cdk8s-plus-31 2.0.0

package/lib/job.js

@@ -0,0 +1,54 @@
+"use strict";
+var _a;
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.Job = void 0;
+const JSII_RTTI_SYMBOL_1 = Symbol.for("jsii.rtti");
+const cdk8s_1 = require("cdk8s");
+const k8s = require("./imports/k8s");
+const pod = require("./pod");
+const workload = require("./workload");
+/**
+ * A Job creates one or more Pods and ensures that a specified number of them successfully terminate. As pods successfully complete,
+ * the Job tracks the successful completions. When a specified number of successful completions is reached, the task (ie, Job) is complete.
+ * Deleting a Job will clean up the Pods it created. A simple case is to create one Job object in order to reliably run one Pod to completion.
+ * The Job object will start a new Pod if the first Pod fails or is deleted (for example due to a node hardware failure or a node reboot).
+ * You can also use a Job to run multiple Pods in parallel.
+ */
+class Job extends workload.Workload {
+    constructor(scope, id, props = {}) {
+        super(scope, id, {
+            restartPolicy: pod.RestartPolicy.NEVER,
+            select: false,
+            ...props,
+        });
+        this.resourceType = 'jobs';
+        this.apiObject = new k8s.KubeJob(this, 'Resource', {
+            metadata: props.metadata,
+            spec: cdk8s_1.Lazy.any({ produce: () => this._toKube() }),
+        });
+        this.activeDeadline = props.activeDeadline;
+        this.backoffLimit = props.backoffLimit;
+        this.ttlAfterFinished = props.ttlAfterFinished;
+        if (this.isolate) {
+            this.connections.isolate();
+        }
+    }
+    /**
+     * @internal
+     */
+    _toKube() {
+        return {
+            template: {
+                metadata: this.podMetadata.toJson(),
+                spec: this._toPodSpec(),
+            },
+            activeDeadlineSeconds: this.activeDeadline?.toSeconds(),
+            backoffLimit: this.backoffLimit,
+            ttlSecondsAfterFinished: this.ttlAfterFinished ? this.ttlAfterFinished.toSeconds() : undefined,
+        };
+    }
+}
+exports.Job = Job;
+_a = JSII_RTTI_SYMBOL_1;
+Job[_a] = { fqn: "cdk8s-plus-31.Job", version: "2.0.0" };
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiam9iLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vc3JjL2pvYi50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7OztBQUFBLGlDQUFrRDtBQUVsRCxxQ0FBcUM7QUFDckMsNkJBQTZCO0FBQzdCLHVDQUF1QztBQW9DdkM7Ozs7OztHQU1HO0FBQ0gsTUFBYSxHQUFJLFNBQVEsUUFBUSxDQUFDLFFBQVE7SUF3QnhDLFlBQVksS0FBZ0IsRUFBRSxFQUFVLEVBQUUsUUFBa0IsRUFBRTtRQUM1RCxLQUFLLENBQUMsS0FBSyxFQUFFLEVBQUUsRUFBRTtZQUNmLGFBQWEsRUFBRSxHQUFHLENBQUMsYUFBYSxDQUFDLEtBQUs7WUFDdEMsTUFBTSxFQUFFLEtBQUs7WUFDYixHQUFHLEtBQUs7U0FDVCxDQUFDLENBQUM7UUFQVyxpQkFBWSxHQUFHLE1BQU0sQ0FBQztRQVNwQyxJQUFJLENBQUMsU0FBUyxHQUFHLElBQUksR0FBRyxDQUFDLE9BQU8sQ0FBQyxJQUFJLEVBQUUsVUFBVSxFQUFFO1lBQ2pELFFBQVEsRUFBRSxLQUFLLENBQUMsUUFBUTtZQUN4QixJQUFJLEVBQUUsWUFBSSxDQUFDLEdBQUcsQ0FBQyxFQUFFLE9BQU8sRUFBRSxHQUFHLEVBQUUsQ0FBQyxJQUFJLENBQUMsT0FBTyxFQUFFLEVBQUUsQ0FBQztTQUNsRCxDQUFDLENBQUM7UUFFSCxJQUFJLENBQUMsY0FBYyxHQUFHLEtBQUssQ0FBQyxjQUFjLENBQUM7UUFDM0MsSUFBSSxDQUFDLFlBQVksR0FBRyxLQUFLLENBQUMsWUFBWSxDQUFDO1FBQ3ZDLElBQUksQ0FBQyxnQkFBZ0IsR0FBRyxLQUFLLENBQUMsZ0JBQWdCLENBQUM7UUFFL0MsSUFBSSxJQUFJLENBQUMsT0FBTyxFQUFFO1lBQ2hCLElBQUksQ0FBQyxXQUFXLENBQUMsT0FBTyxFQUFFLENBQUM7U0FDNUI7SUFDSCxDQUFDO0lBRUQ7O09BRUc7SUFDSSxPQUFPO1FBQ1osT0FBTztZQUNMLFFBQVEsRUFBRTtnQkFDUixRQUFRLEVBQUUsSUFBSSxDQUFDLFdBQVcsQ0FBQyxNQUFNLEVBQUU7Z0JBQ25DLElBQUksRUFBRSxJQUFJLENBQUMsVUFBVSxFQUFFO2FBQ3hCO1lBQ0QscUJBQXFCLEVBQUUsSUFBSSxDQUFDLGNBQWMsRUFBRSxTQUFTLEVBQUU7WUFDdkQsWUFBWSxFQUFFLElBQUksQ0FBQyxZQUFZO1lBQy9CLHVCQUF1QixFQUFFLElBQUksQ0FBQyxnQkFBZ0IsQ0FBQyxDQUFDLENBQUMsSUFBSSxDQUFDLGdCQUFnQixDQUFDLFNBQVMsRUFBRSxDQUFDLENBQUMsQ0FBQyxTQUFTO1NBQy9GLENBQUM7SUFDSixDQUFDOztBQTFESCxrQkE0REMiLCJzb3VyY2VzQ29udGVudCI6WyJpbXBvcnQgeyBBcGlPYmplY3QsIExhenksIER1cmF0aW9uIH0gZnJvbSAnY2RrOHMnO1xuaW1wb3J0IHsgQ29uc3RydWN0IH0gZnJvbSAnY29uc3RydWN0cyc7XG5pbXBvcnQgKiBhcyBrOHMgZnJvbSAnLi9pbXBvcnRzL2s4cyc7XG5pbXBvcnQgKiBhcyBwb2QgZnJvbSAnLi9wb2QnO1xuaW1wb3J0ICogYXMgd29ya2xvYWQgZnJvbSAnLi93b3JrbG9hZCc7XG5cbi8qKlxuICogUHJvcGVydGllcyBmb3IgYEpvYmAuXG4gKi9cbmV4cG9ydCBpbnRlcmZhY2UgSm9iUHJvcHMgZXh0ZW5kcyB3b3JrbG9hZC5Xb3JrbG9hZFByb3BzIHtcblxuICAvKipcbiAgICogU3BlY2lmaWVzIHRoZSBkdXJhdGlvbiB0aGUgam9iIG1heSBiZSBhY3RpdmUgYmVmb3JlIHRoZSBzeXN0ZW0gdHJpZXMgdG8gdGVybWluYXRlIGl0LlxuICAgKlxuICAgKiBAZGVmYXVsdCAtIElmIHVuc2V0LCB0aGVuIHRoZXJlIGlzIG5vIGRlYWRsaW5lLlxuICAgKi9cbiAgcmVhZG9ubHkgYWN0aXZlRGVhZGxpbmU/OiBEdXJhdGlvbjtcblxuICAvKipcbiAgICogU3BlY2lmaWVzIHRoZSBudW1iZXIgb2YgcmV0cmllcyBiZWZvcmUgbWFya2luZyB0aGlzIGpvYiBmYWlsZWQuXG4gICAqXG4gICAqIEBkZWZhdWx0IC0gSWYgbm90IHNldCwgc3lzdGVtIGRlZmF1bHRzIHRvIDYuXG4gICAqL1xuICByZWFkb25seSBiYWNrb2ZmTGltaXQ/OiBudW1iZXI7XG5cbiAgLyoqXG4gICAqIExpbWl0cyB0aGUgbGlmZXRpbWUgb2YgYSBKb2IgdGhhdCBoYXMgZmluaXNoZWQgZXhlY3V0aW9uIChlaXRoZXIgQ29tcGxldGVcbiAgICogb3IgRmFpbGVkKS4gSWYgdGhpcyBmaWVsZCBpcyBzZXQsIGFmdGVyIHRoZSBKb2IgZmluaXNoZXMsIGl0IGlzIGVsaWdpYmxlIHRvXG4gICAqIGJlIGF1dG9tYXRpY2FsbHkgZGVsZXRlZC4gV2hlbiB0aGUgSm9iIGlzIGJlaW5nIGRlbGV0ZWQsIGl0cyBsaWZlY3ljbGVcbiAgICogZ3VhcmFudGVlcyAoZS5nLiBmaW5hbGl6ZXJzKSB3aWxsIGJlIGhvbm9yZWQuIElmIHRoaXMgZmllbGQgaXMgc2V0IHRvIHplcm8sXG4gICAqIHRoZSBKb2IgYmVjb21lcyBlbGlnaWJsZSB0byBiZSBkZWxldGVkIGltbWVkaWF0ZWx5IGFmdGVyIGl0IGZpbmlzaGVzLiBUaGlzXG4gICAqIGZpZWxkIGlzIGFscGhhLWxldmVsIGFuZCBpcyBvbmx5IGhvbm9yZWQgYnkgc2VydmVycyB0aGF0IGVuYWJsZSB0aGVcbiAgICogYFRUTEFmdGVyRmluaXNoZWRgIGZlYXR1cmUuXG4gICAqXG4gICAqIEBkZWZhdWx0IC0gSWYgdGhpcyBmaWVsZCBpcyB1bnNldCwgdGhlIEpvYiB3b24ndCBiZSBhdXRvbWF0aWNhbGx5IGRlbGV0ZWQuXG4gICAqL1xuICByZWFkb25seSB0dGxBZnRlckZpbmlzaGVkPzogRHVyYXRpb247XG5cbn1cblxuLyoqXG4gKiBBIEpvYiBjcmVhdGVzIG9uZSBvciBtb3JlIFBvZHMgYW5kIGVuc3VyZXMgdGhhdCBhIHNwZWNpZmllZCBudW1iZXIgb2YgdGhlbSBzdWNjZXNzZnVsbHkgdGVybWluYXRlLiBBcyBwb2RzIHN1Y2Nlc3NmdWxseSBjb21wbGV0ZSxcbiAqIHRoZSBKb2IgdHJhY2tzIHRoZSBzdWNjZXNzZnVsIGNvbXBsZXRpb25zLiBXaGVuIGEgc3BlY2lmaWVkIG51bWJlciBvZiBzdWNjZXNzZnVsIGNvbXBsZXRpb25zIGlzIHJlYWNoZWQsIHRoZSB0YXNrIChpZSwgSm9iKSBpcyBjb21wbGV0ZS5cbiAqIERlbGV0aW5nIGEgSm9iIHdpbGwgY2xlYW4gdXAgdGhlIFBvZHMgaXQgY3JlYXRlZC4gQSBzaW1wbGUgY2FzZSBpcyB0byBjcmVhdGUgb25lIEpvYiBvYmplY3QgaW4gb3JkZXIgdG8gcmVsaWFibHkgcnVuIG9uZSBQb2QgdG8gY29tcGxldGlvbi5cbiAqIFRoZSBKb2Igb2JqZWN0IHdpbGwgc3RhcnQgYSBuZXcgUG9kIGlmIHRoZSBmaXJzdCBQb2QgZmFpbHMgb3IgaXMgZGVsZXRlZCAoZm9yIGV4YW1wbGUgZHVlIHRvIGEgbm9kZSBoYXJkd2FyZSBmYWlsdXJlIG9yIGEgbm9kZSByZWJvb3QpLlxuICogWW91IGNhbiBhbHNvIHVzZSBhIEpvYiB0byBydW4gbXVsdGlwbGUgUG9kcyBpbiBwYXJhbGxlbC5cbiAqL1xuZXhwb3J0IGNsYXNzIEpvYiBleHRlbmRzIHdvcmtsb2FkLldvcmtsb2FkIHtcblxuICAvKipcbiAgICogRHVyYXRpb24gYmVmb3JlIGpvYiBpcyB0ZXJtaW5hdGVkLiBJZiB1bmRlZmluZWQsIHRoZXJlIGlzIG5vIGRlYWRsaW5lLlxuICAgKi9cbiAgcHVibGljIHJlYWRvbmx5IGFjdGl2ZURlYWRsaW5lPzogRHVyYXRpb247XG5cbiAgLyoqXG4gICAqIE51bWJlciBvZiByZXRyaWVzIGJlZm9yZSBtYXJraW5nIGZhaWxlZC5cbiAgICovXG4gIHB1YmxpYyByZWFkb25seSBiYWNrb2ZmTGltaXQ/OiBudW1iZXI7XG5cbiAgLyoqXG4gICAqIFRUTCBiZWZvcmUgdGhlIGpvYiBpcyBkZWxldGVkIGFmdGVyIGl0IGlzIGZpbmlzaGVkLlxuICAgKi9cbiAgcHVibGljIHJlYWRvbmx5IHR0bEFmdGVyRmluaXNoZWQ/OiBEdXJhdGlvbjtcblxuICAvKipcbiAgICogQHNlZSBiYXNlLlJlc291cmNlLmFwaU9iamVjdFxuICAgKi9cbiAgcHJvdGVjdGVkIHJlYWRvbmx5IGFwaU9iamVjdDogQXBpT2JqZWN0O1xuXG4gIHB1YmxpYyByZWFkb25seSByZXNvdXJjZVR5cGUgPSAnam9icyc7XG5cbiAgY29uc3RydWN0b3Ioc2NvcGU6IENvbnN0cnVjdCwgaWQ6IHN0cmluZywgcHJvcHM6IEpvYlByb3BzID0ge30pIHtcbiAgICBzdXBlcihzY29wZSwgaWQsIHtcbiAgICAgIHJlc3RhcnRQb2xpY3k6IHBvZC5SZXN0YXJ0UG9saWN5Lk5FVkVSLFxuICAgICAgc2VsZWN0OiBmYWxzZSxcbiAgICAgIC4uLnByb3BzLFxuICAgIH0pO1xuXG4gICAgdGhpcy5hcGlPYmplY3QgPSBuZXcgazhzLkt1YmVKb2IodGhpcywgJ1Jlc291cmNlJywge1xuICAgICAgbWV0YWRhdGE6IHByb3BzLm1ldGFkYXRhLFxuICAgICAgc3BlYzogTGF6eS5hbnkoeyBwcm9kdWNlOiAoKSA9PiB0aGlzLl90b0t1YmUoKSB9KSxcbiAgICB9KTtcblxuICAgIHRoaXMuYWN0aXZlRGVhZGxpbmUgPSBwcm9wcy5hY3RpdmVEZWFkbGluZTtcbiAgICB0aGlzLmJhY2tvZmZMaW1pdCA9IHByb3BzLmJhY2tvZmZMaW1pdDtcbiAgICB0aGlzLnR0bEFmdGVyRmluaXNoZWQgPSBwcm9wcy50dGxBZnRlckZpbmlzaGVkO1xuXG4gICAgaWYgKHRoaXMuaXNvbGF0ZSkge1xuICAgICAgdGhpcy5jb25uZWN0aW9ucy5pc29sYXRlKCk7XG4gICAgfVxuICB9XG5cbiAgLyoqXG4gICAqIEBpbnRlcm5hbFxuICAgKi9cbiAgcHVibGljIF90b0t1YmUoKTogazhzLkpvYlNwZWMge1xuICAgIHJldHVybiB7XG4gICAgICB0ZW1wbGF0ZToge1xuICAgICAgICBtZXRhZGF0YTogdGhpcy5wb2RNZXRhZGF0YS50b0pzb24oKSxcbiAgICAgICAgc3BlYzogdGhpcy5fdG9Qb2RTcGVjKCksXG4gICAgICB9LFxuICAgICAgYWN0aXZlRGVhZGxpbmVTZWNvbmRzOiB0aGlzLmFjdGl2ZURlYWRsaW5lPy50b1NlY29uZHMoKSxcbiAgICAgIGJhY2tvZmZMaW1pdDogdGhpcy5iYWNrb2ZmTGltaXQsXG4gICAgICB0dGxTZWNvbmRzQWZ0ZXJGaW5pc2hlZDogdGhpcy50dGxBZnRlckZpbmlzaGVkID8gdGhpcy50dGxBZnRlckZpbmlzaGVkLnRvU2Vjb25kcygpIDogdW5kZWZpbmVkLFxuICAgIH07XG4gIH1cblxufVxuIl19

package/lib/namespace.d.ts

@@ -0,0 +1,128 @@
+import { ApiObject } from 'cdk8s';
+import { Construct, IConstruct } from 'constructs';
+import * as base from './base';
+import * as k8s from './imports/k8s';
+import * as networkpolicy from './network-policy';
+import * as pod from './pod';
+/**
+ * Configuration for selecting namespaces.
+ */
+export interface NamespaceSelectorConfig {
+    /**
