search

kubernetes-sigs / network-policy-api

This repo addresses further work involving Kubernetes network security beyond the initial NetworkPolicy resource
Apache License 2.0
50 stars 28 forks source link

Remove same-not-same-labels #196

Closed tssurya closed 3 months ago

tssurya commented 4 months ago

We have been extensively re-designing our tenancy use cases and its clear we won't be using same and notSame labels: https://github.com/kubernetes-sigs/network-policy-api/pull/178#issuecomment-1930447439 Let's remove this from our API before it hits Beta. See FUP issues that need to be fixed once this merges in : https://github.com/kubernetes-sigs/network-policy-api/issues/197

We had a certain asymmetry around how namespaces in subject and namespaces in peers are used. This was because the namespaces in subject was a simple namespaceSelector while the one in the peer was a struct type with namespaceSelector, sameLabels and notSameLabels. However since we are removing sameLabels and notSameLabels there is no need for namespaces in peer to be a struct, we can just make this namespaceSelector thus bringing it closer to how it looks in the subject.

namespaces:
   matchLabels:

and

pods:
   namespaceSelector:
     matchLabels:
   podSelector:
     matchLabels:

if that makes it confusing ^ we can think of alternatives

k8s-ci-robot commented 4 months ago

Skipping CI for Draft Pull Request. If you want CI signal for your change, please convert it to an actual PR. You can still manually trigger a test run with /test all

netlify[bot] commented 4 months ago

Deploy Preview for kubernetes-sigs-network-policy-api ready!

Name Link
Latest commit 4d5dd786cebd610814270e5c3768505b244586c6
Latest deploy log https://app.netlify.com/sites/kubernetes-sigs-network-policy-api/deploys/6601cdc9ffb5d30008fc09f3
Deploy Preview https://deploy-preview-196--kubernetes-sigs-network-policy-api.netlify.app
Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site configuration.

tssurya commented 4 months ago

/hold need to remove conformance plumbing and need to bring it up in upstream meeting before merging this.

tssurya commented 4 months ago

/hold cancel

astoycos commented 4 months ago

/hold

Until the work as part of the Tenancy NPEP ends up as an actual API change PR, I'll let @npinaeva remove this hold

k8s-ci-robot commented 3 months ago

PR needs rebase.

Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository.
danwinship commented 3 months ago

/lgtm /approve

not doing "/hold cancel" because I'm not totally sure why it's held, but I think it's ok to merge

k8s-ci-robot commented 3 months ago

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: danwinship, tssurya

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files: - ~~[OWNERS](https://github.com/kubernetes-sigs/network-policy-api/blob/main/OWNERS)~~ [danwinship] Approvers can indicate their approval by writing `/approve` in a comment Approvers can cancel approval by writing `/approve cancel` in a comment
astoycos commented 3 months ago

/hold cancel

Let's get rid of this unwanted API

/lgtm thanks @tssurya