New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Multi policies ipamless ipblock #3574
Multi policies ipamless ipblock #3574
Conversation
/cc @npinaeva Don't bother looking yet, the production code implementation will change - I don't like the code I've added. But still, this has an e2e test to assert the feature, and right now, I'm just pushing the simplest thing that works. |
/cc @cathy-zhou For your awareness. I plan on re-writing the code I'm adding to make it more readable, but for now I just want you to be able to track this work. I'll let you know once this is ready for review. Thanks in advance. |
FWIW, the e2e test I've added to check multi-network policies for IPAM less networks using IPBlock peers is working. |
73dfd96
to
6fd239e
Compare
6fd239e
to
71c89a5
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
some initial suggestions
4969f15
to
2ac62b2
Compare
0ad6bb3
to
c143c74
Compare
c143c74
to
4898f24
Compare
4898f24
to
d68a5f8
Compare
0_o waaaat. I guess I broke the PR when I tried to push a rebase + new code separately :S |
4ed4a43
to
df83cc2
Compare
I think there is some of warnings we might want to get rid of. Not sure we even want GetPodIPsOfNetwork to return an error, given that IPs are not mandatory: ovn-kubernetes/go-controller/pkg/ovn/base_network_controller_namespace.go Lines 362 to 366 in 0e395d5
Here neither the comment nor the returned error are very precise: ovn-kubernetes/go-controller/pkg/util/pod_annotation.go Lines 302 to 316 in 0e395d5
Again, here: ovn-kubernetes/go-controller/pkg/util/pod_annotation.go Lines 264 to 268 in 0e395d5
|
What if I do not even invoke It would reduce the code changes, while preventing all those misleading warnings from being printed. |
Added the simplest way out of this @jcaamano . I can push a follow-up PR to fix the 3 utility funcs you have pointed out. |
35e3d0e
to
bbcac93
Compare
bbcac93
to
af0021b
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Very nice PR, thanks @maiqueb !
/retest-required |
/retest-failed |
Oops, something went wrong:
|
/retest |
6092c49
to
faf5d85
Compare
rebasing in this forced push since it appears the bot is a bit incoherent today. Hope now it goes back to work. |
/retest-failed |
2 similar comments
/retest-failed |
/retest-failed |
Signed-off-by: Miguel Duarte Barroso <mdbarroso@redhat.com>
Network policies targeting IPAM less networks can only have `ipBlock` peers; while this behavior already existed, it now fails a lot earlier, when translating the multi-net policies into regular `NetworkPolicy`, thus making the flow more explicit, efficient, and readable. Signed-off-by: Miguel Duarte Barroso <mdbarroso@redhat.com>
Signed-off-by: Miguel Duarte Barroso <mdbarroso@redhat.com>
…icies Signed-off-by: Miguel Duarte Barroso <mdbarroso@redhat.com>
Signed-off-by: Miguel Duarte Barroso <mdbarroso@redhat.com>
faf5d85
to
ae94d5b
Compare
- What this PR does and why is it needed
This PR adds support for multi-network policies for secondary networks whose peers are of IPBlock type.
- Special notes for reviewers
- How to verify it
Run the multi-net tests.
- Description for the changelog
Add support for multi-network policies for secondary networks whose peers are of IPBlock type.