diff --git a/docs/reference/EgressClusterPolicy.en.md b/docs/reference/EgressClusterPolicy.en.md index e5a82e8ad..27ac91efb 100644 --- a/docs/reference/EgressClusterPolicy.en.md +++ b/docs/reference/EgressClusterPolicy.en.md @@ -27,4 +27,37 @@ spec: - "fd00::92/128" ``` -1. The `namespaceSelector` uses a selector to select the list of matching namespaces. Within the selected namespace scope, use the `podSelector` to select the matching Pods, and then apply the Egress policy to these selected Pods. +## Definition + +### Metadata + +| Field | Description | Schema | Validation | +|-----------|--------------------------------------------|--------|------------| +| namespace | The namespace of the EgressPolicy resource | string | required | +| name | The name of the EgressPolicy resource | string | required | + +### Spec + +| Field | Description | Schema | Validation | Values | Default | +|-------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------|------------|---------------|---------| +| egressGatewayName | Reference to the EgressGateway to use | string | required | | | +| egressIP | Configuration for the egress IP settings | [egressIP](#egressIP) | optional | | | +| appliedTo | Selector for the Pods to which the EgressPolicy should be applied | [appliedTo](#appliedTo) | required | | | +| destSubnet | When accessing the subnets in this list, use the Egress IP. If `feature.clusterCIDR.autoDetect` was enabled during installation and `destSubnet` is not configured, then access to external networks outside the cluster will automatically use the Egress IP. | []string | optional | CIDR notation | | +| priority | Priority of the policy | integer | optional | | | + +#### egressIP + +| Field | Description | Schema | Validation | Values | Default | +|-----------|-----------------------------------------------------------------------------------------------------------|----------|------------|-------------|---------| +| ipv4 | Specific IPv4 address to use if defined | string | optional | valid IPv4 | | +| ipv6 | Specific IPv6 address to use if defined | string | optional | valid IPv6 | | +| useNodeIP | Flag to indicate if the Node IP should be used as the Egress IP when no specific IP address is defined | bool | optional | true/false | false | + +#### appliedTo + +| Field | Description | Schema | Validation | Values | Default | +|-------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------|------------|--------|---------| +| podSelector | Use Egress Policy on Pods Matched by Selector | map[string]string | optional | | | +| podSubnet | Use Egress Policy on Pods Matched by Subnet (Not Implemented) | []string | optional | CIDR | | +| namespaceSelector | The `namespaceSelector` uses a selector to select the list of matching namespaces. Within the selected namespace scope, use the `podSelector` to select the matching Pods, and then apply the Egress policy to these selected Pods. | | | | | diff --git a/docs/reference/EgressClusterPolicy.zh.md b/docs/reference/EgressClusterPolicy.zh.md index 0a3394557..340c9a456 100644 --- a/docs/reference/EgressClusterPolicy.zh.md +++ b/docs/reference/EgressClusterPolicy.zh.md @@ -33,4 +33,37 @@ status: node: egressgateway-worker ``` -1. `namespaceSelector` 使用 selector 选择匹配的命名空间列表。在选定的命名空间范围内,使用 `podSelector` 选择匹配的 Pod,然后对这些选中的 Pod 应用 Egress 策略。 +## 定义 + +### metadata + +| 字段 | 描述 | 数据类型 | 验证 | +|-----------|----------------------|------|----| +| namespace | EgressPolicy 资源的命名空间 | 字符串 | 必填 | +| name | EgressPolicy 资源的名称 | 字符串 | 必填 | + +### spec + +| 字段 | 描述 | 数据类型 | 验证 | 可选值 | 默认值 | +|-------------------|---------------------------------------------------------------------------------------------------------|-------------------------|----|----------|-----| +| egressGatewayName | 使用的 EgressGateway 的引用 | 字符串 | 必填 | | | +| egressIP | 出口 IP 设置的配置 | [egressIP](#egressIP) | 可选 | | | +| appliedTo | 应将 EgressPolicy 应用于哪些 Pods 的选择器 | [appliedTo](#appliedTo) | 必填 | | | +| destSubnet | 访问该列表的子网时使用 Egress IP,如果安装时开启了 `feature.clusterCIDR.autoDetect`,destSubnet 没设置时,则访问集群外网络自动使用 Egress IP。 | 字符串数组 | 可选 | CIDR 表示法 | | +| priority | 策略的优先级 | 整数 | 可选 | | | + +#### egressIP + +| 字段 | 描述 | 数据类型 | 验证 | 可选值 | 默认值 | +|-----------|---------------------------------------|--------|----|------------|-------| +| ipv4 | 如果定义,则使用特定的 IPv4 地址 | string | 可选 | 有效的 IPv4 | | +| ipv6 | 如果定义,则使用特定的 IPv6 地址 | string | 可选 | 有效的 IPv6 | | +| useNodeIP | 当没有定义特定的 IP 地址时,是否使用节点 IP 作为出口 IP 的标志 | bool | 可选 | true/false | false | + +#### appliedTo + +| 字段 | 描述 | 数据类型 | 验证 | 可选值 | 默认值 | +|-------------------|-------------------------------------------------------------------------------------------------------------|-------------------|----|------|-----| +| podSelector | 通过 Selector 匹配实施 Egress 策略 Pod | map[string]string | 可选 | | | +| podSubnet | 通过 Subnet 匹配实施 Egress 策略 Pod(未实现) | []string | 可选 | CIDR | | +| namespaceSelector | `namespaceSelector` 使用选择器来选择匹配的命名空间列表。在选定的命名空间范围内,使用 `podSelector` 选择匹配的 Pods,然后将 Egress 策略应用到这些选定的 Pods 上。 | | | | |