Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support AdminNetworkPolicy named ports #9254

Open
wants to merge 19 commits into
base: master
Choose a base branch
from
Open

Support AdminNetworkPolicy named ports #9254

Changes from 1 commit
Commits
Show all changes
19 commits
Select commit Hold shift + click to select a range
37d1112
first commit
mazdakn Sep 19, 2024
3f9a569
Add tests
mazdakn Sep 19, 2024
4311c83
update conformance tests
mazdakn Sep 19, 2024
d7aab6f
Cleanup
mazdakn Sep 20, 2024
a3ebf94
handle named port protocol
mazdakn Sep 20, 2024
13b7dd7
Update libcalico-go/lib/backend/k8s/conversion/conversion.go
mazdakn Sep 20, 2024
002adbd
Merge remote-tracking branch 'os/master' into anp-extensions
mazdakn Oct 2, 2024
03b7248
Merge branch 'master' into anp-extensions
mazdakn Nov 16, 2024
f823006
Merge remote-tracking branch 'os/master' into anp-extensions
mazdakn Nov 18, 2024
0f67894
fix ut
mazdakn Nov 19, 2024
77d7f34
Merge remote-tracking branch 'os/master' into anp-extensions
mazdakn Nov 22, 2024
68fb216
Introduce Any protocol
mazdakn Nov 22, 2024
0b15308
Merge remote-tracking branch 'os/master' into anp-extensions
mazdakn Dec 17, 2024
9a71f82
cleanup
mazdakn Dec 17, 2024
25f66d2
Fix tests
mazdakn Dec 18, 2024
f43fb56
Add comment
mazdakn Dec 18, 2024
c120ef9
enable debug
mazdakn Dec 18, 2024
ac33520
update
mazdakn Dec 18, 2024
5fd7ab9
fix
mazdakn Dec 18, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
36 changes: 33 additions & 3 deletions libcalico-go/lib/backend/k8s/conversion/conversion.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -48,6 +48,7 @@ type selectorType int8
const (
SelectorNamespace selectorType = iota
SelectorPod
SelectorNode
)

type Converter interface {
Expand Down Expand Up @@ -545,11 +546,12 @@ func k8sANPEgressRuleToCalico(rule adminpolicy.AdminNetworkPolicyEgressRule) ([]
}

// Based on specifications at least one Peer is set.
var selector, nsSelector string
for _, peer := range rule.To {
var selector, nsSelector string
var nets []string
// One and only one of the following fileds is set (based on specification).
mazdakn marked this conversation as resolved.
Show resolved Hide resolved
var found bool
if peer.Namespaces != nil {
selector = ""
nsSelector = k8sSelectorToCalico(peer.Namespaces, SelectorNamespace)
found = true
}
Expand All @@ -558,6 +560,20 @@ func k8sANPEgressRuleToCalico(rule adminpolicy.AdminNetworkPolicyEgressRule) ([]
nsSelector = k8sSelectorToCalico(&peer.Pods.NamespaceSelector, SelectorNamespace)
found = true
}
if len(peer.Networks) != 0 {
for _, n := range peer.Networks {
_, ipNet, err := cnet.ParseCIDR(string(n))
if err != nil {
return nil, err
mazdakn marked this conversation as resolved.
Show resolved Hide resolved
}
nets = append(nets, ipNet.String())
}
found = true
}
if peer.Nodes != nil {
// TODO: Can we translate nodes to auto-hep just with a selector?
selector = k8sSelectorToCalico(peer.Nodes, SelectorNode)
mazdakn marked this conversation as resolved.
Show resolved Hide resolved
}
if !found {
return nil, fmt.Errorf("none of supported fields in 'To' is set.")
}
Expand All @@ -571,6 +587,7 @@ func k8sANPEgressRuleToCalico(rule adminpolicy.AdminNetworkPolicyEgressRule) ([]
Ports: calicoPorts,
Selector: selector,
NamespaceSelector: nsSelector,
Nets: nets,
},
})
}
Expand Down Expand Up @@ -633,7 +650,12 @@ func k8sAdminPolicyPortToCalicoFields(port *adminpolicy.AdminNetworkPolicyPort)
protocol = k8sProtocolToCalico(&proto)
return
}
// TODO: Add support for NamedPorts
if port.NamedPort != nil {
dstPort = k8sAdminPolicyNamedPortToCalico(*port.NamedPort)
proto := ensureProtocol(port.PortRange.Protocol)
protocol = k8sProtocolToCalico(&proto)
return
}
return
}

Expand All @@ -656,6 +678,14 @@ func k8sAdminPolicyPortRangeToCalico(port *adminpolicy.PortRange) (*numorstring.
return &p, nil
}

func k8sAdminPolicyNamedPortToCalico(port string) *numorstring.Port {
if port == "" {
return nil
}
p := numorstring.NamedPort(port)
return &p
}

// K8sNetworkPolicyToCalico converts a k8s NetworkPolicy to a model.KVPair.
func (c converter) K8sNetworkPolicyToCalico(np *networkingv1.NetworkPolicy) (*model.KVPair, error) {
// Pull out important fields.
Expand Down
Loading