Implement inline CIDR block egress peer

tssurya commented 6 months ago

This PR adds support for implementing inline CIDR peer blocks.

netlify[bot] commented 6 months ago

Deploy Preview for kubernetes-sigs-network-policy-api ready!

Name	Link
Latest commit	6ff2bacad6666382bcb295e5aa898b483a4801a8
Latest deploy log	https://app.netlify.com/sites/kubernetes-sigs-network-policy-api/deploys/65e720e34ff0e500086fd515
Deploy Preview	https://deploy-preview-185--kubernetes-sigs-network-policy-api.netlify.app
Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site configuration.

tssurya commented 6 months ago

/test pull-network-policy-api-verify

astoycos commented 6 months ago

@tssurya You just need to run gofmt here

Verifying gofmt
diff ./apis/v1alpha1/shared_types.go.orig ./apis/v1alpha1/shared_types.go
--- ./apis/v1alpha1/shared_types.go.orig
+++ ./apis/v1alpha1/shared_types.go
@@ -176,11 +176,11 @@
    // +optional
    Nodes *metav1.LabelSelector `json:"nodes,omitempty"`
    // Networks defines a way to select IPs and CIDR blocks that represent
-    // entities that live outside the cluster as a peer.
+   // entities that live outside the cluster as a peer.
    // It is the list of NetworkCIDR (both v4 & v6) that can be used to define
    // external destinations.
-    // You could use this to select internal cluster networks like podCIDR blocks, but it is
-    // recommended to use namespaces and pods peers instead in those cases.
+   // You could use this to select internal cluster networks like podCIDR blocks, but it is
+   // recommended to use namespaces and pods peers instead in those cases.
    //
    // Support: Extended
    //
Please run make fmt to fix the issue(s)
[0;31mTest FAILED: hack/../hack/verify-gofmt.sh

astoycos commented 6 months ago

/retest

tssurya commented 5 months ago

/hold @astoycos : yeah this is actually only WIP PR, adding hold here, its a PoC for the NPEP PR: https://github.com/kubernetes-sigs/network-policy-api/pull/144 which needs to get merged first.

Need your help in getting PR 144 merged asap.

tssurya commented 4 months ago

/hold cancel

tssurya commented 4 months ago

ack thanks @JoelSpeed : I will double check if we want to do v4 in v6 support and then a change things accordingly. What about isCIDR() implementation, does that support v4 in v6 or will it consider that as invalid? found this one: https://github.com/golang/go/issues/51906#issuecomment-1078138730 which was interesting

JoelSpeed commented 4 months ago

I will double check but I'm pretty sure when implementing it we excluded 4-in-6 support

Edit: 4in6 explicitly disallowed in CEL

danwinship commented 4 months ago

I will double check if we want to do v4 in v6 support

Oh, yeah, we don't. (isCIDR is exactly correct for what we want.)

tssurya commented 4 months ago

FYI for reviewers, this PR's scope is to get the CIDR peer in and I will add a TODO linking to https://github.com/kubernetes-sigs/network-policy-api/issues/203 to clarify the issues around load balancers...

k8s-ci-robot commented 4 months ago

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: astoycos, Dyanngg, tssurya

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files: - ~~[OWNERS](https://github.com/kubernetes-sigs/network-policy-api/blob/main/OWNERS)~~ [Dyanngg,astoycos] Approvers can indicate their approval by writing `/approve` in a comment Approvers can cancel approval by writing `/approve cancel` in a comment

kubernetes-sigs / network-policy-api