Ziv Nevo

icon indicating a website link https://researcher.watson.ibm.com/researcher/view.php?person=il-NEVO

icon company @IBM icon location Haifa, Israel

Results 18 issues of Ziv Nevo

Consider ANPs and report conflicting connections

enhancement

Support for user-specified file with connections to add

size/L

Detect required connectivity to Prometheus

Pods behind Services with the annotation `prometheus.io/scrape: "true"` should allow in-cluster ingress into port 9090. If, in addition, the Service has the annotation `prometheus.io/port`, use the specified port instead.

enhancement

Avoid synthesizing duplicate netpols

If two workloads in the same namespace have exactly the same labels and have exactly the same required connections, two identical netpols (except for name) might be generated. While this...

enhancement
low prio

Allow the user to set the level of netpol permissiveness

1 comment

Some options: * Only allow connections identified by the algorithm * If a service exists, but no incoming connections detected, open the service to the whole namespace * If a...

enhancement

Improvements to testing

Suggestions from @vikin91 : - [x] use assertion package to reduce the amount of code and unify the failure messages (e.g., https://github.com/stretchr/testify) - [x] convert the isolated test cases into...

enhancement
testing

An ability to synthesize netpols from a given list of required connections

- [ ] Specify input format for the list of required connections - [ ] Provide an API call to synthesize from this list - [ ] Provide a CLI...

enhancement
API

A flag to output netpols as separate YAML documents/files

1 comment

rather than a single NetworkPolicyList resource

enhancement
low prio
cmdline

Setting peer attributes, to be used in access policies

Is the Peer CRD the right place for this?

policies

Setting service attributes, to be used in access policies

Probably set in the Export CRD. How do we publish these attributes to all remote peers that import the service?

policies