--- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.16.4 creationTimestamp: "2026-02-17T12:42:50Z" generation: 1 managedFields: - apiVersion: apiextensions.k8s.io/v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:controller-gen.kubebuilder.io/version: {} f:ownerReferences: k:{"uid":"90714041-3359-45e8-85cb-f85d3b3cdb86"}: {} f:spec: f:group: {} f:names: f:kind: {} f:listKind: {} f:plural: {} f:singular: {} f:scope: {} f:versions: {} manager: cluster-network-operator/operconfig operation: Apply time: "2026-02-17T12:42:50Z" - apiVersion: apiextensions.k8s.io/v1 fieldsType: FieldsV1 fieldsV1: f:status: f:acceptedNames: f:kind: {} f:listKind: {} f:plural: {} f:singular: {} f:conditions: k:{"type":"Established"}: .: {} f:lastTransitionTime: {} f:message: {} f:reason: {} f:status: {} f:type: {} k:{"type":"NamesAccepted"}: .: {} f:lastTransitionTime: {} f:message: {} f:reason: {} f:status: {} f:type: {} manager: kube-apiserver operation: Update subresource: status time: "2026-02-17T12:42:50Z" name: clusteruserdefinednetworks.k8s.ovn.org ownerReferences: - apiVersion: operator.openshift.io/v1 blockOwnerDeletion: true controller: true kind: Network name: cluster uid: 90714041-3359-45e8-85cb-f85d3b3cdb86 resourceVersion: "2807" uid: 3278db2c-053e-4704-bf71-4ea3f5476446 spec: conversion: strategy: None group: k8s.ovn.org names: kind: ClusterUserDefinedNetwork listKind: ClusterUserDefinedNetworkList plural: clusteruserdefinednetworks singular: clusteruserdefinednetwork scope: Cluster versions: - name: v1 schema: openAPIV3Schema: description: ClusterUserDefinedNetwork describe network request for a shared network across namespaces. properties: apiVersion: description: |- APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: description: |- Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: description: ClusterUserDefinedNetworkSpec defines the desired state of ClusterUserDefinedNetwork. properties: namespaceSelector: description: NamespaceSelector Label selector for which namespace network should be available for. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: description: |- A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: description: |- operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: description: |- values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. items: type: string type: array x-kubernetes-list-type: atomic required: - key - operator type: object type: array x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string description: |- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic network: description: Network is the user-defined-network spec properties: layer2: description: Layer2 is the Layer2 topology configuration. properties: defaultGatewayIPs: description: |- defaultGatewayIPs specifies the default gateway IP used in the internal OVN topology. Dual-stack clusters may set 2 IPs (one for each IP family), otherwise only 1 IP is allowed. This field is only allowed for "Primary" network. It is not recommended to set this field without explicit need and understanding of the OVN network topology. When omitted, an IP from the subnets field is used. items: type: string x-kubernetes-validations: - message: IP is invalid rule: isIP(self) maxItems: 2 minItems: 1 type: array x-kubernetes-validations: - message: When 2 IPs are set, they must be from different IP families rule: size(self) != 2 || !isIP(self[0]) || !isIP(self[1]) || ip(self[0]).family() != ip(self[1]).family() infrastructureSubnets: description: |- infrastructureSubnets specifies a list of internal CIDR ranges that OVN-Kubernetes will reserve for internal network infrastructure. Any IP addresses within these ranges cannot be assigned to workloads. When omitted, OVN-Kubernetes will automatically allocate IP addresses from `subnets` for its infrastructure needs. When there are not enough available IPs in the provided infrastructureSubnets, OVN-Kubernetes will automatically allocate IP addresses from subnets for its infrastructure needs. When `reservedSubnets` is also specified the CIDRs cannot overlap. When `defaultGatewayIPs` is also specified, the default gateway IPs must belong to one of the infrastructure subnet CIDRs. Each item should be in range of the specified CIDR(s) in `subnets`. The maximum number of entries allowed is 4. The format should match standard CIDR notation (for example, "10.128.0.0/16"). This field must be omitted if `subnets` is unset or `ipam.mode` is `Disabled`. items: maxLength: 43 