+     * A selector to select namespaces by labels.
+     */
+    readonly labelSelector?: pod.LabelSelector;
+    /**
+     * A list of names to select namespaces by names.
+     */
+    readonly names?: string[];
+}
+/**
+ * Represents an object that can select namespaces.
+ */
+export interface INamespaceSelector extends IConstruct {
+    /**
+     * Return the configuration of this selector.
+     */
+    toNamespaceSelectorConfig(): NamespaceSelectorConfig;
+}
+/**
+ * Properties for `Namespace`.
+ */
+export interface NamespaceProps extends base.ResourceProps {
+}
+/**
+ * In Kubernetes, namespaces provides a mechanism for isolating groups of resources within a single cluster.
+ * Names of resources need to be unique within a namespace, but not across namespaces.
+ * Namespace-based scoping is applicable only for namespaced objects (e.g. Deployments, Services, etc) and
+ * not for cluster-wide objects (e.g. StorageClass, Nodes, PersistentVolumes, etc).
+ */
+export declare class Namespace extends base.Resource implements INamespaceSelector, networkpolicy.INetworkPolicyPeer {
+    /**
+     * @see https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/#automatic-labelling
+     */
+    static readonly NAME_LABEL = "kubernetes.io/metadata.name";
+    /**
+     * @see base.Resource.apiObject
+     */
+    protected readonly apiObject: ApiObject;
+    readonly resourceType: string;
+    private readonly _pods;
+    constructor(scope: Construct, id: string, props?: NamespaceProps);
+    /**
+     * @see INamespaceSelector.toNamespaceSelectorConfig()
+     */
+    toNamespaceSelectorConfig(): NamespaceSelectorConfig;
+    /**
+     * @see INetworkPolicyPeer.toNetworkPolicyPeerConfig()
+     */
+    toNetworkPolicyPeerConfig(): networkpolicy.NetworkPolicyPeerConfig;
+    /**
+     * @see INetworkPolicyPeer.toPodSelector()
+     */
+    toPodSelector(): pod.IPodSelector | undefined;
+    /**
+     * @internal
+     */
+    _toKube(): k8s.NamespaceSpec;
+}
+/**
+ * Options for `Namespaces.select`.
+ */
+export interface NamespacesSelectOptions {
+    /**
+     * Labels the namespaces must have.
+     * This is equivalent to using an 'Is' selector.
+     *
+     * @default - no strict labels requirements.
+     */
+    readonly labels?: {
+        [key: string]: string;
+    };
+    /**
+     * Namespaces must satisfy these selectors.
+     * The selectors query labels, just like the `labels` property, but they
+     * provide a more advanced matching mechanism.
+     *
+     * @default - no selector requirements.
+     */
+    readonly expressions?: pod.LabelExpression[];
+    /**
+     * Namespaces names must be one of these.
+     *
+     * @default - no name requirements.
+     */
+    readonly names?: string[];
+}
+/**
+ * Represents a group of namespaces.
+ */
+export declare class Namespaces extends Construct implements INamespaceSelector, networkpolicy.INetworkPolicyPeer {
+    private readonly expressions?;
+    private readonly names?;
+    private readonly labels?;
+    /**
+     * Select specific namespaces.
+     */
+    static select(scope: Construct, id: string, options: NamespacesSelectOptions): Namespaces;
+    /**
+     * Select all namespaces.
+     */
+    static all(scope: Construct, id: string): Namespaces;
+    private readonly _pods;
+    constructor(scope: Construct, id: string, expressions?: pod.LabelExpression[] | undefined, names?: string[] | undefined, labels?: {
+        [key: string]: string;
+    } | undefined);
+    /**
+     * @see INamespaceSelector.toNamespaceSelectorConfig()
+     */
+    toNamespaceSelectorConfig(): NamespaceSelectorConfig;
+    /**
+     * @see INetworkPolicyPeer.toNetworkPolicyPeerConfig()
+     */
+    toNetworkPolicyPeerConfig(): networkpolicy.NetworkPolicyPeerConfig;
+    /**
+     * @see INetworkPolicyPeer.toPodSelector()
+     */
+    toPodSelector(): pod.IPodSelector | undefined;
+}

package/lib/namespace.js

@@ -0,0 +1,109 @@
+"use strict";
+var _a, _b;
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.Namespaces = exports.Namespace = void 0;
+const JSII_RTTI_SYMBOL_1 = Symbol.for("jsii.rtti");
+const cdk8s_1 = require("cdk8s");
+const constructs_1 = require("constructs");
+const base = require("./base");
+const k8s = require("./imports/k8s");
+const pod = require("./pod");
+/**
+ * In Kubernetes, namespaces provides a mechanism for isolating groups of resources within a single cluster.
+ * Names of resources need to be unique within a namespace, but not across namespaces.
