Support Admin Network Policy API from upstream K8s

[tssurya]

Upstream sig-network-policy-api working group has implemented the https://github.com/kubernetes/enhancements/issues/2091 admin network policy API. The API lives here: https://github.com/kubernetes-sigs/network-policy-api We have two APIs

• Admin Network Policy
• Baseline Admin Network Policy

These cannot be overridden by the network policies that are created on a namespace scoped level. Wondering if Calico developer's have taken a look at the new API and if its possible for converting that into the current mechanisms calico uses? API is in v1alpha1 version and are hoping to move to beta end of this year. Would appreciate feedback!

[Josh-Tigera]

This is on our roadmap and we have an open design-doc but we haven't started implementing this in earnest yet.

[tuxtof]

Hello @Josh-Tigera any update ? ETA ? about this support

[Josh-Tigera]

This is an implementation in progress, but I'm not sure if it has been schedule for a release yet. @mazdakn is leading the effort and may know more.

[mazdakn]

@tuxtof we are working on it atm, and the feature hopefully will be released in the next Calico version later this year.

[mazdakn]

AdminNetworkPolicy implementation: https://github.com/projectcalico/calico/pull/9206

[caseydavenport]

With that PR merged, and with v3.29 on the horizon, I think we can close this issue for now.

Once v3.29 is released, any gaps / bugs can be raised as their own issues. Thanks all!

[caseydavenport]

I'm going to re-open this as @mazdakn pointed out that v3.29 will have AdminNetworkPolicy but not yet BaselineNetworkPolicy, which is scheduled for v3.30!

[remram44]

You mean v3.30?