type: string x-kubernetes-validations: - message: CIDR is invalid rule: isCIDR(self) maxItems: 4 minItems: 1 type: array ipam: description: IPAM section contains IPAM-related configuration for the network. minProperties: 1 properties: lifecycle: description: |- Lifecycle controls IP addresses management lifecycle. The only allowed value is Persistent. When set, the IP addresses assigned by OVN Kubernetes will be persisted in an `ipamclaims.k8s.cni.cncf.io` object. These IP addresses will be reused by other pods if requested. Only supported when mode is `Enabled`. enum: - Persistent type: string mode: description: |- Mode controls how much of the IP configuration will be managed by OVN. `Enabled` means OVN-Kubernetes will apply IP configuration to the SDN infrastructure and it will also assign IPs from the selected subnet to the individual pods. `Disabled` means OVN-Kubernetes will only assign MAC addresses and provide layer 2 communication, letting users configure IP addresses for the pods. `Disabled` is only available for Secondary networks. By disabling IPAM, any Kubernetes features that rely on selecting pods by IP will no longer function (such as network policy, services, etc). Additionally, IP port security will also be disabled for interfaces attached to this network. Defaults to `Enabled`. enum: - Enabled - Disabled type: string type: object x-kubernetes-validations: - message: lifecycle Persistent is only supported when ipam.mode is Enabled rule: '!has(self.lifecycle) || self.lifecycle != ''Persistent'' || !has(self.mode) || self.mode == ''Enabled''' joinSubnets: description: |- JoinSubnets are used inside the OVN network topology. Dual-stack clusters may set 2 subnets (one for each IP family), otherwise only 1 subnet is allowed. This field is only allowed for "Primary" network. It is not recommended to set this field without explicit need and understanding of the OVN network topology. When omitted, the platform will choose a reasonable default which is subject to change over time. items: maxLength: 43 type: string x-kubernetes-validations: - message: CIDR is invalid rule: isCIDR(self) maxItems: 2 minItems: 1 type: array x-kubernetes-validations: - message: When 2 CIDRs are set, they must be from different IP families rule: size(self) != 2 || !isCIDR(self[0]) || !isCIDR(self[1]) || cidr(self[0]).ip().family() != cidr(self[1]).ip().family() mtu: description: |- MTU is the maximum transmission unit for a network. MTU is optional, if not provided, the globally configured value in OVN-Kubernetes (defaults to 1400) is used for the network. format: int32 maximum: 65536 minimum: 576 type: integer reservedSubnets: description: |- reservedSubnets specifies a list of CIDRs reserved for static IP assignment, excluded from automatic allocation. reservedSubnets is optional. When omitted, all IP addresses in `subnets` are available for automatic assignment. IPs from these ranges can still be requested through static IP assignment. Each item should be in range of the specified CIDR(s) in `subnets`. The maximum number of entries allowed is 25. The format should match standard CIDR notation (for example, "10.128.0.0/16"). This field must be omitted if `subnets` is unset or `ipam.mode` is `Disabled`. items: maxLength: 43 type: string x-kubernetes-validations: - message: CIDR is invalid rule: isCIDR(self) maxItems: 25 minItems: 1 type: array role: description: |- Role describes the network role in the pod. Allowed value is "Secondary". Secondary network is only assigned to pods that use `k8s.v1.cni.cncf.io/networks` annotation to select given network. enum: - Primary - Secondary type: string subnets: description: |- Subnets are used for the pod network across the cluster. Dual-stack clusters may set 2 subnets (one for each IP family), otherwise only 1 subnet is allowed. The format should match standard CIDR notation (for example, "10.128.0.0/16"). This field must be omitted if `ipam.mode` is `Disabled`. items: maxLength: 43 type: string x-kubernetes-validations: - message: CIDR is invalid rule: isCIDR(self) maxItems: 2 minItems: 1 type: array x-kubernetes-validations: - message: When 2 CIDRs are set, they must be from different IP families rule: size(self) != 2 || !isCIDR(self[0]) || !isCIDR(self[1]) || cidr(self[0]).ip().family() != cidr(self[1]).ip().family() required: - role type: object x-kubernetes-validations: - message: Subnets is required with ipam.mode is Enabled or unset rule: has(self.ipam) && has(self.ipam.mode) && self.ipam.mode != 'Enabled' || has(self.subnets) - message: Subnets must be unset when ipam.mode is Disabled rule: '!has(self.ipam) || !has(self.ipam.mode) || self.ipam.mode != ''Disabled'' || !has(self.subnets)' - message: Disabled ipam.mode is only supported for Secondary network rule: '!has(self.ipam) || !has(self.ipam.mode) || self.ipam.mode != ''Disabled'' || self.role == ''Secondary''' - message: JoinSubnets is only supported for Primary network rule: '!has(self.joinSubnets) || has(self.role) && self.role == ''Primary''' - message: MTU should be greater than or equal to 1280 when IPv6 subnet is used rule: '!has(self.subnets) || !has(self.mtu) || !self.subnets.exists_one(i, isCIDR(i) && cidr(i).ip().family() == 6) || self.mtu >= 1280' - message: defaultGatewayIPs is only supported for Primary network rule: '!has(self.defaultGatewayIPs) || has(self.role) && self.role == ''Primary''' - message: defaultGatewayIPs must belong to one of the subnets specified in the subnets field rule: '!has(self.defaultGatewayIPs) || self.defaultGatewayIPs.all(ip, self.subnets.exists(subnet, cidr(subnet).containsIP(ip)))' - message: defaultGatewayIPs must be specified for all IP families rule: '!has(self.defaultGatewayIPs) || size(self.defaultGatewayIPs) == size(self.subnets)' - message: reservedSubnets must be unset when subnets is unset rule: '!has(self.reservedSubnets) || has(self.subnets)' - message: reservedSubnets is only supported for Primary network rule: '!has(self.reservedSubnets) || has(self.role) && self.role == ''Primary''' - message: infrastructureSubnets must be unset when subnets is unset rule: '!has(self.infrastructureSubnets) || has(self.subnets)' - message: infrastructureSubnets is only supported for Primary network rule: '!has(self.infrastructureSubnets) || has(self.role) && self.role == ''Primary''' - message: defaultGatewayIPs have to belong to infrastructureSubnets rule: '!has(self.infrastructureSubnets) || !has(self.defaultGatewayIPs) || self.defaultGatewayIPs.all(ip, self.infrastructureSubnets.exists(subnet, cidr(subnet).containsIP(ip)))' - fieldPath: .reservedSubnets message: reservedSubnets must be subnetworks of the networks specified in the subnets field rule: '!has(self.reservedSubnets) || self.reservedSubnets.all(e, self.subnets.exists(s, cidr(s).containsCIDR(cidr(e))))' - fieldPath: .infrastructureSubnets message: infrastructureSubnets must be subnetworks of the networks specified in the subnets field rule: '!has(self.infrastructureSubnets) || self.infrastructureSubnets.all(e, self.subnets.exists(s, cidr(s).containsCIDR(cidr(e))))' - message: infrastructureSubnets and reservedSubnets must not overlap rule: '!has(self.infrastructureSubnets) || !has(self.reservedSubnets) || self.infrastructureSubnets.all(infra, !self.reservedSubnets.exists(reserved, cidr(infra).containsCIDR(reserved) || cidr(reserved).containsCIDR(infra)))' - message: infrastructureSubnets must be a masked network address (no host bits set) rule: '!has(self.infrastructureSubnets) || self.infrastructureSubnets.all(s, isCIDR(s) && cidr(s) == cidr(s).masked())' - message: reservedSubnets must be a masked network address (no host bits set) rule: '!has(self.reservedSubnets) || self.reservedSubnets.all(s, isCIDR(s) && cidr(s) == cidr(s).masked())' layer3: description: Layer3 is the Layer3 topology configuration. properties: joinSubnets: description: |- JoinSubnets are used inside the OVN network topology. Dual-stack clusters may set 2 subnets (one for each IP family), otherwise only 1 subnet is allowed. This field is only allowed for "Primary" network. It is not recommended to set this field without explicit need and understanding of the OVN network topology. When omitted, the platform will choose a reasonable default which is subject to change over time. items: maxLength: 43 type: string x-kubernetes-validations: - message: CIDR is invalid rule: isCIDR(self) maxItems: 2 minItems: 1 type: array x-kubernetes-validations: - message: When 2 CIDRs are set, they must be from different IP families rule: size(self) != 2 || !isCIDR(self[0]) || !isCIDR(self[1]) || cidr(self[0]).ip().family() != cidr(self[1]).ip().family() mtu: description: |- MTU is the maximum transmission unit for a network. MTU is optional, if not provided, the globally configured value in OVN-Kubernetes (defaults to 1400) is used for the network. format: int32 maximum: 65536 minimum: 576 type: integer role: description: |- Role describes the network role in the pod. Allowed values are "Primary" and "Secondary". Primary network is automatically assigned to every pod created in the same namespace. Secondary network is only assigned to pods that use `k8s.v1.cni.cncf.io/networks` annotation to select given network. enum: - Primary - Secondary type: string subnets: description: |- Subnets are used for the pod network across the cluster. Dual-stack clusters may set 2 subnets (one for each IP family), otherwise only 1 subnet is allowed. Given subnet is split into smaller subnets for every node. items: properties: cidr: description: CIDR specifies L3Subnet, which is split into smaller subnets for every node. maxLength: 43 type: string x-kubernetes-validations: - message: CIDR is invalid rule: isCIDR(self) hostSubnet: description: |- HostSubnet specifies the subnet size for every node. When not set, it will be assigned automatically. format: int32 maximum: 127 minimum: 1 type: integer required: - cidr type: object x-kubernetes-validations: - message: HostSubnet must be smaller than CIDR subnet rule: '!has(self.hostSubnet) || !isCIDR(self.cidr) || self.hostSubnet > cidr(self.cidr).prefixLength()' - message: HostSubnet must < 32 for ipv4 CIDR rule: '!has(self.hostSubnet) || !isCIDR(self.cidr) || (cidr(self.cidr).ip().family() != 4 || self.hostSubnet < 32)' maxItems: 2 minItems: 1 type: array x-kubernetes-validations: - message: When 2 CIDRs are set, they must be from different IP families rule: size(self) != 2 || !isCIDR(self[0].cidr) || !isCIDR(self[1].cidr) || cidr(self[0].cidr).ip().family() != cidr(self[1].cidr).ip().family() required: - role - subnets type: object x-kubernetes-validations: - message: JoinSubnets is only supported for Primary network rule: '!has(self.joinSubnets) || has(self.role) && self.role == ''Primary''' - message: MTU should be greater than or equal to 1280 when IPv6 subnet is used rule: '!has(self.subnets) || !has(self.mtu) || !self.subnets.exists_one(i, isCIDR(i.cidr) && cidr(i.cidr).ip().family() == 6) || self.mtu >= 1280' localnet: description: Localnet is the Localnet topology configuration. properties: excludeSubnets: description: |- excludeSubnets is a list of CIDRs to be removed from the specified CIDRs in `subnets`. The CIDRs in this list must be in range of at least one subnet specified in `subnets`. excludeSubnets is optional. When omitted no IP address is excluded and all IP addresses specified in `subnets` are subject to assignment. The format should match standard CIDR notation (for example, "10.128.0.0/16"). This field must be omitted if `subnets` is unset or `ipam.mode` is `Disabled`. When `physicalNetworkName` points to OVS bridge mapping of a network with reserved IP addresses (which shouldn't be assigned by OVN-Kubernetes), the specified CIDRs will not be assigned. For example: Given: `subnets: "10.0.0.0/24"`, `excludeSubnets: "10.0.0.200/30", the following addresses will not be assigned to pods: `10.0.0.201`, `10.0.0.202`. items: maxLength: 43 type: string x-kubernetes-validations: - message: CIDR is invalid rule: isCIDR(self) maxItems: 25 minItems: 1 type: array ipam: description: "ipam configurations for the network.\nipam is optional. When omitted, `subnets` must be specified.\nWhen `ipam.mode` is `Disabled`, `subnets` must be omitted.\n`ipam.mode` controls how much of the IP configuration will be managed by OVN.\n When `Enabled`, OVN-Kubernetes will apply IP configuration to the SDN infra and assign IPs from the selected\n \ subnet to the pods.\n When `Disabled`, OVN-Kubernetes only assigns MAC addresses, and provides layer2 communication, and enables users\n to configure IP addresses on the pods.\n`ipam.lifecycle` controls IP addresses management lifecycle.\n When set to 'Persistent', the assigned IP addresses will be persisted in `ipamclaims.k8s.cni.cncf.io` object.\n\t Useful for VMs, IP address will be persistent after restarts and migrations. Supported when `ipam.mode` is `Enabled`." minProperties: 1 properties: lifecycle: description: |- Lifecycle controls IP addresses management lifecycle. The only allowed value is Persistent. When set, the IP addresses assigned by OVN Kubernetes will be persisted in an `ipamclaims.k8s.cni.cncf.io` object. These IP addresses will be reused by other pods if requested. Only supported when mode is `Enabled`. enum: - Persistent type: string mode: description: |- Mode controls how much of the IP configuration will be managed by OVN. `Enabled` means OVN-Kubernetes will apply IP configuration to the SDN infrastructure and it