Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow hostNetwork ingress for network policies with empty namespace selector #3669

Merged
merged 1 commit into from Jun 29, 2023
Merged

Allow hostNetwork ingress for network policies with empty namespace selector #3669

merged 1 commit into from Jun 29, 2023

Conversation

npinaeva
Copy link
Member

@npinaeva npinaeva commented Jun 13, 2023
edited

The previous version used shared address sets for empty namespace
selector to reuse the address set, but it didn't include a special
config.Kubernetes.HostNetworkNamespace that only has an address set,
but no pods. This difference may break existing network policies for
hostNetwork pods, therefore we explicitly add this address sets for an
empty namespace selector.

@coveralls
Copy link

Coverage Status

coverage: 53.563% (-0.02%) from 53.582% when pulling b9914c8 on npinaeva:np-hostnetwork-ns into 67b4c26 on ovn-org:master.

@trozet
Copy link
Contributor

trozet commented Jun 20, 2023
edited

consider maybe changing the acl to match shared addrset || special host address set

@npinaeva
Allow hostNetwork ingress for network policies with empty namespace
5e3dc65 
selector.
The previous version used shared address sets for empty namespace
selector to reuse the address set, but it didn't include a special
config.Kubernetes.HostNetworkNamespace that only has an address set,
but no pods. This difference may break existing network policies for
hostNetwork pods, therefore we explicitly add this address sets for an
empty namespace selector.

Signed-off-by: Nadia Pinaeva <npinaeva@redhat.com>
@npinaeva
Copy link
Member Author

Good point! Updated, ptal @trozet

@trozet trozet merged commit fa56a10 into ovn-org:master Jun 29, 2023
25 of 26 checks passed
@npinaeva npinaeva deleted the np-hostnetwork-ns branch June 29, 2023 13:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@trozet trozet trozet approved these changes

@dcbw dcbw Awaiting requested review from dcbw

@girishmg girishmg Awaiting requested review from girishmg

@jcaamano jcaamano Awaiting requested review from jcaamano

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@npinaeva @coveralls @trozet