Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Extend CiliumNetworkPolicy validation to allow IPv6 CIDRs #4004
On Kubernetes versions 1.9 and later, we validate the contents of CiliumNetworkPolicy resources when they are applied to the kubernetes cluster. Previously, the regex for validating CIDR policies would only allow IPv4 prefixes, so if a user attempts to install a CIDR policy that allows IPv6 traffic, the validator would reject it with an error like:
This PR loosens the restrictions on CIDR policies to allow IPv6 addresses to be specified as well.
Note that if you deploy CIDR IPv6 policies, then attempt to downgrade to a version that does not contain this patch, then Cilium will go into a bad state because it is unable to apply your previous policy. The minimum expected versions when using CIDR IPv6 policies are
This seems fine to me, but I added aanm in case there's something I missed
referenced this pull request
May 7, 2018
@joestringer removed the
Yesterday we have discussed that this PR will be merged but we need to add a note in the documentation that a downgrade will not be possible for users that create an IPv6 cidr-based policy. Can you add this note in the documentation? Probably in the upgrade section.