From 8be8ff500e7e7b14ac771676d128025685d18a58 Mon Sep 17 00:00:00 2001 From: Dan Winship Date: Tue, 14 May 2024 12:27:51 -0400 Subject: [PATCH] Update the text about duplicate priority values --- apis/v1alpha1/adminnetworkpolicy_types.go | 9 ++++++--- .../policy.networking.k8s.io_adminnetworkpolicies.yaml | 9 ++++++--- .../policy.networking.k8s.io_adminnetworkpolicies.yaml | 9 ++++++--- 3 files changed, 18 insertions(+), 9 deletions(-) diff --git a/apis/v1alpha1/adminnetworkpolicy_types.go b/apis/v1alpha1/adminnetworkpolicy_types.go index 912d4d3f..6e903d67 100644 --- a/apis/v1alpha1/adminnetworkpolicy_types.go +++ b/apis/v1alpha1/adminnetworkpolicy_types.go @@ -56,11 +56,14 @@ type AdminNetworkPolicyStatus struct { // AdminNetworkPolicySpec defines the desired state of AdminNetworkPolicy. type AdminNetworkPolicySpec struct { - // Priority is a value from 0 to 1000. Rules with lower priority values have - // higher precedence, and are checked before rules with higher priority values. + // Priority is a value from 0 to 1000. Policies with lower priority values have + // higher precedence, and are checked before policies with higher priority values. // All AdminNetworkPolicy rules have higher precedence than NetworkPolicy or // BaselineAdminNetworkPolicy rules - // The behavior is undefined if two ANP objects have same priority. + // Every AdminNetworkPolicy should have a unique priority value; if two (or more) + // policies with the same priority could both match a connection, then the + // implementation can apply any of the matching policies to the connection, and + // there is no way for the user to reliably determine which one it will choose. // // Support: Core // diff --git a/config/crd/experimental/policy.networking.k8s.io_adminnetworkpolicies.yaml b/config/crd/experimental/policy.networking.k8s.io_adminnetworkpolicies.yaml index 174d4c1a..cd511c84 100644 --- a/config/crd/experimental/policy.networking.k8s.io_adminnetworkpolicies.yaml +++ b/config/crd/experimental/policy.networking.k8s.io_adminnetworkpolicies.yaml @@ -817,11 +817,14 @@ spec: type: array priority: description: |- - Priority is a value from 0 to 1000. Rules with lower priority values have - higher precedence, and are checked before rules with higher priority values. + Priority is a value from 0 to 1000. Policies with lower priority values have + higher precedence, and are checked before policies with higher priority values. All AdminNetworkPolicy rules have higher precedence than NetworkPolicy or BaselineAdminNetworkPolicy rules - The behavior is undefined if two ANP objects have same priority. + Every AdminNetworkPolicy should have a unique priority value; if two (or more) + policies with the same priority could both match a connection, then the + implementation can apply any of the matching policies to the connection, and + there is no way for the user to reliably determine which one it will choose. Support: Core diff --git a/config/crd/standard/policy.networking.k8s.io_adminnetworkpolicies.yaml b/config/crd/standard/policy.networking.k8s.io_adminnetworkpolicies.yaml index 9494e478..41c95048 100644 --- a/config/crd/standard/policy.networking.k8s.io_adminnetworkpolicies.yaml +++ b/config/crd/standard/policy.networking.k8s.io_adminnetworkpolicies.yaml @@ -701,11 +701,14 @@ spec: type: array priority: description: |- - Priority is a value from 0 to 1000. Rules with lower priority values have - higher precedence, and are checked before rules with higher priority values. + Priority is a value from 0 to 1000. Policies with lower priority values have + higher precedence, and are checked before policies with higher priority values. All AdminNetworkPolicy rules have higher precedence than NetworkPolicy or BaselineAdminNetworkPolicy rules - The behavior is undefined if two ANP objects have same priority. + Every AdminNetworkPolicy should have a unique priority value; if two (or more) + policies with the same priority could both match a connection, then the + implementation can apply any of the matching policies to the connection, and + there is no way for the user to reliably determine which one it will choose. Support: Core