+ * Namespace-based scoping is applicable only for namespaced objects (e.g. Deployments, Services, etc) and
+ * not for cluster-wide objects (e.g. StorageClass, Nodes, PersistentVolumes, etc).
+ */
+class Namespace extends base.Resource {
+    constructor(scope, id, props = {}) {
+        super(scope, id);
+        this.resourceType = 'namespaces';
+        this.apiObject = new k8s.KubeNamespace(this, 'Resource', {
+            metadata: props.metadata,
+            spec: cdk8s_1.Lazy.any({ produce: () => this._toKube() }),
+        });
+        this._pods = pod.Pods.all(this, 'Pods', {
+            namespaces: Namespaces.select(this, 'Namespaces', { names: [this.name] }),
+        });
+    }
+    /**
+     * @see INamespaceSelector.toNamespaceSelectorConfig()
+     */
+    toNamespaceSelectorConfig() {
+        return { names: [this.name] };
+    }
+    /**
+     * @see INetworkPolicyPeer.toNetworkPolicyPeerConfig()
+     */
+    toNetworkPolicyPeerConfig() {
+        return this._pods.toNetworkPolicyPeerConfig();
+    }
+    /**
+     * @see INetworkPolicyPeer.toPodSelector()
+     */
+    toPodSelector() {
+        return this._pods.toPodSelector();
+    }
+    /**
+     * @internal
+     */
+    _toKube() {
+        return {};
+    }
+}
+exports.Namespace = Namespace;
+_a = JSII_RTTI_SYMBOL_1;
+Namespace[_a] = { fqn: "cdk8s-plus-31.Namespace", version: "2.0.0" };
+/**
+ * @see https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/#automatic-labelling
+ */
+Namespace.NAME_LABEL = 'kubernetes.io/metadata.name';
+/**
+ * Represents a group of namespaces.
+ */
+class Namespaces extends constructs_1.Construct {
+    constructor(scope, id, expressions, names, labels) {
+        super(scope, id);
+        this.expressions = expressions;
+        this.names = names;
+        this.labels = labels;
+        this._pods = pod.Pods.all(this, 'Pods', { namespaces: this });
+    }
+    /**
+     * Select specific namespaces.
+     */
+    static select(scope, id, options) {
+        return new Namespaces(scope, id, options.expressions, options.names, options.labels);
+    }
+    /**
+     * Select all namespaces.
+     */
+    static all(scope, id) {
+        return Namespaces.select(scope, id, { expressions: [], labels: {} });
+    }
+    /**
+     * @see INamespaceSelector.toNamespaceSelectorConfig()
+     */
+    toNamespaceSelectorConfig() {
+        return {
+            labelSelector: pod.LabelSelector.of({ expressions: this.expressions, labels: this.labels }),
+            names: this.names,
+        };
+    }
+    /**
+     * @see INetworkPolicyPeer.toNetworkPolicyPeerConfig()
+     */
+    toNetworkPolicyPeerConfig() {
+        return this._pods.toNetworkPolicyPeerConfig();
+    }
+    /**
+     * @see INetworkPolicyPeer.toPodSelector()
+     */
+    toPodSelector() {
+        return this._pods.toPodSelector();
+    }
+}
+exports.Namespaces = Namespaces;
+_b = JSII_RTTI_SYMBOL_1;
+Namespaces[_b] = { fqn: "cdk8s-plus-31.Namespaces", version: "2.0.0" };
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoibmFtZXNwYWNlLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vc3JjL25hbWVzcGFjZS50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7OztBQUFBLGlDQUF3QztBQUN4QywyQ0FBbUQ7QUFDbkQsK0JBQStCO0FBQy9CLHFDQUFxQztBQUVyQyw2QkFBNkI7QUFpQzdCOzs7OztHQUtHO0FBQ0gsTUFBYSxTQUFVLFNBQVEsSUFBSSxDQUFDLFFBQVE7SUFnQjFDLFlBQW1CLEtBQWdCLEVBQUUsRUFBVSxFQUFFLFFBQXdCLEVBQUU7UUFDekUsS0FBSyxDQUFDLEtBQUssRUFBRSxFQUFFLENBQUMsQ0FBQztRQUxILGlCQUFZLEdBQVcsWUFBWSxDQUFDO1FBT2xELElBQUksQ0FBQyxTQUFTLEdBQUcsSUFBSSxHQUFHLENBQUMsYUFBYSxDQUFDLElBQUksRUFBRSxVQUFVLEVBQUU7WUFDdkQsUUFBUSxFQUFFLEtBQUssQ0FBQyxRQUFRO1lBQ3hCLElBQUksRUFBRSxZQUFJLENBQUMsR0FBRyxDQUFDLEVBQUUsT0FBTyxFQUFFLEdBQUcsRUFBRSxDQUFDLElBQUksQ0FBQyxPQUFPLEVBQUUsRUFBRSxDQUFDO1NBQ2xELENBQUMsQ0FBQztRQUVILElBQUksQ0FBQyxLQUFLLEdBQUcsR0FBRyxDQUFDLElBQUksQ0FBQyxHQUFHLENBQUMsSUFBSSxFQUFFLE1BQU0sRUFBRTtZQUN0QyxVQUFVLEVBQUUsVUFBVSxDQUFDLE1BQU0sQ0FBQyxJQUFJLEVBQUUsWUFBWSxFQUFFLEVBQUUsS0FBSyxFQUFFLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxFQUFFLENBQUM7U0FDMUUsQ0FBQyxDQUFDO0lBRUwsQ0FBQztJQUVEOztPQUVHO0lBQ0kseUJBQXlCO1FBQzlCLE9BQU8sRUFBRSxLQUFLLEVBQUUsQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLEVBQUUsQ0FBQztJQUNoQyxDQUFDO0lBRUQ7O09BRUc7SUFDSSx5QkFBeUI7UUFDOUIsT0FBTyxJQUFJLENBQUMsS0FBSyxDQUFDLHlCQUF5QixFQUFFLENBQUM7SUFDaEQsQ0FBQztJQUVEOztPQUVHO0lBQ0ksYUFBYTtRQUNsQixPQUFPLElBQUksQ0FBQyxLQUFLLENBQUMsYUFBYSxFQUFFLENBQUM7SUFDcEMsQ0FBQztJQUVEOztPQUVHO0lBQ0ksT0FBTztRQUNaLE9BQU8sRUFBRSxDQUFDO0lBQ1osQ0FBQzs7QUF4REgsOEJBMERDOzs7QUF4REM7O0dBRUc7QUFDb0Isb0JBQVUsR0FBRyw2QkFBNkIsQ0FBQztBQXNGcEU7O0dBRUc7QUFDSCxNQUFhLFVBQVcsU0FBUSxzQkFBUztJQWtCdkMsWUFBWSxLQUFnQixFQUFFLEVBQVUsRUFDckIsV0FBbUMsRUFDbkMsS0FBZ0IsRUFDaEIsTUFBa0M7UUFDbkQsS0FBSyxDQUFDLEtBQUssRUFBRSxFQUFFLENBQUMsQ0FBQztRQUhBLGdCQUFXLEdBQVgsV0FBVyxDQUF3QjtRQUNuQyxVQUFLLEdBQUwsS0FBSyxDQUFXO1FBQ2hCLFdBQU0sR0FBTixNQUFNLENBQTRCO1FBR25ELElBQUksQ0FBQyxLQUFLLEdBQUcsR0FBRyxDQUFDLElBQUksQ0FBQyxHQUFHLENBQUMsSUFBSSxFQUFFLE1BQU0sRUFBRSxFQUFFLFVBQVUsRUFBRSxJQUFJLEVBQUUsQ0FBQyxDQUFDO0lBQ2hFLENBQUM7SUF2QkQ7O09BRUc7SUFDSSxNQUFNLENBQUMsTUFBTSxDQUFDLEtBQWdCLEVBQUUsRUFBVSxFQUFFLE9BQWdDO1FBQ2pGLE9BQU8sSUFBSSxVQUFVLENBQUMsS0FBSyxFQUFFLEVBQUUsRUFBRSxPQUFPLENBQUMsV0FBVyxFQUFFLE9BQU8sQ0FBQyxLQUFLLEVBQUUsT0FBTyxDQUFDLE1BQU0sQ0FBQyxDQUFDO0lBQ3ZGLENBQUM7SUFFRDs7T0FFRztJQUNJLE1BQU0sQ0FBQyxHQUFHLENBQUMsS0FBZ0IsRUFBRSxFQUFVO1FBQzVDLE9BQU8sVUFBVSxDQUFDLE1BQU0sQ0FBQyxLQUFLLEVBQUUsRUFBRSxFQUFFLEVBQUUsV0FBVyxFQUFFLEVBQUUsRUFBRSxNQUFNLEVBQUUsRUFBRSxFQUFFLENBQUMsQ0FBQztJQUN2RSxDQUFDO0lBYUQ7O09BRUc7SUFDSSx5QkFBeUI7UUFDOUIsT0FBTztZQUNMLGFBQWEsRUFBRSxHQUFHLENBQUMsYUFBYSxDQUFDLEVBQUUsQ0FBQyxFQUFFLFdBQVcsRUFBRSxJQUFJLENBQUMsV0FBVyxFQUFFLE1BQU0sRUFBRSxJQUFJLENBQUMsTUFBTSxFQUFFLENBQUU7WUFDNUYsS0FBSyxFQUFFLElBQUksQ0FBQyxLQUFLO1NBQ2xCLENBQUM7SUFDSixDQUFDO0lBRUQ7O09BRUc7SUFDSSx5QkFBeUI7UUFDOUIsT0FBTyxJQUFJLENBQUMsS0FBSyxDQUFDLHlCQUF5QixFQUFFLENBQUM7SUFDaEQsQ0FBQztJQUVEOztPQUVHO0lBQ0ksYUFBYTtRQUNsQixPQUFPLElBQUksQ0FBQyxLQUFLLENBQUMsYUFBYSxFQUFFLENBQUM7SUFDcEMsQ0FBQzs7QUFqREgsZ0NBbURDIiwic291cmNlc0NvbnRlbnQiOlsiaW1wb3J0IHsgQXBpT2JqZWN0LCBMYXp5IH0gZnJvbSAnY2RrOHMnO1xuaW1wb3J0IHsgQ29uc3RydWN0LCBJQ29uc3RydWN0IH0gZnJvbSAnY29uc3RydWN0cyc7XG5pbXBvcnQgKiBhcyBiYXNlIGZyb20gJy4vYmFzZSc7XG5pbXBvcnQgKiBhcyBrOHMgZnJvbSAnLi9pbXBvcnRzL2s4cyc7XG5pbXBvcnQgKiBhcyBuZXR3b3JrcG9saWN5IGZyb20gJy4vbmV0d29yay1wb2xpY3knO1xuaW1wb3J0ICogYXMgcG9kIGZyb20gJy4vcG9kJztcblxuLyoqXG4gKiBDb25maWd1cmF0aW9uIGZvciBzZWxlY3RpbmcgbmFtZXNwYWNlcy5cbiAqL1xuZXhwb3J0IGludGVyZmFjZSBOYW1lc3BhY2VTZWxlY3RvckNvbmZpZyB7XG5cbiAgLyoqXG4gICAqIEEgc2VsZWN0b3IgdG8gc2VsZWN0IG5hbWVzcGFjZXMgYnkgbGFiZWxzLlxuICAgKi9cbiAgcmVhZG9ubHkgbGFiZWxTZWxlY3Rvcj86IHBvZC5MYWJlbFNlbGVjdG9yO1xuXG4gIC8qKlxuICAgKiBBIGxpc3Qgb2YgbmFtZXMgdG8gc2VsZWN0IG5hbWVzcGFjZXMgYnkgbmFtZXMuXG4gICAqL1xuICByZWFkb25seSBuYW1lcz86IHN0cmluZ1tdO1xufVxuXG4vKipcbiAqIFJlcHJlc2VudHMgYW4gb2JqZWN0IHRoYXQgY2FuIHNlbGVjdCBuYW1lc3BhY2VzLlxuICovXG5leHBvcnQgaW50ZXJmYWNlIElOYW1lc3BhY2VTZWxlY3RvciBleHRlbmRzIElDb25zdHJ1Y3Qge1xuICAvKipcbiAgICogUmV0dXJuIHRoZSBjb25maWd1cmF0aW9uIG9mIHRoaXMgc2VsZWN0b3IuXG4gICAqL1xuICB0b05hbWVzcGFjZVNlbGVjdG9yQ29uZmlnKCk6IE5hbWVzcGFjZVNlbGVjdG9yQ29uZmlnO1xufVxuXG4vKipcbiAqIFByb3BlcnRpZXMgZm9yIGBOYW1lc3BhY2VgLlxuICovXG5leHBvcnQgaW50ZXJmYWNlIE5hbWVzcGFjZVByb3BzIGV4dGVuZHMgYmFzZS5SZXNvdXJjZVByb3BzIHt9XG5cbi8qKlxuICogSW4gS3ViZXJuZXRlcywgbmFtZXNwYWNlcyBwcm92aWRlcyBhIG1lY2hhbmlzbSBmb3IgaXNvbGF0aW5nIGdyb3VwcyBvZiByZXNvdXJjZXMgd2l0aGluIGEgc2luZ2xlIGNsdXN0ZXIuXG4gKiBOYW1lcyBvZiByZXNvdXJjZXMgbmVlZCB0byBiZSB1bmlxdWUgd2l0aGluIGEgbmFtZXNwYWNlLCBidXQgbm90IGFjcm9zcyBuYW1lc3BhY2VzLlxuICogTmFtZXNwYWNlLWJhc2VkIHNjb3BpbmcgaXMgYXBwbGljYWJsZSBvbmx5IGZvciBuYW1lc3BhY2VkIG9iamVjdHMgKGUuZy4gRGVwbG95bWVudHMsIFNlcnZpY2VzLCBldGMpIGFuZFxuICogbm90IGZvciBjbHVzdGVyLXdpZGUgb2JqZWN0cyAoZS5nLiBTdG9yYWdlQ2xhc3MsIE5vZGVzLCBQZXJzaXN0ZW50Vm9sdW1lcywgZXRjKS5cbiAqL1xuZXhwb3J0IGNsYXNzIE5hbWVzcGFjZSBleHRlbmRzIGJhc2UuUmVzb3VyY2UgaW1wbGVtZW50cyBJTmFtZXNwYWNlU2VsZWN0b3IsIG5ldHdvcmtwb2xpY3kuSU5ldHdvcmtQb2xpY3lQZWVyIHtcblxuICAvKipcbiAgICogQHNlZSBodHRwczovL2t1YmVybmV0ZXMuaW8vZG9jcy9jb25jZXB0cy9vdmVydmlldy93b3JraW5nLXdpdGgtb2JqZWN0cy9uYW1lc3BhY2VzLyNhdXRvbWF0aWMtbGFiZWxsaW5nXG4gICAqL1xuICBwdWJsaWMgc3RhdGljIHJlYWRvbmx5IE5BTUVfTEFCRUwgPSAna3ViZXJuZXRlcy5pby9tZXRhZGF0YS5uYW1lJztcblxuICAvKipcbiAgICogQHNlZSBiYXNlLlJlc291cmNlLmFwaU9iamVjdFxuICAgKi9cbiAgcHJvdGVjdGVkIHJlYWRvbmx5IGFwaU9iamVjdDogQXBpT2JqZWN0O1xuXG4gIHB1YmxpYyByZWFkb25seSByZXNvdXJjZVR5cGU6IHN0cmluZyA9ICduYW1lc3BhY2VzJztcblxuICBwcml2YXRlIHJlYWRvbmx5IF9wb2RzOiBwb2QuUG9kcztcblxuICBwdWJsaWMgY29uc3RydWN0b3Ioc2NvcGU6IENvbnN0cnVjdCwgaWQ6IHN0cmluZywgcHJvcHM6IE5hbWVzcGFjZVByb3BzID0ge30pIHtcbiAgICBzdXBlcihzY29wZSwgaWQpO1xuXG4gICAgdGhpcy5hcGlPYmplY3QgPSBuZXcgazhzLkt1YmVOYW1lc3BhY2UodGhpcywgJ1Jlc291cmNlJywge1xuICAgICAgbWV0YWRhdGE6IHByb3BzLm1ldGFkYXRhLFxuICAgICAgc3BlYzogTGF6eS5hbnkoeyBwcm9kdWNlOiAoKSA9PiB0aGlzLl90b0t1YmUoKSB9KSxcbiAgICB9KTtcblxuICAgIHRoaXMuX3BvZHMgPSBwb2QuUG9kcy5hbGwodGhpcywgJ1BvZHMnLCB7XG4gICAgICBuYW1lc3BhY2VzOiBOYW1lc3BhY2VzLnNlbGVjdCh0aGlzLCAnTmFtZXNwYWNlcycsIHsgbmFtZXM6IFt0aGlzLm5hbWVdIH0pLFxuICAgIH0pO1xuXG4gIH1cblxuICAvKipcbiAgICogQHNlZSBJTmFtZXNwYWNlU2VsZWN0b3IudG9OYW1lc3BhY2VTZWxlY3RvckNvbmZpZygpXG4gICAqL1xuICBwdWJsaWMgdG9OYW1lc3BhY2VTZWxlY3RvckNvbmZpZygpOiBOYW1lc3BhY2VTZWxlY3RvckNvbmZpZyB7XG4gICAgcmV0dXJuIHsgbmFtZXM6IFt0aGlzLm5hbWVdIH07XG4gIH1cblxuICAvKipcbiAgICogQHNlZSBJTmV0d29ya1BvbGljeVBlZXIudG9OZXR3b3JrUG9saWN5UGVlckNvbmZpZygpXG4gICAqL1xuICBwdWJsaWMgdG9OZXR3b3JrUG9saWN5UGVlckNvbmZpZygpOiBuZXR3b3JrcG9saWN5Lk5ldHdvcmtQb2xpY3lQZWVyQ29uZmlnIHtcbiAgICByZXR1cm4gdGhpcy5fcG9kcy50b05ldHdvcmtQb2xpY3lQZWVyQ29uZmlnKCk7XG4gIH1cblxuICAvKipcbiAgICogQHNlZSBJTmV0d29ya1BvbGljeVBlZXIudG9Qb2RTZWxlY3RvcigpXG4gICAqL1xuICBwdWJsaWMgdG9Qb2RTZWxlY3RvcigpOiBwb2QuSVBvZFNlbGVjdG9yIHwgdW5kZWZpbmVkIHtcbiAgICByZXR1cm4gdGhpcy5fcG9kcy50b1BvZFNlbGVjdG9yKCk7XG4gIH1cblxuICAvKipcbiAgICogQGludGVybmFsXG4gICAqL1xuICBwdWJsaWMgX3RvS3ViZSgpOiBrOHMuTmFtZXNwYWNlU3BlYyB7XG4gICAgcmV0dXJuIHt9O1xuICB9XG5cbn1cblxuLyoqXG4gKiBPcHRpb25zIGZvciBgTmFtZXNwYWNlcy5zZWxlY3RgLlxuICovXG5leHBvcnQgaW50ZXJmYWNlIE5hbWVzcGFjZXNTZWxlY3RPcHRpb25zIHtcblxuICAvKipcbiAgICogTGFiZWxzIHRoZSBuYW1lc3BhY2VzIG11c3QgaGF2ZS5cbiAgICogVGhpcyBpcyBlcXVpdmFsZW50IHRvIHVzaW5nIGFuICdJcycgc2VsZWN0b3IuXG4gICAqXG4gICAqIEBkZWZhdWx0IC0gbm8gc3RyaWN0IGxhYmVscyByZXF1aXJlbWVudHMuXG4gICAqL1xuICByZWFkb25seSBsYWJlbHM/OiB7IFtrZXk6IHN0cmluZ106IHN0cmluZyB9O1xuXG4gIC8qKlxuICAgKiBOYW1lc3BhY2VzIG11c3Qgc2F0aXNmeSB0aGVzZSBzZWxlY3RvcnMuXG4gICAqIFRoZSBzZWxlY3RvcnMgcXVlcnkgbGFiZWxzLCBqdXN0IGxpa2UgdGhlIGBsYWJlbHNgIHByb3BlcnR5LCBidXQgdGhleVxuICAgKiBwcm92aWRlIGEgbW9yZSBhZHZhbmNlZCBtYXRjaGluZyBtZWNoYW5pc20uXG4gICAqXG4gICAqIEBkZWZhdWx0IC0gbm8gc2VsZWN0b3IgcmVxdWlyZW1lbnRzLlxuICAgKi9cbiAgcmVhZG9ubHkgZXhwcmVzc2lvbnM/OiBwb2QuTGFiZWxFeHByZXNzaW9uW107XG5cbiAgLyoqXG4gICAqIE5hbWVzcGFjZXMgbmFtZXMgbXVzdCBiZSBvbmUgb2YgdGhlc2UuXG4gICAqXG4gICAqIEBkZWZhdWx0IC0gbm8gbmFtZSByZXF1aXJlbWVudHMuXG4gICAqL1xuICByZWFkb25seSBuYW1lcz86IHN0cmluZ1tdO1xuXG59XG5cbi8qKlxuICogUmVwcmVzZW50cyBhIGdyb3VwIG9mIG5hbWVzcGFjZXMuXG4gKi9cbmV4cG9ydCBjbGFzcyBOYW1lc3BhY2VzIGV4dGVuZHMgQ29uc3RydWN0IGltcGxlbWVudHMgSU5hbWVzcGFjZVNlbGVjdG9yLCBuZXR3b3JrcG9saWN5LklOZXR3b3JrUG9saWN5UGVlciB7XG5cbiAgLyoqXG4gICAqIFNlbGVjdCBzcGVjaWZpYyBuYW1lc3BhY2VzLlxuICAgKi9cbiAgcHVibGljIHN0YXRpYyBzZWxlY3Qoc2NvcGU6IENvbnN0cnVjdCwgaWQ6IHN0cmluZywgb3B0aW9uczogTmFtZXNwYWNlc1NlbGVjdE9wdGlvbnMpOiBOYW1lc3BhY2VzIHtcbiAgICByZXR1cm4gbmV3IE5hbWVzcGFjZXMoc2NvcGUsIGlkLCBvcHRpb25zLmV4cHJlc3Npb25zLCBvcHRpb25zLm5hbWVzLCBvcHRpb25zLmxhYmVscyk7XG4gIH1cblxuICAvKipcbiAgICogU2VsZWN0IGFsbCBuYW1lc3BhY2VzLlxuICAgKi9cbiAgcHVibGljIHN0YXRpYyBhbGwoc2NvcGU6IENvbnN0cnVjdCwgaWQ6IHN0cmluZyk6IE5hbWVzcGFjZXMge1xuICAgIHJldHVybiBOYW1lc3BhY2VzLnNlbGVjdChzY29wZSwgaWQsIHsgZXhwcmVzc2lvbnM6IFtdLCBsYWJlbHM6IHt9IH0pO1xuICB9XG5cbiAgcHJpdmF0ZSByZWFkb25seSBfcG9kczogcG9kLlBvZHM7XG5cbiAgY29uc3RydWN0b3Ioc2NvcGU6IENvbnN0cnVjdCwgaWQ6IHN0cmluZyxcbiAgICBwcml2YXRlIHJlYWRvbmx5IGV4cHJlc3Npb25zPzogcG9kLkxhYmVsRXhwcmVzc2