Add Antrea NetworkPolicy documentation #1194
Conversation
|
Thanks for your PR. The following commands are available:
|
Codecov Report
@@ Coverage Diff @@
## master #1194 +/- ##
==========================================
- Coverage 56.23% 56.21% -0.02%
==========================================
Files 106 106
Lines 11568 11568
==========================================
- Hits 6505 6503 -2
- Misses 4493 4494 +1
- Partials 570 571 +1
Flags with carried forward coverage won't be shown. Click here to find out more.
|
abhiraut
requested review from
antoninbas,
tnqn,
Dyanngg,
McCodeman and
jianjuns
|
/skip-all |
|
|
||
| Antrea NetworkPolicy is another Policy CRD, which is similar to the | ||
| ClusterNetworkPolicy CRD, however its scope is limited to a Namespace. | ||
| The purpose of introducing this CRD is to allow admins to take advantage of |
There was a problem hiding this comment.
is it still targeted at cluster admins specifically?
I'm asking because above you removed "admin-created" from this sentence:
Thus, admin created tiered policies have a higher precedence over developer-created K8s NetworkPolicies.
And I assumed it was because of the addition of the Antrea NetworkPolicy CRD.
There was a problem hiding this comment.
yes i thought about it while adding the ANP.. but then since one can add a ANP with higher precedence over existing CNP.. it does not make sense to have ANP associated with devs.. i will restore the original statement above
There was a problem hiding this comment.
Agreed that both CRDs should be admin oriented
|
/skip-all |
|
/skip-hw-offload |
|
@jianjuns any comments? |
docs/network-policy.md
Outdated
| port: 5978 | ||
| ``` | ||
|
|
||
| ### Policy ordering based on priorities |
There was a problem hiding this comment.
This section should be moved to ClusterNetworkPolicy as it applies to both?
There was a problem hiding this comment.
are you suggesting to move this out one level in the following way:
There was a problem hiding this comment.
I think we either move common contents to a separate common section, or put them in ClusterNetworkPolicy (as it is talked first). I saw sections like "Rule enforcement based on priorities" are similar to this one?
There was a problem hiding this comment.
moved to CNP section ..
docs/network-policy.md
Outdated
| enforced. Within a tier, rules belonging to Cluster NetworkPolicy CRDs are | ||
| to the "Emergency" tier are enforced first, followed by policies associated | ||
| with the "SecurityOps" tier and so on, until the "Application" tier policies | ||
| are enforced. Within a tier, rules belonging to Cluster NetworkPolicy CRDs are |
There was a problem hiding this comment.
Do you feel these overlap with what you added? Should we just revise this section (or move some contents about tier and policy priority to your section, but keep rule priority here)?
There was a problem hiding this comment.
revised it in its own section..
docs/network-policy.md
Outdated
| ### Ordering based on Tier priority | ||
|
|
||
| With the introduction of tiers, Antrea Policies, like ClusterNetworkPolicies, | ||
| are first enforced based on the tier to which they are associated with. i.e. |
There was a problem hiding this comment.
associated with -> associated (as already have "to which")?
docs/network-policy.md
Outdated
| With the introduction of tiers, Antrea Policies, like ClusterNetworkPolicies, | ||
| are first enforced based on the tier to which they are associated with. i.e. | ||
| all policies belonging to the "Emergency" tier are enforced first, followed by | ||
| policies associated with the "SecurityOps" tier and so on, until the |
There was a problem hiding this comment.
"associated with" -> "belonging to"?
|
/skip-all |
|
/skip-hw-offload |
abhiraut
dismissed stale reviews from antoninbas, Dyanngg, and jianjuns
via
4521640
|
/skip-all |
|
/skip-hw-offload |
|
rebased to get rid of kind testing on doc pr |
Add documentation regarding the namespaced Antrea NetworkPolicy CRD
With the addition of namespaced Antrea NetworkPolicy, this PR adds relevant documentation.