endPort not shown in kubectl describe netpol

kubernetes-sigs / network-policy-api

This repo addresses further work involving Kubernetes network security beyond the initial NetworkPolicy resource

Apache License 2.0

50 stars 28 forks source link

endPort not shown in kubectl describe netpol #163

Closed huntergregory closed 2 months ago

huntergregory commented 8 months ago

Issue

Recently, our customer was confused if NetworkPolicy implements endPort since kubectl describe does not include endPort field.

From: https://github.com/Azure/azure-container-networking/issues/2313

Question

Should we support port ranges in this field of kubectl describe?

To Port: 80/TCP

Repro

NetPol

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: base
  namespace: test
spec:
  podSelector:
    matchLabels:
      pod: a
  policyTypes:
    - Egress
  egress:
    - to:
      ports:
        - protocol: TCP
          port: 80
          endPort: 82

kubectl describe

$ kubectl describe netpol -n test base
Name:         base
Namespace:    test
Created on:   2023-10-26 13:36:09 -0700 PDT
Labels:       <none>
Annotations:  <none>
Spec:
  PodSelector:     pod=a
  Not affecting ingress traffic
  Allowing egress traffic:
    To Port: 80/TCP
    To: <any> (traffic not restricted by destination)
  Policy Types: Egress

versions

$ kubectl version
Client Version: v1.28.3
Server Version: v1.27.3

kundan2707 commented 8 months ago

/kind support

tssurya commented 8 months ago

/assign @tssurya I'd like to take a stab at this...

k8s-triage-robot commented 5 months ago

The Kubernetes project currently lacks enough contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

After 90d of inactivity, lifecycle/stale is applied
After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

Mark this issue as fresh with /remove-lifecycle stale
Close this issue with /close
Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

huntergregory commented 5 months ago

/remove-lifecycle stale

tssurya commented 4 months ago

@jcaamano will take over here. /assign @jcaamano /unassign @tssurya

k8s-ci-robot commented 4 months ago

@tssurya: GitHub didn't allow me to assign the following users: jcaamano.

Note that only kubernetes-sigs members with read permissions, repo collaborators and people who have commented on this issue/PR can be assigned. Additionally, issues/PRs can only have 10 assignees at the same time. For more information please see the contributor guide

In response to [this](https://github.com/kubernetes-sigs/network-policy-api/issues/163#issuecomment-1941445795): >@jcaamano will take over here. >/assign @jcaamano >/unassign @tssurya Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository.

jcaamano commented 4 months ago

/assign @jcaamano