Skip to content

Bug 1613280 - only create netpolicy if one already exists #172

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Oct 19, 2018
Merged

Bug 1613280 - only create netpolicy if one already exists #172

merged 2 commits into from
Oct 19, 2018

Conversation

@jmrodri
Copy link
Contributor

@jmrodri jmrodri commented Oct 5, 2018

If there are other services in the target namespace talking to each other with no network policy, during APB deployments we automatically create one that blocks the other services. This change looks to see if there are any network policies on the target namespace. If there are none, we forgo creating the network policy, assuming things are open and the transient namespace should be able to talk to the target with no issues. If there are existing network policies, then we will add ours to give the transient namespace access to the target. There is still the chance that our network policy could still affect things depending on the variety of existing network policies in place, too many to verify.

@coveralls
Copy link

coveralls commented Oct 5, 2018
edited
Loading

Coverage Status

Coverage decreased (-0.4%) to 64.05% when pulling 873e204 on jmrodri:network-policy into 8f581fb on automationbroker:master.

@jmrodri
Bug 1613280 - only create netpolicy if one already exists
ee040cc 
update test to reflect new createsandbox rules
shawn-hurley
shawn-hurley approved these changes Oct 8, 2018
View reviewed changes
Copy link
Contributor

@shawn-hurley shawn-hurley left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks good to me I don't see any problems

VISACK

If you want a second pair of eyes on testing let me know and I can spin up my dev env for this again

@jmrodri jmrodri added the 0.2.x label Oct 18, 2018
eriknelson
eriknelson approved these changes Oct 19, 2018
View reviewed changes
runtime/runtime_test.go
apbRole: "edit",
},
{
name: "Test Create Sandbox with ns in target with net policy",
Copy link
Member

@eriknelson eriknelson Oct 19, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🎉

@jmrodri jmrodri merged commit dcb2c74 into automationbroker:master Oct 19, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@eriknelson eriknelson eriknelson approved these changes

@shawn-hurley shawn-hurley shawn-hurley approved these changes

@dymurray dymurray Awaiting requested review from dymurray

Assignees

No one assigned

Labels

0.2.x

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@jmrodri @coveralls @eriknelson @shawn-hurley