Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

switch to egress based network policies for kubervirt provider #12329

Merged
merged 4 commits into from
Jun 8, 2023
Merged

switch to egress based network policies for kubervirt provider #12329

merged 4 commits into from
Jun 8, 2023

Conversation

mate4st
Copy link
Contributor

@mate4st mate4st commented Jun 2, 2023
edited

What this PR does / why we need it:

Introduces Egress based network policies for KubeVirt.

Which issue(s) this PR fixes:

Fixes #12328

What type of PR is this?

Special notes for your reviewer:

Does this PR introduce a user-facing change? Then add your Release Note here:

[action required] Move to Egress based cluster isolation network policies for KubeVirt. Custom Network policies for KubeVirt Datacenter might need adjustment.

Documentation:

TBD

@kubermatic-bot kubermatic-bot added release-note Denotes a PR that will be considered when it comes time to generate release notes. docs/tbd Denotes a PR that needs documentation (change) that will be done later. dco-signoff: yes Denotes that all commits in the pull request have the valid DCO signoff message. size/L Denotes a PR that changes 100-499 lines, ignoring generated files. sig/virtualization Denotes a PR or issue as being assigned to SIG Virtualization. approved Indicates a PR has been approved by an approver from all required OWNERS files. labels Jun 2, 2023
@mate4st mate4st assigned mate4st, pkprzekwas and embik and unassigned mate4st, pkprzekwas and embik Jun 2, 2023
@mfranczy mfranczy self-assigned this Jun 2, 2023
@mfranczy
Copy link
Contributor

mfranczy commented Jun 2, 2023

/test pre-kubermatic-e2e-kubevirt-centos-1.27
/test pre-kubermatic-e2e-kubevirt-ubuntu-1.27

@embik
Copy link
Member

embik commented Jun 2, 2023
edited

Given that this changes the way the default isolation works, should the release notes for this be marked as "action required" and give a brief heads up that you might need to migrate your custom policies to consider egress limitation?

@mfranczy
Copy link
Contributor

mfranczy commented Jun 2, 2023

We have to update tests in KKP to use rook as well.

@mfranczy
Copy link
Contributor

mfranczy commented Jun 3, 2023

Given that this changes the way the default isolation works, should the release notes for this be marked as "action required" and give a brief heads up that you might need to migrate your custom policies to consider egress limitation?

Maybe we could add automatic removal of the old policy in this PR?

@embik
Copy link
Member

embik commented Jun 5, 2023

Given that this changes the way the default isolation works, should the release notes for this be marked as "action required" and give a brief heads up that you might need to migrate your custom policies to consider egress limitation?

Maybe we could add automatic removal of the old policy in this PR?

That's another excellent point, we need migration/cleanup from old to new state.

@mate4st
Copy link
Contributor Author

mate4st commented Jun 5, 2023

Given that this changes the way the default isolation works, should the release notes for this be marked as "action required" and give a brief heads up that you might need to migrate your custom policies to consider egress limitation?

Maybe we could add automatic removal of the old policy in this PR?

That's another excellent point, we need migration/cleanup from old to new state.

This should be fine already because I just alter the existing network policy. Therefore no migration needed for that. Just custom network policies needs to be taken care of but this is up to the user.

mfranczy
mfranczy approved these changes Jun 5, 2023
View reviewed changes
Copy link
Contributor

@mfranczy mfranczy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/approve
/lgtm

@kubermatic-bot kubermatic-bot added the lgtm Indicates that a PR is ready to be merged. label Jun 5, 2023
@kubermatic-bot
Copy link
Contributor

LGTM label has been added.

Git tree hash: abbac5c7cdb790d6b1400784b3d3f2eb61f19caa

@mfranczy
Copy link
Contributor

mfranczy commented Jun 5, 2023

/retest

@kubermatic-bot kubermatic-bot added release-note-action-required Denotes a PR that introduces potentially breaking changes that require user action. and removed release-note Denotes a PR that will be considered when it comes time to generate release notes. labels Jun 5, 2023
@kubermatic-triage-bot
Copy link

/retest
This bot automatically retries jobs that failed/flaked on approved PRs

Review the full test history

Silence the bot with an /lgtm cancel or /hold comment for consistent failures.

1 similar comment
@kubermatic-triage-bot
Copy link

/retest
This bot automatically retries jobs that failed/flaked on approved PRs

Review the full test history

Silence the bot with an /lgtm cancel or /hold comment for consistent failures.

