New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ingress: Create FromGroups resource #30708
Conversation
7f8c38b
to
d53f7eb
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the PR, initial approach LGTM. A few comments below. I'd also suggest making the rename of ToGroups
to Groups
a separate commit, just to help scope down the review.
f3ddfba
to
a08ac45
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks, looking good! Could you take care of the two comments below and it's good to go from my perspective?
pkg/k8s/apis/cilium.io/client/crds/v2/ciliumclusterwidenetworkpolicies.yaml
Outdated
Show resolved
Hide resolved
7a7c60f
to
0e39308
Compare
/test |
Hey @christarazi, I'm happy to do more investigation but these errors don't seem to be related to my change. I can rebase onto master? |
Sure, rebase and I will retrigger the tests. |
In preparation for making the groups resource applicable to both ingress and egress rules, this commit changes the name of the ToGroups struct to Groups. Signed-off-by: Alex Waring <ajmwaring@gmail.com>
As I am going to be copying the Create Derivative functions, this commit abstracts out some of the logic into a helper function, to make the code more DRY. Signed-off-by: Alex Waring <ajmwaring@gmail.com>
Duplicates the structures inplace to evaluate the toGroups resource into the ingress section, allowing the creation of FromGroups. This means AWS SG groups can be included as ingress resources and directly translated into fromCIDR rules. Fixes: cilium#30032 Signed-off-by: Alex Waring <ajmwaring@gmail.com>
0e39308
to
8c68fdb
Compare
Looks good! |
Hi @Alex-Waring , is the example in the PR description correct? The indentation seems odd, and it's not referring to |
Hi @joestringer no it was very much not correct, apologies. I've updated it now. |
Currently fromGroups, which was added in cilium#30708, is correctly represented in the YAML but not being converted to a rule. This commit fixes that by: - Reporting that a rule requires derivation when an ingress component does, and making sure to clear ingress rules when creating that derivative. - Adding FromGroups to parseToCiliumIngressCommonRule logic - During validation make sure that fromGroups is not combined with other L3 rules. Signed-off-by: Alex Waring <ajmwaring@gmail.com>
In the previous commit and cilium#30708 the fromGroups resource was added, but testing was not covered properly. This commit validates that we are working as expected.
Currently fromGroups, which was added in cilium#30708, is correctly represented in the YAML but not being converted to a rule. This commit fixes that by: - Reporting that a rule requires derivation when an ingress component does, and making sure to clear ingress rules when creating that derivative. - Adding FromGroups to parseToCiliumIngressCommonRule logic - During validation make sure that fromGroups is not combined with other L3 rules.
In the previous commit and cilium#30708 the fromGroups resource was added, but testing was not covered properly. This commit validates that we are working as expected.
Currently fromGroups, which was added in cilium#30708, is correctly represented in the YAML but not being converted to a rule. This commit fixes that by: - Reporting that a rule requires derivation when an ingress component does, and making sure to clear ingress rules when creating that derivative. - Adding FromGroups to parseToCiliumIngressCommonRule logic - During validation make sure that fromGroups is not combined with other L3 rules. Signed-off-by: Alex Waring <ajmwaring@gmail.com>
In the previous commit and cilium#30708 the fromGroups resource was added, but testing was not covered properly. This commit validates that we are working as expected. Signed-off-by: Alex Waring <ajmwaring@gmail.com>
Currently fromGroups, which was added in cilium#30708, is correctly represented in the YAML but not being converted to a rule. This commit fixes that by: - Reporting that a rule requires derivation when an ingress component does, and making sure to clear ingress rules when creating that derivative. - Adding FromGroups to parseToCiliumIngressCommonRule logic - During validation make sure that fromGroups is not combined with other L3 rules. Signed-off-by: Alex Waring <ajmwaring@gmail.com>
In the previous commit and cilium#30708 the fromGroups resource was added, but testing was not covered properly. This commit validates that we are working as expected. Signed-off-by: Alex Waring <ajmwaring@gmail.com>
In the previous commit and cilium#30708 the fromGroups resource was added, but testing was not covered properly. This commit validates that we are working as expected. Signed-off-by: Alex Waring <ajmwaring@gmail.com>
In the previous commit and cilium#30708 the fromGroups resource was added, but testing was not covered properly. This commit validates that we are working as expected. Signed-off-by: Alex Waring <ajmwaring@gmail.com>
Currently fromGroups, which was added in #30708, is correctly represented in the YAML but not being converted to a rule. This commit fixes that by: - Reporting that a rule requires derivation when an ingress component does, and making sure to clear ingress rules when creating that derivative. - Adding FromGroups to parseToCiliumIngressCommonRule logic - During validation make sure that fromGroups is not combined with other L3 rules. Signed-off-by: Alex Waring <ajmwaring@gmail.com>
In the previous commit and #30708 the fromGroups resource was added, but testing was not covered properly. This commit validates that we are working as expected. Signed-off-by: Alex Waring <ajmwaring@gmail.com>
Duplicates the structures inplace to evaluate the toGroups resource into the ingress section, allowing the creation of FromGroups. This means AWS SG groups can be included as ingress resources and directly translated into fromCIDR rules.
Example usage:
Fixes: #30032