kubectl icon indicating copy to clipboard operation
kubectl copied to clipboard
verified publisher icon kubernetes

Enhance describe of NetworkPolicy to include information about endPort

Open kennedn opened this issue 1 year ago • 3 comments

What would you like to be added:

Currently the endPort is not considered when describing a given NetworkPolicy. For example the following network policy:

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: test-network-policy
  namespace: default
spec:
  podSelector:
    matchLabels:
      role: db
  policyTypes:
  - Ingress
  - Egress
  ingress:
  - from:
    - ipBlock:
        cidr: 172.17.0.0/16
    ports:
    - protocol: TCP
      port: 6379
      endPort: 6381
  egress:
  - to:
    - ipBlock:
        cidr: 10.0.0.0/24
    ports:
    - protocol: TCP
      port: 5978
      endPort: 5980

Will only show information on the starting port when described:

Name:         test-network-policy
Namespace:    default
Created on:   2024-02-26 10:42:41 +0000 GMT
Labels:       <none>
Annotations:  <none>
Spec:
  PodSelector:     role=db
  Allowing ingress traffic:
    To Port: 6379/TCP
    From:
      IPBlock:
        CIDR: 172.17.0.0/16
        Except:
  Allowing egress traffic:
    To Port: 5978/TCP
    To:
      IPBlock:
        CIDR: 10.0.0.0/24
        Except:
  Policy Types: Ingress, Egress

Why is this needed:

We have had a few cases where the above behavior has caused confusion.

kennedn avatar Feb 26 '24 10:02 kennedn

Pull request submitted to kubernetes repo https://github.com/kubernetes/kubernetes/pull/123507

kennedn avatar Feb 26 '24 11:02 kennedn

Also see https://github.com/kubernetes-sigs/network-policy-api/issues/163

sftim avatar Feb 27 '24 16:02 sftim

/triage accepted

mpuckett159 avatar Feb 28 '24 17:02 mpuckett159