@kubermatic-bot kubermatic-bot added the size/S Denotes a PR that changes 10-29 lines, ignoring generated files. label Jun 6, 2023
@kubermatic-bot kubermatic-bot added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. and removed size/S Denotes a PR that changes 10-29 lines, ignoring generated files. labels Jun 6, 2023
@mate4st
Copy link
Contributor Author

mate4st commented Jun 6, 2023

/test pre-kubermatic-e2e-kubevirt-ubuntu-1.27

@kubermatic-bot kubermatic-bot added sig/cluster-management Denotes a PR or issue as being assigned to SIG Cluster Management. and removed approved Indicates a PR has been approved by an approver from all required OWNERS files. labels Jun 7, 2023
mfranczy
mfranczy approved these changes Jun 7, 2023
View reviewed changes
Copy link
Contributor

@mfranczy mfranczy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/approve
/lgtm

@kubermatic-bot kubermatic-bot added the lgtm Indicates that a PR is ready to be merged. label Jun 7, 2023
@kubermatic-bot
Copy link
Contributor

LGTM label has been added.

Git tree hash: e48447013457f9080abaed8b5e49bf617d9cee94

@mfranczy
Copy link
Contributor

mfranczy commented Jun 7, 2023

/test pre-kubermatic-e2e-kubevirt-ubuntu-1.27

@mate4st
Copy link
Contributor Author

mate4st commented Jun 7, 2023

/retest

@kubermatic-bot
Copy link
Contributor

kubermatic-bot commented Jun 7, 2023
edited

@WeirdMachine: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
pre-kubermatic-e2e-kubevirt-centos-1.27 1d6ec4b link true /test pre-kubermatic-e2e-kubevirt-centos-1.27

Full PR test history

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

@kubermatic-bot kubermatic-bot removed the lgtm Indicates that a PR is ready to be merged. label Jun 7, 2023
mfranczy
mfranczy approved these changes Jun 7, 2023
View reviewed changes
Copy link
Contributor

@mfranczy mfranczy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/approve
/lgtm

@kubermatic-bot kubermatic-bot added the lgtm Indicates that a PR is ready to be merged. label Jun 7, 2023
@kubermatic-bot
Copy link
Contributor

LGTM label has been added.

Git tree hash: 4fd00b9cb33a9c3a55d042a64252a61122dbe369

@embik
Copy link
Member

embik commented Jun 7, 2023

/test pre-kubermatic-e2e-kubevirt-ubuntu-1.27

@mate4st
Copy link
Contributor Author

mate4st commented Jun 7, 2023

/unhold

I had to increase the test timeout probably because the ceph storage is a little bit slower.

@kubermatic-bot kubermatic-bot removed the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Jun 7, 2023
ahmedwaleedmalik
ahmedwaleedmalik approved these changes Jun 8, 2023
View reviewed changes
Copy link
Member

@ahmedwaleedmalik ahmedwaleedmalik left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/approve

@kubermatic-bot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: ahmedwaleedmalik, mfranczy, WeirdMachine

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@kubermatic-bot kubermatic-bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jun 8, 2023
@kubermatic-bot kubermatic-bot merged commit 6b9d5ee into kubermatic:main Jun 8, 2023
20 checks passed
@mfranczy mfranczy mentioned this pull request Jun 15, 2023
Closed
@wozniakjan wozniakjan mentioned this pull request Jun 21, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ahmedwaleedmalik ahmedwaleedmalik ahmedwaleedmalik approved these changes

@mfranczy mfranczy mfranczy approved these changes

Assignees

@ahmedwaleedmalik ahmedwaleedmalik

@mfranczy mfranczy

@mate4st mate4st

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. dco-signoff: yes Denotes that all commits in the pull request have the valid DCO signoff message. docs/tbd Denotes a PR that needs documentation (change) that will be done later. lgtm Indicates that a PR is ready to be merged. release-note-action-required Denotes a PR that introduces potentially breaking changes that require user action. sig/cluster-management Denotes a PR or issue as being assigned to SIG Cluster Management. sig/networking Denotes a PR or issue as being assigned to SIG Networking. sig/virtualization Denotes a PR or issue as being assigned to SIG Virtualization. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.
Projects
None yet
Milestone
KKP 2.23
Development

Successfully merging this pull request may close these issues.

Introduce Egress based NetworkPolicies for KubeVirt
7 participants
@mate4st @mfranczy @embik @kubermatic-bot @kubermatic-triage-bot @ahmedwaleedmalik @pkprzekwas