Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

docs: add documentation for policy-cidr-match-mode=nodes #28421

Merged
merged 1 commit into from
Dec 6, 2023
Merged

docs: add documentation for policy-cidr-match-mode=nodes #28421

merged 1 commit into from
Dec 6, 2023

Conversation

squeed
Copy link
Contributor

@squeed squeed commented Oct 5, 2023

This feature, added in #27464, allows for CIDR / ipBlock selectors to reference nodes within the cluster. Previously, nodes were only selectable via an entity selector.

This adds some basic documentation to the feature.

@squeed squeed added the release-note/misc This PR makes changes that have no direct user impact. label Oct 5, 2023
@squeed squeed requested review from a team as code owners October 5, 2023 13:06
@nathanjsweet
Copy link
Member

This looks good, but What about kube-apiserver?

zacharysarah
zacharysarah requested changes Oct 5, 2023
View reviewed changes
Copy link
Contributor

@zacharysarah zacharysarah left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@squeed 👋🏻 This needs some minor changes, otherwise LGTM for docs.

Documentation/security/policy/language.rst Outdated Show resolved Hide resolved
Documentation/network/kubernetes/policy.rst Outdated Show resolved Hide resolved
Documentation/internals/security-identities.rst Outdated Show resolved Hide resolved
Documentation/security/policy/language.rst Outdated Show resolved Hide resolved
Documentation/security/policy/language.rst Outdated Show resolved Hide resolved
@squeed
Copy link
Contributor Author

squeed commented Oct 6, 2023
edited
Loading

This looks good, but What about kube-apiserver?

Hmm, I'm not sure if that's needed. From an end-user perspective, kube-apsierver is a selectable entity, and that logic hasn't changed. The only difference w.r.t. policy calculations is that nodes are included in CIDR / ipBlock selectors.

zacharysarah
zacharysarah requested changes Oct 6, 2023
View reviewed changes
Copy link
Contributor

@zacharysarah zacharysarah left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@squeed Thanks for the updates, one more set of minor changes then LGTM

Documentation/security/policy/language.rst Outdated Show resolved Hide resolved
Documentation/security/policy/language.rst Outdated Show resolved Hide resolved
@nathanjsweet
Copy link
Member

From an end-user perspective, kube-apsierver is a selectable entity, and that logic hasn't changed. The only difference w.r.t. policy calculations is that nodes are included in CIDR / ipBlock selectors.

And kube-apiserver, right? We should call out that the kube-apiserver is now selectable by ipBlock.

joestringer
joestringer reviewed Oct 9, 2023
View reviewed changes
Copy link
Member

@joestringer joestringer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some minor nits.

Documentation/internals/security-identities.rst Outdated Show resolved Hide resolved
Documentation/security/policy/language.rst Outdated Show resolved Hide resolved
Documentation/security/policy/language.rst Outdated Show resolved Hide resolved
@squeed squeed added the area/documentation Impacts the documentation, including textual changes, sphinx, or other doc generation code. label Oct 20, 2023
joestringer
joestringer reviewed Oct 24, 2023
View reviewed changes
Copy link
Member

@joestringer joestringer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, just two more minor nits

Documentation/internals/security-identities.rst Outdated Show resolved Hide resolved
Documentation/internals/security-identities.rst Show resolved Hide resolved
@squeed
Copy link
Contributor Author

squeed commented Nov 15, 2023

@zacharysarah can you give this a re-review? Thanks!

@squeed squeed removed the request for review from zacharysarah December 5, 2023 14:42
@squeed
docs: add documentation for policy-cidr-match-mode=nodes
038efb5 
This feature, added in cilium#27464, allows for CIDR / ipBlock selectors to
reference nodes within the cluster. Previously, nodes were only
selectable via an entity selector.

This adds some basic documentation to the feature.

Signed-off-by: Casey Callendrello <cdc@isovalent.com>
@joestringer
Copy link
Member

/test

@joestringer joestringer added this pull request to the merge queue Dec 6, 2023
Merged via the queue into cilium:main with commit e1bbdda Dec 6, 2023
58 checks passed
@maintainer-s-little-helper maintainer-s-little-helper bot added the ready-to-merge This PR has passed all tests and received consensus from code owners to merge. label Dec 6, 2023
@joestringer joestringer mentioned this pull request Dec 14, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nathanjsweet nathanjsweet nathanjsweet approved these changes

@joestringer joestringer joestringer approved these changes

@nebril nebril nebril approved these changes

@zacharysarah zacharysarah zacharysarah approved these changes

Assignees
No one assigned
Labels
area/documentation Impacts the documentation, including textual changes, sphinx, or other doc generation code. ready-to-merge This PR has passed all tests and received consensus from code owners to merge. release-note/misc This PR makes changes that have no direct user impact.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@squeed @nathanjsweet @joestringer @nebril @zacharysarah