kube-ovn icon indicating copy to clipboard operation
kube-ovn copied to clipboard

Published 20 hours ago verified publisher icon kubeovn

Support admin network policy API

Open tssurya opened this issue 1 year ago • 9 comments

Feature request

sig-network-policy-api working group has a new set of APIs for implementing admin network policies: https://network-policy-api.sigs.k8s.io/

Use case

This can be particularly useful:

  1. for creating cluster scoped policies that span across namespaces to set them up before the namespace is created
  2. policies that cluster admins can create that are non-overridable by the developer nework policies

tssurya avatar Sep 21 '23 16:09 tssurya

@tssurya, thank you for providing this valuable information. The set of APIs you have shared appears to offer solutions to some of the challenges faced by our community. We will carefully consider incorporating it into our long-term roadmap.

oilbeater avatar Sep 22 '23 01:09 oilbeater

Thanks @oilbeater ! Also note that OVN added the "Hierarchical ACLs" feature to allow for ANP/NP/BANP APIs to exist, so that could be of great help to KubeOVN as well!

tssurya avatar Oct 14 '23 11:10 tssurya

Issues go stale after 60d of inactivity. Please comment or re-open the issue if you are still interested in getting this issue fixed.

github-actions[bot] avatar Dec 14 '23 00:12 github-actions[bot]

Issues go stale after 60d of inactivity. Please comment or re-open the issue if you are still interested in getting this issue fixed.

github-actions[bot] avatar Feb 20 '24 00:02 github-actions[bot]

@oilbeater I'm interested in this one. I think it can help me to get started with the project. Can you assign it to me?

wfnuser avatar Apr 18 '24 03:04 wfnuser

@wfnuser Thank you for expressing interest in contributing to Kube-OVN. Do you have a plan in mind for when to start and finish this feature? We are aiming to integrate this feature into Kube-OVN by August. Implementing this feature may be challenging and require significant effort. However, we are more than willing to assist you throughout the process. Please let us know if this timeline works for you.

oilbeater avatar Apr 18 '24 09:04 oilbeater

@wfnuser Thank you for expressing interest in contributing to Kube-OVN. Do you have a plan in mind for when to start and finish this feature? We are aiming to integrate this feature into Kube-OVN by August. Implementing this feature may be challenging and require significant effort. However, we are more than willing to assist you throughout the process. Please let us know if this timeline works for you.

Yep. Recently I have already started to hack the source code and made some progress (mostly about the security group implementation). If the deadline is like August, I guess I will have enough time to tackle this issue. Let me try to get some more info about it, and make a plan for it. (Currently I'm quite new to k8s and the ecology. ) And if I found it truely is a huge challenge for me, I will let you know before next Thursday. And pick some other easier issues. Does it sound reasonable to you.

wfnuser avatar Apr 18 '24 12:04 wfnuser

hi, @wfnuser how are things going now?

oilbeater avatar Apr 29 '24 02:04 oilbeater

@oilbeater Sorry for the late reply. I have some food poisoning issue during the holiday. 😂 I acknowledge that it's a tough task for me, and I plan to tackle some smaller issues first. Please feel free to delegate it to someone else.

wfnuser avatar May 05 '24 00:05 wfnuser