Skip to content

Commit

Permalink
Add encapsulation flag to IPsecConfig struct
Browse files Browse the repository at this point in the history 
Signed-off-by: Michael Cambria <[email protected]>
Signed-off-by: Periyasamy Palanisamy <[email protected]>
  • Loading branch information
@mccv1r0 @pperiyasamy
mccv1r0 authored and pperiyasamy committed Nov 6, 2024
1 parent dfe4d9f commit 870a601
Show file tree
Hide file tree
Showing 12 changed files with 75 additions and 1 deletion.
7 changes: 7 additions & 0 deletions openapi/generated_openapi/zz_generated.openapi.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

4 changes: 4 additions & 0 deletions openapi/openapi.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27949,6 +27949,10 @@
"com.github.openshift.api.operator.v1.IPsecConfig": {
"type": "object",
"properties": {
"encapsulation": {
"description": "encapsulation uses rfc3949 encapsulation of IKE and IPsec encryption packets This is applicable only when mode is set to Full. Default is false.",
"type": "boolean"
},
"mode": {
"description": "mode defines the behaviour of the ipsec configuration within the platform. Valid values are `Disabled`, `External` and `Full`. When 'Disabled', ipsec will not be enabled at the node level. When 'External', ipsec is enabled on the node level but requires the user to configure the secure communication parameters. This mode is for external secure communications and the configuration can be done using the k8s-nmstate operator. When 'Full', ipsec is configured on the node level and inter-pod secure communication within the cluster is configured. Note with `Full`, if ipsec is desired for communication with external (to the cluster) entities (such as storage arrays), this is left to the user to configure.",
"type": "string"
Expand Down
6 changes: 6 additions & 0 deletions operator/v1/types_network.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -562,6 +562,12 @@ type IPsecConfig struct {
// +kubebuilder:validation:Enum=Disabled;External;Full
// +optional
Mode IPsecMode `json:"mode,omitempty"`
// encapsulation uses rfc3949 encapsulation of IKE and IPsec encryption packets
// This is applicable only when mode is set to Full.
// Default is false.
// +optional
// +kubebuilder:default:=false
Encapsulation bool `json:"encapsulation,omitempty"`
}

type IPForwardingMode string
Expand Down
7 changes: 7 additions & 0 deletions operator/v1/zz_generated.crd-manifests/0000_70_network_01_networks-CustomNoUpgrade.crd.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -412,6 +412,13 @@ spec:
ipsecConfig enables and configures IPsec for pods on the pod network within the
cluster.
properties:
encapsulation:
default: false
description: |-
encapsulation uses rfc3949 encapsulation of IKE and IPsec encryption packets
This is applicable only when mode is set to Full.
Default is false.
type: boolean
mode:
description: |-
mode defines the behaviour of the ipsec configuration within the platform.
Expand Down
7 changes: 7 additions & 0 deletions operator/v1/zz_generated.crd-manifests/0000_70_network_01_networks-Default.crd.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -379,6 +379,13 @@ spec:
ipsecConfig enables and configures IPsec for pods on the pod network within the
cluster.
properties:
encapsulation:
default: false
description: |-
encapsulation uses rfc3949 encapsulation of IKE and IPsec encryption packets
This is applicable only when mode is set to Full.
Default is false.
type: boolean
mode:
description: |-
mode defines the behaviour of the ipsec configuration within the platform.
Expand Down
7 changes: 7 additions & 0 deletions ...or/v1/zz_generated.crd-manifests/0000_70_network_01_networks-DevPreviewNoUpgrade.crd.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -412,6 +412,13 @@ spec:
ipsecConfig enables and configures IPsec for pods on the pod network within the
cluster.
properties:
encapsulation:
default: false
description: |-
encapsulation uses rfc3949 encapsulation of IKE and IPsec encryption packets
This is applicable only when mode is set to Full.
Default is false.
type: boolean
mode:
description: |-
mode defines the behaviour of the ipsec configuration within the platform.
Expand Down
7 changes: 7 additions & 0 deletions ...r/v1/zz_generated.crd-manifests/0000_70_network_01_networks-TechPreviewNoUpgrade.crd.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -412,6 +412,13 @@ spec:
ipsecConfig enables and configures IPsec for pods on the pod network within the
cluster.
properties:
encapsulation:
default: false
description: |-
encapsulation uses rfc3949 encapsulation of IKE and IPsec encryption packets
This is applicable only when mode is set to Full.
Default is false.
type: boolean
mode:
description: |-
mode defines the behaviour of the ipsec configuration within the platform.
Expand Down
7 changes: 7 additions & 0 deletions ...1/zz_generated.featuregated-crd-manifests/networks.operator.openshift.io/AAA_ungated.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -379,6 +379,13 @@ spec:
ipsecConfig enables and configures IPsec for pods on the pod network within the
cluster.
properties:
encapsulation:
default: false
description: |-
encapsulation uses rfc3949 encapsulation of IKE and IPsec encryption packets
This is applicable only when mode is set to Full.
Default is false.
type: boolean
mode:
description: |-
mode defines the behaviour of the ipsec configuration within the platform.
Expand Down
7 changes: 7 additions & 0 deletions ...turegated-crd-manifests/networks.operator.openshift.io/AdditionalRoutingCapabilities.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -412,6 +412,13 @@ spec:
ipsecConfig enables and configures IPsec for pods on the pod network within the
cluster.
properties:
encapsulation:
default: false
description: |-
encapsulation uses rfc3949 encapsulation of IKE and IPsec encryption packets
This is applicable only when mode is set to Full.
Default is false.
type: boolean
mode:
description: |-
mode defines the behaviour of the ipsec configuration within the platform.
Expand Down
7 changes: 7 additions & 0 deletions ...rated.featuregated-crd-manifests/networks.operator.openshift.io/NetworkLiveMigration.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -379,6 +379,13 @@ spec:
ipsecConfig enables and configures IPsec for pods on the pod network within the
cluster.
properties:
encapsulation:
default: false
description: |-
encapsulation uses rfc3949 encapsulation of IKE and IPsec encryption packets
This is applicable only when mode is set to Full.
Default is false.
type: boolean
mode:
description: |-
mode defines the behaviour of the ipsec configuration within the platform.
Expand Down
7 changes: 7 additions & 0 deletions ...erated.featuregated-crd-manifests/networks.operator.openshift.io/RouteAdvertisements.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -379,6 +379,13 @@ spec:
ipsecConfig enables and configures IPsec for pods on the pod network within the
cluster.
properties:
encapsulation:
default: false
description: |-
encapsulation uses rfc3949 encapsulation of IKE and IPsec encryption packets
This is applicable only when mode is set to Full.
Default is false.
type: boolean
mode:
description: |-
mode defines the behaviour of the ipsec configuration within the platform.
Expand Down
3 changes: 2 additions & 1 deletion operator/v1/zz_generated.swagger_doc_generated.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

0 comments on commit 870a601

Please sign in to comment.