New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Implementation on Network Policy Status #107963
Implementation on Network Policy Status #107963
Conversation
reviewers: this is a WIP. I will do some first pass in our KEP + eventually required API strategy validations, etc. Right now, I think we can already discuss about the Type polarity and some well known reasons to add as constants, wdyt? :) |
dc8a2e5
to
c2f9823
Compare
/reopen |
@rikatz: Reopened this PR. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
||
// GetResetFields returns the set of fields that get reset by the strategy | ||
// and should not be modified by the user. | ||
// TODO: Am I doing right here? Netpol didn't had a ResetFields on the specStrategu so I'm assuming this only applies for status here? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I was confused here. NetPol does not have a GetResetFields method on the regular strategy, but apparently it's a good idea to add it here as status shouldn't be modified by users.
Is this right? Should this also be added in netpolStrategy?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't know about this method or what it is used for?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I just copied this from ingress status, but TBH I have no idea what it does neither. Will drop then, and re-add as required per reviews
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
per Slack conversation: https://kubernetes.slack.com/archives/C0EG7JC6T/p1648138134222819
"if you don't have the reset set-up properly, someone could own spec fields on a status change"
if len(oldNetworkPolicy.Status.Conditions) < 1 { | ||
newNetworkPolicy.Status = networking.NetworkPolicyStatus{} | ||
} | ||
// TODO: What to do when status field is in usage and we revert FG? Drop? Keep the old value? Allow updates? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Question to be answered: What if the feature gate is being disabled, so an old status existed but a new one no?
Should we only keep the old status? This may lead to users confused by status that doesn't reflect to reality.
Should we still allow NPPs to update it? Maybe the FG is being disabled due to some NPP error and this way we will keep accepting wrong status updates.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, we generally keep data in this case, but no updates except to clear it. It's imperfect but rare and complicated to get right (arguably impossible since the implications of resetting the data could be arbitrary)
46c799e
to
195fef9
Compare
/test pull-kubernetes-e2e-kind |
195fef9
to
6d0b791
Compare
/retest |
/retest |
/triage accepted |
@rikatz if I remember correctly the plan is to implement conformance test for the Network policy Status endpoint in 1.25. |
* Implement status subresource in NetworkPolicy * add NetworkPolicyStatus generated files * Fix comments in netpol status review
@Riaankl just because I owe you for a long time, we are going to revert this PR as sig-net decided to withdrawn it for now :) |
What type of PR is this?
/kind feature
/kind api-change
TODO:
What this PR does / why we need it:
Implement the NetworkPolicy Status subresource per KEP https://github.com/kubernetes/enhancements/tree/master/keps/sig-network/2943-networkpolicy-status
Which issue(s) this PR fixes:
Fixes Partially kubernetes/enhancements#2943
Special notes for your reviewer:
Does this PR introduce a user-facing change?
Additional documentation e.g., KEPs (Kubernetes Enhancement Proposals), usage docs, etc.:
Please use the following format for linking documentation: