CFE-748: Update CoreDNS EgressFirewall integration enhancement proposal #1579
Conversation
…pdate the EP with the latest API details.
|
@arkadeepsen: This pull request references CFE-748 which is a valid jira issue. Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the spike to target the "4.16.0" version, but no target version was set. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
openshift-ci-robot
added
the
jira/valid-reference
| // +kubebuilder:validation:Pattern=`^(\*\.)?([a-z0-9]([-a-z0-9]{0,61}[a-z0-9])?\.){2,}$` | ||
| // +kubebuilder:validation:MaxLength=254 |
There was a problem hiding this comment.
validation changes are coming from the api PR feedback right?
There was a problem hiding this comment.
I have updated the PR description with the link of the API PR: openshift/api#1524
There was a problem hiding this comment.
validation changes are coming from the api PR feedback right?
Yes.
|
@arkadeepsen: This pull request references CFE-748 which is a valid jira issue. Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the spike to target the "4.16.0" version, but no target version was set. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
| // but won't match 'sub2.sub1.example.com' | ||
| // +kubebuilder:validation:Pattern=^(\*\.)?([A-Za-z0-9]([-A-Za-z0-9]*[A-Za-z0-9])?\.)*[A-Za-z0-9]([-A-Za-z0-9]*[A-Za-z0-9])?\.?$ | ||
| // but won't match 'sub2.sub1.example.com'. | ||
| // +kubebuilder:validation:Pattern=`^(\*\.)?([A-Za-z0-9-]+\.)*[A-Za-z0-9-]+\.?$` |
There was a problem hiding this comment.
where is this pattern coming from? IIUC it is different from the DNSName validation
There was a problem hiding this comment.
The pattern is from the upstream ovnk PR: https://github.com/ovn-org/ovn-kubernetes/pull/4045/files#diff-afeb50cd661258df2d05c385a5779e7e33dad7e4caf85be278b190fb1a22fd7bR84
|
@arkadeepsen One question regarding |
Yes @huiran0826. However, the EgressFirewall CRD will not be changed for this and though it'll be possible to create Deny DNS rules using this feature, the behavior may not be as expected. |
|
Right, for egress firewall we probably will stick to the current behaviour, but using DNS names for deny rules never made a lot of sense. We may need to update our docs to outline that |
|
/lgtm |
|
/assign @Miciah |
|
/lgtm |
|
/approve |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: Miciah The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-ci
bot
added
the
approved
|
@arkadeepsen: all tests passed! Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
Update EP with the location of the DNSNameResolver controller code. Update the EP with the latest API details from openshift/api#1524.