Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow named ports for IPBlocks on ingress #92

Merged
merged 1 commit into from
Mar 30, 2024
Merged

Allow named ports for IPBlocks on ingress #92

merged 1 commit into from
Mar 30, 2024

Conversation

jchen6585
Copy link

@jchen6585 jchen6585 commented Mar 27, 2024
edited
Loading

What type of PR is this?

bug

Which issue does this PR fix:
#81

What does this PR do / Why do we need it:
Allows named ports when using IPBlocks (ingress rules only)

If an issue # is not available please add steps to reproduce and the controller logs:

Testing done on this change:

Manually applied Cx config and policyendpoint looks fine

Spec:
  Ingress:
    Cidr:  172.17.0.0/16
    Ports:
      Port:      80
      Protocol:  TCP
    Cidr:        192.168.8.106
    Ports:
      Port:      443
      Protocol:  TCP
  Pod Isolation:
    Ingress
  Pod Selector:
    Match Labels:
      App:  target
  Pod Selector Endpoints:
    Host IP:    192.168.98.89
    Name:       target
    Namespace:  default
    Pod IP:     192.168.125.203
  Policy Ref:
    Name:       allow-web-traffic
    Namespace:  default

Using allow all in ingress rule

Spec:
  Ingress:
    Cidr:  0.0.0.0/0
    Ports:
      Port:      80
      Protocol:  TCP
      Port:      443
      Protocol:  TCP
    Cidr:        ::/0
    Ports:
      Port:      80
      Protocol:  TCP
      Port:      443
      Protocol:  TCP
  Pod Isolation:
    Ingress
  Pod Selector:
    Match Labels:
      App:  target
  Pod Selector Endpoints:
    Host IP:    192.168.98.89
    Name:       target
    Namespace:  default
    Pod IP:     192.168.116.203
  Policy Ref:
    Name:       allow-web-traffic
    Namespace:  default

Automation added to e2e:

  1. NP allowing ingress from IPBlock + 2 named ports
  2. NP allowing ingress from all CIDRs + 2 named ports

Will this PR introduce any new dependencies?:

No

Will this break upgrades or downgrades. Has updating a running cluster been tested?:
No

Does this PR introduce any user-facing change?:

Yes

Allow for using named ports when using IPBlocks for the ingress source.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@jchen6585 jchen6585 requested a review from a team as a code owner March 27, 2024 21:22
@jchen6585 jchen6585 marked this pull request as draft March 27, 2024 21:22
haouc
haouc reviewed Mar 27, 2024
View reviewed changes
pkg/resolvers/endpoints.go Outdated Show resolved Hide resolved
@jchen6585 jchen6585 force-pushed the nameports-ipblocks branch from 6650859 to 0de0252 Compare March 28, 2024 22:15
@jchen6585 jchen6585 marked this pull request as ready for review March 28, 2024 22:20
haouc
haouc approved these changes Mar 30, 2024
View reviewed changes
Copy link
Contributor

@haouc haouc left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@haouc haouc merged commit 22dea4b into aws:main Mar 30, 2024
4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@haouc haouc haouc approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jchen6585 @haouc