lvbltdLFxuICAgIHByaXZhdGUgcmVhZG9ubHkgbmFtZXM/OiBzdHJpbmdbXSxcbiAgICBwcml2YXRlIHJlYWRvbmx5IGxhYmVscz86IHsgW2tleTogc3RyaW5nXTogc3RyaW5nIH0pIHtcbiAgICBzdXBlcihzY29wZSwgaWQpO1xuXG4gICAgdGhpcy5fcG9kcyA9IHBvZC5Qb2RzLmFsbCh0aGlzLCAnUG9kcycsIHsgbmFtZXNwYWNlczogdGhpcyB9KTtcbiAgfVxuXG4gIC8qKlxuICAgKiBAc2VlIElOYW1lc3BhY2VTZWxlY3Rvci50b05hbWVzcGFjZVNlbGVjdG9yQ29uZmlnKClcbiAgICovXG4gIHB1YmxpYyB0b05hbWVzcGFjZVNlbGVjdG9yQ29uZmlnKCk6IE5hbWVzcGFjZVNlbGVjdG9yQ29uZmlnIHtcbiAgICByZXR1cm4ge1xuICAgICAgbGFiZWxTZWxlY3RvcjogcG9kLkxhYmVsU2VsZWN0b3Iub2YoeyBleHByZXNzaW9uczogdGhpcy5leHByZXNzaW9ucywgbGFiZWxzOiB0aGlzLmxhYmVscyB9ICksXG4gICAgICBuYW1lczogdGhpcy5uYW1lcyxcbiAgICB9O1xuICB9XG5cbiAgLyoqXG4gICAqIEBzZWUgSU5ldHdvcmtQb2xpY3lQZWVyLnRvTmV0d29ya1BvbGljeVBlZXJDb25maWcoKVxuICAgKi9cbiAgcHVibGljIHRvTmV0d29ya1BvbGljeVBlZXJDb25maWcoKTogbmV0d29ya3BvbGljeS5OZXR3b3JrUG9saWN5UGVlckNvbmZpZyB7XG4gICAgcmV0dXJuIHRoaXMuX3BvZHMudG9OZXR3b3JrUG9saWN5UGVlckNvbmZpZygpO1xuICB9XG5cbiAgLyoqXG4gICAqIEBzZWUgSU5ldHdvcmtQb2xpY3lQZWVyLnRvUG9kU2VsZWN0b3IoKVxuICAgKi9cbiAgcHVibGljIHRvUG9kU2VsZWN0b3IoKTogcG9kLklQb2RTZWxlY3RvciB8IHVuZGVmaW5lZCB7XG4gICAgcmV0dXJuIHRoaXMuX3BvZHMudG9Qb2RTZWxlY3RvcigpO1xuICB9XG5cbn1cbiJdfQ==

package/lib/network-policy.d.ts

@@ -0,0 +1,311 @@
+import { ApiObject } from 'cdk8s';
+import { Construct, IConstruct } from 'constructs';
+import * as base from './base';
+import * as k8s from './imports/k8s';
+import * as pod from './pod';
+/**
+ * Properties for `NetworkPolicyPort`.
+ */
+export interface NetworkPolicyPortProps {
+    /**
+     * Specific port number.
+     *
+     * @default - all ports are allowed.
+     */
+    readonly port?: number;
+    /**
+     * End port (relative to `port`). Only applies if `port` is defined.
+     * Use this to specify a port range, rather that a specific one.
+     *
+     * @default - not a port range.
+     */
+    readonly endPort?: number;
+    /**
+     * Protocol.
+     *
+     * @default NetworkProtocol.TCP
+     */
+    readonly protocol?: NetworkProtocol;
+}
+/**
+ * Describes a port to allow traffic on.
+ */
+export declare class NetworkPolicyPort {
+    private readonly port?;
+    private readonly endPort?;
+    private readonly protocol?;
+    /**
+     * Distinct TCP ports
+     */
+    static tcp(port: number): NetworkPolicyPort;
+    /**
+     * A TCP port range
+     */
+    static tcpRange(startPort: number, endPort: number): NetworkPolicyPort;
+    /**
+     * Any TCP traffic
+     */
+    static allTcp(): NetworkPolicyPort;
+    /**
+     * Distinct UDP ports
+     */
+    static udp(port: number): NetworkPolicyPort;
+    /**
+     * A UDP port range
+     */
+    static udpRange(startPort: number, endPort: number): NetworkPolicyPort;
+    /**
+     * Any UDP traffic
+     */
+    static allUdp(): NetworkPolicyPort;
+    /**
+     * Custom port configuration.
+     */
+    static of(props: NetworkPolicyPortProps): NetworkPolicyPort;
+    private constructor();
+    /**
+     * @internal
+     */
+    _toKube(): k8s.NetworkPolicyPort;
+}
+/**
+ * Configuration for network peers.
+ * A peer can either by an ip block, or a selection of pods, not both.
+ */
+export interface NetworkPolicyPeerConfig {
+    /**
+     * The ip block this peer represents.
+     */
+    readonly ipBlock?: NetworkPolicyIpBlock;
+    /**
+     * The pod selector this peer represents.
+     */
+    readonly podSelector?: pod.PodSelectorConfig;
+}
+/**
+ * Describes a peer to allow traffic to/from.
+ */
+export interface INetworkPolicyPeer extends IConstruct {
+    /**
+     * Return the configuration of this peer.
+     */
+    toNetworkPolicyPeerConfig(): NetworkPolicyPeerConfig;
+    /**
+     * Convert the peer into a pod selector, if possible.
+     */
+    toPodSelector(): pod.IPodSelector | undefined;
+}
+/**
+ * Describes a rule allowing traffic from / to pods matched by a network policy selector.
+ */
+export interface NetworkPolicyRule {
+    /**
+     * The ports of the rule.
