Add EndPort to Network Policy - Alpha

[rikatz]

Signed-off-by: Ricardo Pchevuzinske Katz ricardo.katz@gmail.com

What type of PR is this?
/kind feature
/kind api-change

What this PR does / why we need it: This PR adds support to EndPort in Network Policy per Kep enhancements #2079 and the respective KEP (once it gets merged, will update the issue)

Which issue(s) this PR fixes:
Fixes #67526 #93111

Special notes for your reviewer:

Does this PR introduce a user-facing change?:

Adds support for endPort field in NetworkPolicy

Additional documentation e.g., KEPs (Kubernetes Enhancement Proposals), usage docs, etc.:

TBD Docs

TODO:

• Validation
• Unit tests
• Documentation
• Communicate to CNI Providers

[k8s-ci-robot]

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

[k8s-ci-robot]

@rikatz: This issue is currently awaiting triage.

If a SIG or subproject determines this is a relevant issue, they will accept it by applying the triage/accepted label and provide further guidance.

The triage/accepted label can be added by org members by writing /triage accepted in a comment.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[rikatz]

/sig network

[rikatz]

/uncc @danwinship @resouer

[rikatz]

/cc @abhiraut

I'm going to insert the feature gate and the validations during this week, when this is ready I'll convert from Draft to a valid PR

[rikatz]

So far:

• new fields added to the API
• validation added to the API
• CNIs notified about the new field: Antrea (@abhiraut), Calico (via Slack, @caseydavenport aware), Cilium (via Slack), openshift-sdn and ovn-kubernetes (via @danwinship in Slack)

Still needs:

• validation_test.go to cover all the validation cases

[danwinship]

• OVS-CNI (via @danwinship in Slack)

OVS-CNI is some weird kubevirt thing. The plugins I'm involved with are openshift-sdn and ovn-kubernetes.

[danwinship]

I know it's WIP but I was here...

[jayunit100]

weird curious what these =2 and =3 things mean

[jayunit100]

oh nvm i guess thats the byte where they appear ha

[jayunit100]

minor nits on 65535, but otherwise looks good to me sir !!!!!!!!!!!

[jayunit100]

@rikatz if my comments arent too important feel free to merge, your call :)

[jayunit100]

/lgtm

[jayunit100]

feel free to do the high port number in a follow on review @rikatz

[jayunit100]

/hold

[jayunit100]

wait we need to squash the commits !

[jayunit100]

ricardo said no squash required

[jayunit100]

/hold remove

[abhiraut]

wait we need to squash the commits !

he has the fancy label applied for this

[jayunit100]

/hold cancel

[rikatz]

/retest

[k8s-ci-robot]

@rikatz: The following tests failed, say /retest to rerun all failed tests:

Test name	Commit	Details	Rerun command
pull-kubernetes-e2e-gce-ubuntu-containerd	3a68735	link	/test pull-kubernetes-e2e-gce-ubuntu-containerd
pull-kubernetes-bazel-test	3a68735	link	/test pull-kubernetes-bazel-test

Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

[rikatz]

/retest
🤞

[jayunit100]

how did /test pull-kubernetes-bazel-test fail but this merged?

[rikatz]

Yeah this is a mystery to me. Maybe it passed on the batch from tide but failed when I asked to retest

[sftim]

BTW I recommend a tweak to the release note:

Adds support for portRange / endPort in NetworkPolicy

[rikatz]

Thanks @sftim

I've updated to contain only the field name (endPort), as now we already have this documented on website, sounds good? Otherwise can change again! :)