Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

update network-policy by adding egress and ipBlock usage #5473

Merged
merged 1 commit into from
Sep 25, 2017
Merged

update network-policy by adding egress and ipBlock usage #5473

merged 1 commit into from
Sep 25, 2017

Conversation

Lion-Wei
Copy link

@Lion-Wei Lion-Wei commented Sep 15, 2017
edited by k8s-reviewable
Loading

update network-policy by adding egress and ipBlock usage

This change is Reviewable

@k8s-ci-robot k8s-ci-robot added size/S Denotes a PR that changes 10-29 lines, ignoring generated files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. labels Sep 15, 2017
@k8sio-netlify-preview-bot
Copy link
Collaborator

k8sio-netlify-preview-bot commented Sep 15, 2017
edited
Loading

Deploy preview ready!

Built with commit 503f9ef

https://deploy-preview-5473--kubernetes-io-master-staging.netlify.com

@Lion-Wei
Copy link
Author

/cc @cmluciano , I thought it might necessary to add some instructions of egress and ipBlock to network-policy docs, so I did it. Would you please to a quick look to see whether I wrote something wrong. Thanks!

@zacharysarah
Copy link
Contributor

LGTM from a docs standpoint; waiting for review from @cmluciano to merge. 👍

@zacharysarah
Copy link
Contributor

@cmluciano 👋 Bumping for review.

@cmluciano
Copy link
Contributor

@Lion-Wei Can you remove the egress specific parts from here and just document the CIDR bits.

#5529 should cover egress parts

cc @caseydavenport

caseydavenport
caseydavenport reviewed Sep 21, 2017
View reviewed changes
docs/concepts/services-networking/network-policies.md Outdated
@@ -62,6 +77,13 @@ __podSelector__: Each `NetworkPolicy` includes a `podSelector` which selects the

__ingress__: Each `NetworkPolicy` includes a list of whitelist `ingress` rules. Each rule allows traffic which matches both the `from` and `ports` sections. The example policy contains a single rule, which matches traffic on a single port, from either of two sources, the first specified via a `namespaceSelector` and the second specified via a `podSelector`.

__egress__: Each `NetworkPolicy` includes a list of whitelist `egress` rules. Each rule allows traffic which matches both the `ports` and `to` sections. The example policy contains a single rule, which matches traffic on a single port, to either of two sources, the first specified via a `namespaceSelector` and the second specified via a `podSelector`.

__ipBlock__: `ipBlock` describes a particular CIDR that is allowed to
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is a bit asymmetrical - we don't document the podSelector and namespaceSelector bits here, which are equivalent.

Not sure if we care though?

@k8s-ci-robot k8s-ci-robot added size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. and removed size/S Denotes a PR that changes 10-29 lines, ignoring generated files. labels Sep 23, 2017
@Lion-Wei
Copy link
Author

@cmluciano okay, that might be better, already changed, thanks

@zacharysarah zacharysarah merged commit b23b91a into kubernetes:master Sep 25, 2017
This was referenced Sep 25, 2017
Closed
Closed
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@caseydavenport caseydavenport caseydavenport left review comments

@cmluciano cmluciano Awaiting requested review from cmluciano

Assignees

@zacharysarah zacharysarah

Labels
cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. size/XS Denotes a PR that changes 0-9 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@Lion-Wei @k8sio-netlify-preview-bot @zacharysarah @cmluciano @caseydavenport @k8s-ci-robot