+     *
+     * @default - traffic is allowed on all ports.
+     */
+    readonly ports?: NetworkPolicyPort[];
+    /**
+     * Peer this rule interacts with.
+     */
+    readonly peer: INetworkPolicyPeer;
+}
+/**
+ * Describes a particular CIDR (Ex. "192.168.1.1/24","2001:db9::/64") that is
+ * allowed to the pods matched by a network policy selector.
+ * The except entry describes CIDRs that should not be included within this rule.
+ */
+export declare class NetworkPolicyIpBlock extends Construct implements INetworkPolicyPeer {
+    /**
+     * A string representing the IP Block Valid examples are "192.168.1.1/24" or "2001:db9::/64".
+     */
+    readonly cidr: string;
+    /**
+     * A slice of CIDRs that should not be included within an IP Block Valid examples are "192.168.1.1/24" or "2001:db9::/64".
+     * Except values will be rejected if they are outside the CIDR range.
+     */
+    readonly except?: string[] | undefined;
+    /**
+     * Create an IPv4 peer from a CIDR
+     */
+    static ipv4(scope: Construct, id: string, cidrIp: string, except?: string[]): NetworkPolicyIpBlock;
+    /**
+     * Any IPv4 address
+     */
+    static anyIpv4(scope: Construct, id: string): NetworkPolicyIpBlock;
+    /**
+     * Create an IPv6 peer from a CIDR
+     */
+    static ipv6(scope: Construct, id: string, cidrIp: string, except?: string[]): NetworkPolicyIpBlock;
+    /**
+     * Any IPv6 address
+     */
+    static anyIpv6(scope: Construct, id: string): NetworkPolicyIpBlock;
+    private constructor();
+    /**
+     * @see INetworkPolicyPeer.toNetworkPolicyPeerConfig()
+     */
+    toNetworkPolicyPeerConfig(): NetworkPolicyPeerConfig;
+    /**
+     * @see INetworkPolicyPeer.toPodSelector()
+     */
+    toPodSelector(): pod.IPodSelector | undefined;
+    /**
+     * @internal
+     */
+    _toKube(): k8s.IpBlock;
+}
+/**
+ * Network protocols.
+ */
+export declare enum NetworkProtocol {
+    /**
+     * TCP.
+     */
+    TCP = "TCP",
+    /**
+     * UDP.
+     */
+    UDP = "UDP",
+    /**
+     * SCTP.
+     */
+    SCTP = "SCTP"
+}
+/**
+ * Default behaviors of network traffic in policies.
+ */
+export declare enum NetworkPolicyTrafficDefault {
+    /**
+     * The policy denies all traffic.
+     * Since rules are additive, additional rules or policies can allow
+     * specific traffic.
+     */
+    DENY = "DENY",
+    /**
+     * The policy allows all traffic (either ingress or egress).
+     * Since rules are additive, no additional rule or policies can
+     * subsequently deny the traffic.
+     */
+    ALLOW = "ALLOW"
+}
+/**
+ * Describes how the network policy should configure egress / ingress traffic.
+ */
+export interface NetworkPolicyTraffic {
+    /**
+     * Specifies the default behavior of the policy when
+     * no rules are defined.
+     *
+     * @default - unset, the policy does not change the behavior.
+     */
+    readonly default?: NetworkPolicyTrafficDefault;
+    /**
+     * List of rules to be applied to the selected pods.
+     * If empty, the behavior of the policy is dictated by the `default` property.
+     *
+     * @default - no rules
+     */
+    readonly rules?: NetworkPolicyRule[];
+}
+/**
+ * Options for `NetworkPolicy.addEgressRule`.
+ */
+export interface NetworkPolicyAddEgressRuleOptions {
+    /**
+     * Ports the rule should allow outgoing traffic to.
+     *
+     * @default - If the peer is a managed pod, take its ports. Otherwise, all ports are allowed.
+     */
+    readonly ports?: NetworkPolicyPort[];
+}
+/**
+ * Properties for `NetworkPolicy`.
+ */
+export interface NetworkPolicyProps extends base.ResourceProps {
+    /**
+     * Which pods does this policy object applies to.
+     *
+     * This can either be a single pod / workload, or a grouping of pods selected
+     * via the `Pods.select` function. Rules is applied to any pods selected by this property.
+     * Multiple network policies can select the same set of pods.
+     * In this case, the rules for each are combined additively.
+     *
+     * Note that
+     *
+     * @default - will select all pods in the namespace of the policy.
+     */
+    readonly selector?: pod.IPodSelector;
+    /**
+     * Egress traffic configuration.
+     *
+     * @default - the policy doesn't change egress behavior of the pods it selects.
+     */
+    readonly egress?: NetworkPolicyTraffic;
+    /**
+     * Ingress traffic configuration.
+     *
+     * @default - the policy doesn't change ingress behavior of the pods it selects.
+     */
+    readonly ingress?: NetworkPolicyTraffic;
+}
+/**
+ * Control traffic flow at the IP address or port level (OSI layer 3 or 4),
+ * network policies are an application-centric construct which allow you
+ * to specify how a pod is allowed to communicate with various network peers.
+ *
+ * - Outgoing traffic is allowed if there are no network policies selecting
+ *   the pod (and cluster policy otherwise allows the traffic),
+ *   OR if the traffic matches at least one egress rule across all of the
+ *   network policies that select the pod.
+ *
+ * - Incoming traffic is allowed to a pod if there are no network policies
+ *   selecting the pod (and cluster policy otherwise allows the traffic),
+ *   OR if the traffic source is the pod's local node,
+ *   OR if the traffic matches at least one ingress rule across all of
+ *   the network policies that select the pod.
+ *
+ * Network policies do not conflict; they are additive.
+ * If any policy or policies apply to a given pod for a given
+ * direction, the connections allowed in that direction from
+ * that pod is the union of what the applicable policies allow.
+ * Thus, order of evaluation does not affect the policy result.
+ *
+ * For a connection from a source pod to a destination pod to be allowed,
+ * both the egress policy on the source pod and the ingress policy on the
+ * destination pod need to allow the connection.
+ * If either side does not allow the connection, it will not happen.
+ *
+ * @see https://kubernetes.io/docs/concepts/services-networking/network-policies/#networkpolicy-resource
+ */
+export declare class NetworkPolicy extends base.Resource {
+    /**
+     * @see base.Resource.apiObject
+     */
+    protected readonly apiObject: ApiObject;
+    readonly resourceType: string;
+    private readonly _podSelectorConfig;
+    private readonly _egressRules;
+    private readonly _ingressRules;
+    private readonly _policyTypes;
+    constructor(scope: Construct, id: string, props?: NetworkPolicyProps);
+    /**
+     * Allow outgoing traffic to the peer.
+     *
+     * If ports are not passed, traffic will be allowed on all ports.
+     */
+    addEgressRule(peer: INetworkPolicyPeer, ports?: NetworkPolicyPort[]): void;
+    /**
+     * Allow incoming traffic from the peer.
+     *
+     * If ports are not passed, traffic will be allowed on all ports.
+     */
+    addIngressRule(peer: INetworkPolicyPeer, ports?: NetworkPolicyPort[]): void;
+    private createNetworkPolicyPeers;
+    private configureDefaultBehavior;
+    /**
+     * @internal
+     */
+    _toKube(): k8s.NetworkPolicySpec;
+}
+export declare function validatePeerConfig(peerConfig: NetworkPolicyPeerConfig): void;