will also assign IPs from the selected subnet to the individual pods. `Disabled` means OVN-Kubernetes will only assign MAC addresses and provide layer 2 communication, letting users configure IP addresses for the pods. `Disabled` is only available for Secondary networks. By disabling IPAM, any Kubernetes features that rely on selecting pods by IP will no longer function (such as network policy, services, etc). Additionally, IP port security will also be disabled for interfaces attached to this network. Defaults to `Enabled`. enum: - Enabled - Disabled type: string type: object x-kubernetes-validations: - message: lifecycle Persistent is only supported when ipam.mode is Enabled rule: '!has(self.lifecycle) || self.lifecycle != ''Persistent'' || !has(self.mode) || self.mode == ''Enabled''' mtu: description: |- mtu is the maximum transmission unit for a network. mtu is optional. When omitted, the configured value in OVN-Kubernetes (defaults to 1500 for localnet topology) is used for the network. Minimum value for IPv4 subnet is 576, and for IPv6 subnet is 1280. Maximum value is 65536. In a scenario `physicalNetworkName` points to OVS bridge mapping of a network configured with certain MTU settings, this field enables configuring the same MTU on pod interface, having the pod MTU aligned with the network MTU. Misaligned MTU across the stack (e.g.: pod has MTU X, node NIC has MTU Y), could result in network disruptions and bad performance. format: int32 maximum: 65536 minimum: 576 type: integer physicalNetworkName: description: |- physicalNetworkName points to the OVS bridge-mapping's network-name configured in the nodes, required. Min length is 1, max length is 253, cannot contain `,` or `:` characters. In case OVS bridge-mapping is defined by Kubernetes-nmstate with `NodeNetworkConfigurationPolicy` (NNCP), this field should point to the NNCP `spec.desiredState.ovn.bridge-mappings` item's `localnet` value. maxLength: 253 minLength: 1 type: string x-kubernetes-validations: - message: physicalNetworkName cannot contain `,` or `:` characters rule: self.matches('^[^,:]+$') role: description: |- role describes the network role in the pod, required. Controls whether the pod interface will act as primary or secondary. Localnet topology supports `Secondary` only. The network will be assigned to pods that have the `k8s.v1.cni.cncf.io/networks` annotation in place pointing to subject. enum: - Secondary type: string subnets: description: |- subnets is a list of subnets used for pods in this localnet network across the cluster. The list may be either 1 IPv4 subnet, 1 IPv6 subnet, or 1 of each IP family. When set, OVN-Kubernetes assigns an IP address from the specified CIDRs to the connected pod, eliminating the need for manual IP assignment or reliance on an external IPAM service (e.g., a DHCP server). subnets is optional. When omitted OVN-Kubernetes won't assign IP address automatically. Dual-stack clusters may set 2 subnets (one for each IP family), otherwise only 1 subnet is allowed. The format should match standard CIDR notation (for example, "10.128.0.0/16"). This field must be omitted if `ipam.mode` is `Disabled`. When physicalNetworkName points to the OVS bridge mapping of a network that provides IPAM services (e.g., a DHCP server), ipam.mode should be set to Disabled. This turns off OVN-Kubernetes IPAM and avoids conflicts with the existing IPAM services on this localnet network. items: maxLength: 43 type: string x-kubernetes-validations: - message: CIDR is invalid rule: isCIDR(self) maxItems: 2 minItems: 1 type: array x-kubernetes-validations: - message: When 2 CIDRs are set, they must be from different IP families rule: size(self) != 2 || !isCIDR(self[0]) || !isCIDR(self[1]) || cidr(self[0]).ip().family() != cidr(self[1]).ip().family() vlan: description: |- vlan configuration for the network. vlan.mode is the VLAN mode. When "Access" is set, OVN-Kubernetes configures the network logical switch port in access mode. vlan.access is the access VLAN configuration. vlan.access.id is the VLAN ID (VID) to be set on the network logical switch port. vlan is optional, when omitted the underlying network default VLAN will be used (usually `1`). When set, OVN-Kubernetes will apply VLAN configuration to the SDN infra and to the connected pods. properties: access: description: Access is the access VLAN configuration properties: id: description: |- id is the VLAN ID (VID) to be set for the network. id should be higher than 0 and lower than 