Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add support for BaselineAdminNetworkPolicy. #9464

Draft
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

fasaxc
Copy link
Member

@fasaxc fasaxc commented Nov 12, 2024

Description

Add support for sig-network-policy-api's BaselineAdminNetworkPolicy.

  • Map the single BANP to a policy (with order=1000) in a new dedicated Tier with order=10,000,000.
  • Convert the policy as per AdminNetworkPolicy. Due to different datatypes, the logic has to be copied (I didn't fancy using reflection).
  • Add RBAC to allow Typha and Node to access the resources.

Related issues/PRs

CORE-10800

Builds on ANP work:

Tier support: #9085
Default action in tiers: #9232
AdminNetworkPolicy: #9206
AdminNetworkPolicy egress networks: #9276
AdminNetworkPolicy named port: #9254

Todos

  • Tests
  • Documentation
  • Release note

Release Note

Add support for BaselineAdminNetworkPolicy.

Reminder for the reviewer

Make sure that this PR has the correct labels and milestone set.

Every PR needs one docs-* label.

  • docs-pr-required: This change requires a change to the documentation that has not been completed yet.
  • docs-completed: This change has all necessary documentation completed.
  • docs-not-required: This change has no user-facing impact and requires no docs.

Every PR needs one release-note-* label.

  • release-note-required: This PR has user-facing changes. Most PRs should have this label.
  • release-note-not-required: This PR has no user-facing changes.

Other optional labels:

  • cherry-pick-candidate: This PR should be cherry-picked to an earlier release. For bug fixes only.
  • needs-operator-pr: This PR is related to install and requires a corresponding change to the operator.

@marvin-tigera marvin-tigera added this to the Calico v3.30.0 milestone Nov 12, 2024
@marvin-tigera marvin-tigera added release-note-required Change has user-facing impact (no matter how small) docs-pr-required Change is not yet documented labels Nov 12, 2024
@fasaxc fasaxc changed the title [WIP] Initial pass at BaselineAdminNetworkPolicy. Add support for BaselineAdminNetworkPolicy. Nov 19, 2024
OssNetworkPolicyNamePrefix = "ossg."
K8sNetworkPolicyNamePrefix = "knp.default."
K8sAdminNetworkPolicyNamePrefix = "kanp.adminnetworkpolicy."
K8sBaselineAdminNetworkPolicyNamePrefix = "kbanp.adminnetworkpolicy."
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This prefix should be kbanp.baselineadminnetworkpolicy. This is long, but basically the second part baselineadminnetworkpolicy is the tier name.

Copy link
Member

@mazdakn mazdakn Nov 20, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If we want to make it shorter, maybe we can name the tier baselinenetworkpolicy and this prefix kbanp.baselinenetworkpolicy.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good spot, thanks.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
docs-pr-required Change is not yet documented release-note-required Change has user-facing impact (no matter how small)
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants