Bug 2070703: change networkpolicy ACLs to use "apply-after-lb" for egress#1020
Bug 2070703: change networkpolicy ACLs to use "apply-after-lb" for egress#1020JacobTanenbaum wants to merge 5 commits intoopenshift:masterfrom
Conversation
Currently all network policy ACLs are placed on the OVN ingress pipeline. Since the first ACL of the highest priority is action is followed there is no way to ensure the correct operation of network policies when multiple apply to the same pod. Splitting the ACLs onto both the ingress and egress pipelines allows all the egress network policies to be evaluated followed by the ingress so correct action is always assured Signed-off-by: Jacob Tanenbaum <jtanenba@redhat.com>
this brings in options for ACLs required for ACL egress pipeline to apply after load balancing Signed-off-by: Jacob Tanenbaum <jtanenba@redhat.com>
Signed-off-by: Jacob Tanenbaum <jtanenba@redhat.com>
Signed-off-by: Jacob Tanenbaum <jtanenba@redhat.com>
openshift-ci
bot
added
the
bugzilla/severity-urgent
|
@JacobTanenbaum: This pull request references Bugzilla bug 2070703, which is valid. The bug has been moved to the POST state. The bug has been updated to refer to the pull request using the external bug tracker. 3 validation(s) were run on this bug
Requesting review from QA contact: DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
openshift-ci
bot
added
the
bugzilla/valid-bug
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: JacobTanenbaum The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-ci
bot
added
the
approved
|
/retest |
4 similar comments
|
/retest |
|
/retest |
|
/retest |
|
/retest |
JacobTanenbaum
changed the title
|
/retest |
|
@JacobTanenbaum: This pull request references Bugzilla bug 2070703. The bug has been updated to no longer refer to the pull request using the external bug tracker. All external bug links have been closed. The bug has been moved to the NEW state. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
@JacobTanenbaum: The following tests failed, say
Full PR test history. Your PR dashboard. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
1 participant
Revert the changes made to the openshift-priv repo and backport the upstream commits from PR ovn-kubernetes/ovn-kubernetes#2881
this version will fix the ipv6 tests and will ensure master is closer to upstream.
- What this PR does and why is it needed
- Special notes for reviewers
- How to verify it
- Description for the changelog