Open huntergregory opened 2 months ago
Parent issue: #150
Write go code to get a Deployment/DaemonSet from a cluster and create a corresponding TrafficPeer (see struct referenced below).
TrafficPeer
Our KubeCon demo (video, slides, code) used hard-coded Pods and traffic (Pod a to Pod b on port 80 and 81).
Of course, a user should be able to specify their own Pods/traffic. Ideally, a user can:
A helpful starting point is Matt's Traffic struct. Here's a snippet of this example json:
{ "Source": { "IP": "8.8.8.8" }, "Destination": { "Internal": { "PodLabels": {"pod": "a"}, "NamespaceLabels": {"ns": "y"}, "Namespace": "y" // we will also need NodeLabels for AdminNetworkPolicy's node selector }, "IP": "192.168.1.10" }, "Protocol": "TCP", "ResolvedPort": 80, "ResolvedPortName": "serve-80-tcp" }
It would be nice if a user could instead reference a Pod/Deployment/DaemonSet, and then Policy Assistant queries someone's cluster to fill in:
We could start by building go code to convert a Deployment or DaemonSet to a TrafficPeer for a user's Kubernetes cluster.
For the command in the screenshot above, should a user specify that configuration in JSON like so?
policy-assistant analyze --mode walkthrough --traffic-file traffic.json
where traffic.json is like:
traffic.json
{ "Traffic": [ { "From": "ns-dev/deployment/frontend", "To": "ns-dev/daemonset/backend", "Protocol": "TCP", "PortName": "serve-80-tcp" }, { "From": "10.0.0.5", "To": "ns-dev/daemonset/backend", "Protocol": "UDP", "Port": "81" }, ] }
/assign
Parent issue: #150
TL;DR
Write go code to get a Deployment/DaemonSet from a cluster and create a corresponding
TrafficPeer
(see struct referenced below).Overview
Our KubeCon demo (video, slides, code) used hard-coded Pods and traffic (Pod a to Pod b on port 80 and 81).![image](https://github.com/kubernetes-sigs/network-policy-api/assets/42728408/688b4f52-82b4-44b8-8490-5e54e6739093)
Of course, a user should be able to specify their own Pods/traffic. Ideally, a user can:
Ideas
A helpful starting point is Matt's Traffic struct. Here's a snippet of this example json:
It would be nice if a user could instead reference a Pod/Deployment/DaemonSet, and then Policy Assistant queries someone's cluster to fill in:
We could start by building go code to convert a Deployment or DaemonSet to a
TrafficPeer
for a user's Kubernetes cluster.Separate Discussion: what should be the CLI Experience?
For the command in the screenshot above, should a user specify that configuration in JSON like so?
where
traffic.json
is like: