Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[RELEASE] Cut v1Beta1 of the AdminNetwork policy API #172

Open
astoycos opened this issue Nov 13, 2023 · 11 comments
Open

[RELEASE] Cut v1Beta1 of the AdminNetwork policy API #172

astoycos opened this issue Nov 13, 2023 · 11 comments

Comments

@astoycos
Copy link
Member

This issue will track the actual release of v1beta1 of the AdminNetworkPolicy and BaselineAdminNetworkPolicy resources. The Beta tracking project will show the granular tracking effort.

@k8s-triage-robot
Copy link

The Kubernetes project currently lacks enough contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue as fresh with /remove-lifecycle stale
  • Close this issue with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

@k8s-ci-robot k8s-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Feb 11, 2024
@tssurya
Copy link
Contributor

tssurya commented Feb 14, 2024

/remove-lifecycle stale

@k8s-ci-robot k8s-ci-robot removed the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Feb 14, 2024
@k8s-triage-robot
Copy link

The Kubernetes project currently lacks enough contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue as fresh with /remove-lifecycle stale
  • Close this issue with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

@k8s-ci-robot k8s-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label May 14, 2024
@k8s-triage-robot
Copy link

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue as fresh with /remove-lifecycle rotten
  • Close this issue with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle rotten

@k8s-ci-robot k8s-ci-robot added lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed. and removed lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. labels Jun 13, 2024
@astoycos
Copy link
Member Author

/remove-lifecycle rotten

@k8s-ci-robot k8s-ci-robot removed the lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed. label Jun 13, 2024
@k8s-triage-robot
Copy link

The Kubernetes project currently lacks enough contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue as fresh with /remove-lifecycle stale
  • Close this issue with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

@k8s-ci-robot k8s-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Sep 11, 2024
@k8s-triage-robot
Copy link

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue as fresh with /remove-lifecycle rotten
  • Close this issue with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle rotten

@k8s-ci-robot k8s-ci-robot added lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed. and removed lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. labels Oct 11, 2024
@npinaeva
Copy link
Member

/remove-lifecycle rotten

@k8s-ci-robot k8s-ci-robot removed the lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed. label Oct 14, 2024
@aojea
Copy link
Contributor

aojea commented Oct 17, 2024

@npinaeva @tssurya @danwinship @fasaxc what is missing here?

I really like to be able to move to beta with AdminNetworkPolicy this year, being permanently in alpha can lose the momentum ... we don't need all best and whistles for the first core API, we can later new features as DNS?

do we have an idea of what will be the bare minimum that we want for this API?

@npinaeva
Copy link
Member

originally we wanted to complete everything in this project https://github.com/orgs/kubernetes-sigs/projects/32
but we may need to update the list with the latest changes. The biggest TODO seems to be around more test converage

@tssurya
Copy link
Contributor

tssurya commented Oct 21, 2024

@npinaeva @tssurya @danwinship @fasaxc what is missing here?

I really like to be able to move to beta with AdminNetworkPolicy this year, being permanently in alpha can lose the momentum ... we don't need all best and whistles for the first core API, we can later new features as DNS?

do we have an idea of what will be the bare minimum that we want for this API?

yea coincidentally I was speaking with @danwinship about this this earlier last week, The way I see it, its these 3:

  1. Implementation status: We have Calico (Support Admin Network Policy API from upstream K8s projectcalico/calico#7578) and Cilium (CFP: Support AdminNetworkPolicy  cilium/cilium#23380) implementing the core/standardized fields in the API - wanted to wait a bit more to hear feedback from them, @fasaxc has been bringing up some nice nuances in upstream meetings; - (OVN-Kubernetes and Antrea have already finished those phases and implemented the standardized fields last year -we had some bug fixes from those already done)
  2. API Status: I wanted to move Networks and Nodes egress peers into standard (will bring this up in this week's community meeting); Like you said we don't need to include DomainNames in the first run till we get some implementation feedback - we wanted to cut v0.1.6 api review #235 minor version and then make that as beta last we spoke with @astoycos. Only remaining thing which we need to settle on is tenancy - NPEP-122 Tenancy API: Add Tenancy API design suggestions. #178 ; being able to express tenancy using same/notsame-labels was part of the original ANP enhancement so unsure if we can beta the API without including the new API replacement for tenancy - NPEP-122 Tenancy API: Add Tenancy API design suggestions. #178 (comment) - When we met in Chicago KubeCon we wanted to at least address the most common case in english "allow to yourself deny to others"
  3. Tests: Core parts are already done mostly, we have some more enhancements to test coverage we want to get to: https://github.com/kubernetes-sigs/network-policy-api/issues?q=is%3Aissue+label%3Aarea%2Fconformance+is%3Aopen -> OVN-Kubernetes/Antrea are already running these tests, but I wanted to get some feedback from Calico/Cilium as well on the test suite and running them downstream and see how it looks. Kube-Network-Policies has also adopted it for CI coverage - so overall we seem to be good. I will try to spend some time going through the open issues for conformance and see where we stand.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
Development

No branches or pull requests

6 participants