Implementation on Network Policy Status #107963
Conversation
k8s-ci-robot
added
release-note
k8s-ci-robot
added
sig/network
|
reviewers: this is a WIP. I will do some first pass in our KEP + eventually required API strategy validations, etc. Right now, I think we can already discuss about the Type polarity and some well known reasons to add as constants, wdyt? :) |
rikatz
force-pushed
the
implement-netpol-status
branch
from
dc8a2e5
to
c2f9823
Compare
k8s-ci-robot
added
size/XS
|
/reopen |
|
@rikatz: Reopened this PR. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
k8s-ci-robot
added
size/L
|
|
||
| // GetResetFields returns the set of fields that get reset by the strategy | ||
| // and should not be modified by the user. | ||
| // TODO: Am I doing right here? Netpol didn't had a ResetFields on the specStrategu so I'm assuming this only applies for status here? |
There was a problem hiding this comment.
I was confused here. NetPol does not have a GetResetFields method on the regular strategy, but apparently it's a good idea to add it here as status shouldn't be modified by users.
Is this right? Should this also be added in netpolStrategy?
There was a problem hiding this comment.
I don't know about this method or what it is used for?
There was a problem hiding this comment.
I just copied this from ingress status, but TBH I have no idea what it does neither. Will drop then, and re-add as required per reviews
There was a problem hiding this comment.
per Slack conversation: https://kubernetes.slack.com/archives/C0EG7JC6T/p1648138134222819
"if you don't have the reset set-up properly, someone could own spec fields on a status change"
| if len(oldNetworkPolicy.Status.Conditions) < 1 { | ||
| newNetworkPolicy.Status = networking.NetworkPolicyStatus{} | ||
| } | ||
| // TODO: What to do when status field is in usage and we revert FG? Drop? Keep the old value? Allow updates? |
There was a problem hiding this comment.
Question to be answered: What if the feature gate is being disabled, so an old status existed but a new one no?
Should we only keep the old status? This may lead to users confused by status that doesn't reflect to reality.
Should we still allow NPPs to update it? Maybe the FG is being disabled due to some NPP error and this way we will keep accepting wrong status updates.
There was a problem hiding this comment.
Yes, we generally keep data in this case, but no updates except to clear it. It's imperfect but rare and complicated to get right (arguably impossible since the implications of resetting the data could be arbitrary)
k8s-ci-robot
added
the
needs-rebase
rikatz
force-pushed
the
implement-netpol-status
branch
from
46c799e
to
195fef9
Compare
k8s-ci-robot
removed
lgtm
|
/test pull-kubernetes-e2e-kind |
rikatz
force-pushed
the
implement-netpol-status
branch
from
195fef9
to
6d0b791
Compare
|
/retest |
k8s-ci-robot
added
the
lgtm
|
/retest |
|
/triage accepted |
k8s-ci-robot
added
triage/accepted
|
@rikatz if I remember correctly the plan is to implement conformance test for the Network policy Status endpoint in 1.25. |
* Implement status subresource in NetworkPolicy * add NetworkPolicyStatus generated files * Fix comments in netpol status review
|
@Riaankl just because I owe you for a long time, we are going to revert this PR as sig-net decided to withdrawn it for now :) |
What type of PR is this?
/kind feature
/kind api-change
TODO:
What this PR does / why we need it:
Implement the NetworkPolicy Status subresource per KEP https://github.com/kubernetes/enhancements/tree/master/keps/sig-network/2943-networkpolicy-status
Which issue(s) this PR fixes:
Fixes Partially kubernetes/enhancements#2943
Special notes for your reviewer:
Does this PR introduce a user-facing change?
Additional documentation e.g., KEPs (Kubernetes Enhancement Proposals), usage docs, etc.:
Please use the following format for linking documentation: