Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement egress traffic CIDRGroup object #205

Draft
wants to merge 3 commits into
base: main
Choose a base branch
from
Draft

Implement egress traffic CIDRGroup object #205

wants to merge 3 commits into from

Commits on Oct 16, 2023

  1. Split peers into ingress&&egress 

    This resulted from discussions in network-policy-api
meetings and after consulting apiserver team for best
practices.
So far ingress and egress peer expressions were symmetric.
However moving forward, since we are adding support for
egress (northbound) peers and fqdn which might have
differences compared to what we want to allow for ingress,
we have decided to split the peers into ingress and egress.

Signed-off-by: Surya Seetharaman <[email protected]>
    @tssurya
    tssurya committed Oct 16, 2023
    Configuration menu
    Copy the full SHA
    81a0070 View commit details
    Browse the repository at this point in the history

  2. Add support for selecting nodes as egress peers 

    Some FTR things:

1) As an egress peer a user can selector either namespaces, or pods or nodes.
In a given rule more than 1 type of selection is not allowed.
2) An empty node selector means it selects all nodes in the cluster.
3) nodes can be referred only from egress rule peers, since we only
support northbound use cases.

Signed-off-by: Surya Seetharaman <[email protected]>
    @tssurya
    tssurya committed Oct 16, 2023
    Configuration menu
    Copy the full SHA
    2d2967b View commit details
    Browse the repository at this point in the history

  3. Add support for selecting external destinations as egress peers 

    Some FTR things:

    1) As an egress peer a user can selector either namespaces, or pods or
       nodes or externalNetworks.
    In a given rule more than 1 type of selection is not allowed.
    2) An empty externalNetworks selector means it selects all externalNetworkSets in the cluster.
    3) externalNetworks can be set only from to.Peer

Signed-off-by: Surya Seetharaman <[email protected]>
    @tssurya
    tssurya committed Oct 16, 2023
    Configuration menu
    Copy the full SHA
    f1c750c View commit details
    Browse the repository at this point in the history