Giters

kubernetes-sigs / network-policy-api

This repo addresses further work involving Kubernetes network security beyond the initial NetworkPolicy resource

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

[ENHANCEMENT] Resolve ambiguity in APIs around matching traffic

shashankram opened this issue · comments

commented

Is your enhancement request related to a problem? Please describe.
The match criteria in the APIs are a bit ambiguous. For e.g., consider the AdminNetworkPolicyIngressRule

network-policy-api/apis/v1alpha1/adminnetworkpolicy_types.go

Line 105 in f6c1cf2

type AdminNetworkPolicyIngressRule struct {
, where it could be unclear which fields define the matching semantics for traffic. It's a bit simple at the moment with just peer and ports defined, but can get complex if additional matching properties are introduced.

Describe the solution you'd like
Similar to the Action field, I would like to see a Matches field instead, which can be extended in the future to define match semantics (and, or, etc.). This would make the match criteria explicit instead of leaving the interpretation to the user based on field documentation.

Describe alternatives you've considered
Alternative would be to improve the documentation to describe the fields that are responsible for the match criteria and the associated match semantics.

commented

The Kubernetes project currently lacks enough contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue as fresh with /remove-lifecycle stale
  • Close this issue with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

commented

/remove-lifecycle stale