.

Once a route is created, the `host` field may not be changed. Generally, routers use the oldest route with a given host when resolving conflicts.

Routers are subject to additional customization and may support additional controls via the annotations field.

Because administrators may configure multiple routers, the route status field is used to return information to clients about the names and states of the route under each router. If a client chooses a duplicate name, for instance, the route status conditions are used to indicate the route cannot be chosen.

To enable HTTP/2 ALPN on a route it requires a custom (non-wildcard) certificate. This prevents connection coalescing by clients, notably web browsers. We do not support HTTP/2 ALPN on routes that use the default certificate because of the risk of connection re-use/coalescing. Routes that do not have their own custom certificate will not be HTTP/2 ALPN-enabled on either the frontend or the backend.

Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
--

Type::
  `object`

== Service [v1]

Description::
+
--
Service is a named abstraction of software service (for example, mysql) consisting of local port (for example 3306) that the proxy listens on, and the selector that determines which pods will answer requests sent through the proxy.
--

Type::
  `object`

== ServiceCIDR [networking.k8s.io/v1]

Description::
+
--
ServiceCIDR defines a range of IP addresses using CIDR format (e.g. 192.168.0.0/24 or 2001:db2::/64). This range is used to allocate ClusterIPs to Service objects.
--

Type::
  `object`

== IPAddressClaim [ipam.cluster.x-k8s.io/v1beta1]

Description::
+
--
IPAddressClaim is the Schema for the ipaddressclaim API.
--

Type::
  `object`

== UserDefinedNetwork [k8s.ovn.org/v1]

Description::
+
--
UserDefinedNetwork describe network request for a Namespace.
--

Type::
  `object`