4095. format: int32 maximum: 4094 minimum: 1 type: integer required: - id type: object mode: description: |- mode describe the network VLAN mode. Allowed value is "Access". Access sets the network logical switch port in access mode, according to the config. enum: - Access type: string required: - mode type: object x-kubernetes-validations: - message: vlan access config is required when vlan mode is 'Access', and forbidden otherwise rule: 'has(self.mode) && self.mode == ''Access'' ? has(self.access): !has(self.access)' required: - physicalNetworkName - role type: object x-kubernetes-validations: - message: Subnets is required with ipam.mode is Enabled or unset, and forbidden otherwise rule: '!has(self.ipam) || !has(self.ipam.mode) || self.ipam.mode == ''Enabled'' ? has(self.subnets) : !has(self.subnets)' - message: excludeSubnets must be unset when subnets is unset rule: '!has(self.excludeSubnets) || has(self.subnets)' - message: MTU should be greater than or equal to 1280 when an IPv6 subnet is used rule: '!has(self.subnets) || !has(self.mtu) || !self.subnets.exists_one(i, isCIDR(i) && cidr(i).ip().family() == 6) || self.mtu >= 1280' - fieldPath: .excludeSubnets message: excludeSubnets must be subnetworks of the networks specified in the subnets field rule: '!has(self.excludeSubnets) || self.excludeSubnets.all(e, self.subnets.exists(s, cidr(s).containsCIDR(cidr(e))))' topology: description: |- Topology describes network configuration. Allowed values are "Layer3", "Layer2" and "Localnet". Layer3 topology creates a layer 2 segment per node, each with a different subnet. Layer 3 routing is used to interconnect node subnets. Layer2 topology creates one logical switch shared by all nodes. Localnet topology is based on layer 2 topology, but also allows connecting to an existent (configured) physical network to provide north-south traffic to the workloads. enum: - Layer2 - Layer3 - Localnet type: string required: - topology type: object x-kubernetes-validations: - message: spec.layer3 is required when topology is Layer3 and forbidden otherwise rule: 'has(self.topology) && self.topology == ''Layer3'' ? has(self.layer3): !has(self.layer3)' - message: spec.layer2 is required when topology is Layer2 and forbidden otherwise rule: 'has(self.topology) && self.topology == ''Layer2'' ? has(self.layer2): !has(self.layer2)' - message: spec.localnet is required when topology is Localnet and forbidden otherwise rule: 'has(self.topology) && self.topology == ''Localnet'' ? has(self.localnet): !has(self.localnet)' - message: Network spec is immutable rule: self == oldSelf required: - namespaceSelector - network type: object status: description: ClusterUserDefinedNetworkStatus contains the observed status of the ClusterUserDefinedNetwork. properties: conditions: description: Conditions slice of condition objects indicating details about ClusterUserDefineNetwork status. items: description: Condition contains details for one aspect of the current state of this API Resource. properties: lastTransitionTime: description: |- lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: description: |- message is a human readable message indicating details about the transition. This may be an empty string. maxLength: 32768 type: string observedGeneration: description: |- observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. format: int64 minimum: 0 type: integer reason: description: |- reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. maxLength: 1024 minLength: 1 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ type: string status: description: status of the condition, one of True, False, Unknown. enum: - "True" - "False" - Unknown type: string type: description: type of condition in CamelCase or in foo.example.com/CamelCase. maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string required: - lastTransitionTime - message - reason - status - type type: object type: array x-kubernetes-list-map-keys: - type x-kubernetes-list-type: map type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: ClusterUserDefinedNetwork listKind: ClusterUserDefinedNetworkList plural: clusteruserdefinednetworks singular: clusteruserdefinednetwork conditions: - lastTransitionTime: "2026-02-17T12:42:50Z" message: no conflicts found reason: NoConflicts status: "True" type: NamesAccepted - lastTransitionTime: "2026-02-17T12:42:50Z" message: the initial names have been accepted reason: InitialNamesAccepted status: "True" type: Established storedVersions: - v1