Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Initial proposal of "allow-from-router" NetworkPolicy #561

Merged
merged 1 commit into from
Feb 4, 2021
Merged

Initial proposal of "allow-from-router" NetworkPolicy #561

merged 1 commit into from
Feb 4, 2021

Conversation

danwinship
Copy link
Contributor

For SDN-1340. Proposes changes to ovn-kubernetes and CNO (and maybe openshift-sdn, and maybe maybe cluster-ingress-operator) to make it easier for customers to create policies to allow traffic from routers, regardless of network plugin and router configuration.

/cc @trozet
for ovn-kubernetes thoughts
/cc @Miciah
for router thoughts (feel free to hand off to someone else if I picked badly)
/cc @squeed @knobunc @dcbw
for general thoughts

@danwinship danwinship force-pushed the allow-from-router-networkpolicy branch from a6e24d3 to cf95652 Compare December 16, 2020 17:50
@abhat
Copy link
Contributor

abhat commented Jan 20, 2021

Overall it makes sense to me. The implementation details for ovn-k need to be figured out in the context of the changes we are making to the topology to avoid multiple SNATs (if that's at all relevant here, I don't think it is, but I may be missing some nuances from the recent discussions).

@squeed
Copy link
Contributor

squeed commented Jan 25, 2021

I think this make sense, and is ripe for implementation.

/lgtm
(someone else needs to approve).

@openshift-ci-robot openshift-ci-robot added the lgtm Indicates that a PR is ready to be merged. label Jan 25, 2021
@russellb
Copy link
Member

/approve

Nicely written enhancement, thanks

@openshift-ci-robot
Copy link

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: russellb

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci-robot openshift-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jan 28, 2021
@danwinship
Copy link
Contributor Author

/retest

@danwinship danwinship force-pushed the allow-from-router-networkpolicy branch from cf95652 to ab605b9 Compare February 4, 2021 16:10
@openshift-ci-robot openshift-ci-robot removed the lgtm Indicates that a PR is ready to be merged. label Feb 4, 2021
@russellb
Copy link
Member

russellb commented Feb 4, 2021

/lgtm

@openshift-ci-robot openshift-ci-robot added the lgtm Indicates that a PR is ready to be merged. label Feb 4, 2021
@openshift-merge-robot openshift-merge-robot merged commit 6a0b2b8 into openshift:master Feb 4, 2021
@danwinship danwinship deleted the allow-from-router-networkpolicy branch February 5, 2021 23:10
@danwinship danwinship mentioned this pull request Mar 2, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@abhat abhat abhat left review comments

@squeed squeed squeed left review comments

@dcbw dcbw Awaiting requested review from dcbw

@knobunc knobunc Awaiting requested review from knobunc

@Miciah Miciah Awaiting requested review from Miciah

@trozet trozet Awaiting requested review from trozet

Assignees

@russellb russellb

@squeed squeed

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. lgtm Indicates that a PR is ready to be merged.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@danwinship @abhat @squeed @russellb @openshift-ci-robot @openshift-merge-robot