Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

W.I.P Support admin netpolicy #380

Draft
wants to merge 97 commits into
base: main
Choose a base branch
from
Draft

W.I.P Support admin netpolicy #380

wants to merge 97 commits into from

Conversation

shireenf-ibm
Copy link
Contributor

@shireenf-ibm shireenf-ibm commented Jul 8, 2024
edited
Loading

#30

@shireenf-ibm shireenf-ibm marked this pull request as draft July 8, 2024 18:22
@shireenf-ibm
Copy link
Contributor Author

shireenf-ibm commented Jul 8, 2024
edited
Loading

hi @adisos. this is the beginning of supporting the ANP

this PR contains tests with ANPs with multiple rules (tests respecting rules ordering - connlist and diff tests)
some tests that involves ANP and NP (with Pass action)
and tests with multiple ANPs (tests respecting ANP priority)

tasks & PRs which are/will be extensions for current PR:

@shireenf-ibm

This comment was marked as outdated.

Sign in to view
@shireenf-ibm shireenf-ibm reopened this Jul 18, 2024
@shireenf-ibm shireenf-ibm mentioned this pull request Aug 11, 2024
Draft
adisos
adisos reviewed Nov 3, 2024
View reviewed changes
pkg/netpol/eval/check.go Outdated Show resolved Hide resolved
@shireenf-ibm shireenf-ibm mentioned this pull request Nov 4, 2024
Draft
adisos
adisos reviewed Nov 13, 2024
View reviewed changes
pkg/netpol/connlist/connlist_test.go Outdated
outputFormats: []string{output.TextFormat},
},
{
testDirName: "anp_test2_allow_traffic_at_cluster_level",
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

for test tests/anp_test2_allow_traffic_at_cluster_level, the result connectivity will be the same even if the policy is deleted, so the effect of the policy is not well demonstrated.
better change the test so that the effect of the tested policy is actual.
please also check this for all other tests.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

okay, I remember those 3 were the first tests I've added ; were taken from here.
will add NetworkPolicy that blocks some of the traffic and see that it is allowed because of the ANP.

will check for other tests

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

done

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

not sure I understand anp_test_3 - the output with and without the anp is the same

Copy link
Contributor Author

@shireenf-ibm shireenf-ibm Nov 14, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

true, I jsut wanted to show that if the anp passes a connection but this connection is not allowed by networkpolicy then it is not allowed (implicit deny).
I could add A BANP that denies TCP 8080 ; but we have such example

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tanyaveksler tanyaveksler tanyaveksler left review comments

@adisos adisos Awaiting requested review from adisos

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
size/XXL
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@shireenf-ibm @adisos @tanyaveksler