From c395ed9f37608c3da93e5f3349c955b6b97bde14 Mon Sep 17 00:00:00 2001 From: rejain456 Date: Thu, 12 Dec 2024 14:42:46 -0800 Subject: [PATCH 01/10] updated mtpnc crd and pni crd by adding default deny acl bool field --- crd/multitenancy/api/v1alpha1/multitenantpodnetworkconfig.go | 2 ++ crd/multitenancy/api/v1alpha1/podnetworkinstance.go | 3 +++ 2 files changed, 5 insertions(+) diff --git a/crd/multitenancy/api/v1alpha1/multitenantpodnetworkconfig.go b/crd/multitenancy/api/v1alpha1/multitenantpodnetworkconfig.go index ab481fa496..3798027268 100644 --- a/crd/multitenancy/api/v1alpha1/multitenantpodnetworkconfig.go +++ b/crd/multitenancy/api/v1alpha1/multitenantpodnetworkconfig.go @@ -85,6 +85,8 @@ type MultitenantPodNetworkConfigStatus struct { // InterfaceInfos describes all of the network container goal state for this Pod // +kubebuilder:validation:Optional InterfaceInfos []InterfaceInfo `json:"interfaceInfos,omitempty"` + // DefaultDenyAcl bool indicates whether default deny policy will be present on the pods upon pod creation + DefaultDenyACL bool `json:"defaultDenyACL"` } func init() { diff --git a/crd/multitenancy/api/v1alpha1/podnetworkinstance.go b/crd/multitenancy/api/v1alpha1/podnetworkinstance.go index 4a775363ae..5b9d5c6751 100644 --- a/crd/multitenancy/api/v1alpha1/podnetworkinstance.go +++ b/crd/multitenancy/api/v1alpha1/podnetworkinstance.go @@ -56,6 +56,9 @@ type PodNetworkInstanceSpec struct { // optional for now in case orchestrator uses the deprecated fields // +kubebuilder:validation:Optional PodNetworkConfigs []PodNetworkConfig `json:"podNetworkConfigs"` + // DefaultDenyAcl bool indicates whether default deny policy will be present on the pods upon pod creation + // +kubebuilder:default=false + DefaultDenyACL bool `json:"defaultDenyACL"` } // PodNetworkInstanceStatus defines the observed state of PodNetworkInstance From aefbe89652cfa85d6a2c45e5a10fc13b51e89c8e Mon Sep 17 00:00:00 2001 From: rejain456 Date: Thu, 12 Dec 2024 16:24:33 -0800 Subject: [PATCH 02/10] updated pni crd --- .../multitenancy.acn.azure.com_podnetworkinstances.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/crd/multitenancy/manifests/multitenancy.acn.azure.com_podnetworkinstances.yaml b/crd/multitenancy/manifests/multitenancy.acn.azure.com_podnetworkinstances.yaml index ff539c6834..3d6df73a8f 100644 --- a/crd/multitenancy/manifests/multitenancy.acn.azure.com_podnetworkinstances.yaml +++ b/crd/multitenancy/manifests/multitenancy.acn.azure.com_podnetworkinstances.yaml @@ -57,6 +57,10 @@ spec: default: 0 description: Deprecated - use PodNetworks type: integer + defaultDenyACL: + default: false + description: indicates whether default deny policy will be present on the pods upon pod creation + type: bool podNetworkConfigs: description: |- PodNetworkConfigs describes each PodNetwork to attach to a single Pod From 14e3cdd39ea4c80e099862997ceaae747cbec526 Mon Sep 17 00:00:00 2001 From: rejain456 Date: Thu, 12 Dec 2024 16:57:46 -0800 Subject: [PATCH 03/10] updated mtpnc crd --- ...ultitenancy.acn.azure.com_multitenantpodnetworkconfigs.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/crd/multitenancy/manifests/multitenancy.acn.azure.com_multitenantpodnetworkconfigs.yaml b/crd/multitenancy/manifests/multitenancy.acn.azure.com_multitenantpodnetworkconfigs.yaml index 8d82b58756..a93d8c4362 100644 --- a/crd/multitenancy/manifests/multitenancy.acn.azure.com_multitenantpodnetworkconfigs.yaml +++ b/crd/multitenancy/manifests/multitenancy.acn.azure.com_multitenantpodnetworkconfigs.yaml @@ -75,6 +75,9 @@ spec: gatewayIP: description: Deprecated - use InterfaceInfos type: string + DefaultDenyACL: + description: indicates whether default deny policy will be present on the pods upon pod creation + type: bool interfaceInfos: description: InterfaceInfos describes all of the network container goal state for this Pod From 9dedbac87d949c122485830febae7121af87c3d1 Mon Sep 17 00:00:00 2001 From: rejain456 Date: Fri, 13 Dec 2024 12:58:24 -0800 Subject: [PATCH 04/10] updated bool to boolean in crd --- ...multitenancy.acn.azure.com_multitenantpodnetworkconfigs.yaml | 2 +- .../multitenancy.acn.azure.com_podnetworkinstances.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/crd/multitenancy/manifests/multitenancy.acn.azure.com_multitenantpodnetworkconfigs.yaml b/crd/multitenancy/manifests/multitenancy.acn.azure.com_multitenantpodnetworkconfigs.yaml index a93d8c4362..23d023b5e2 100644 --- a/crd/multitenancy/manifests/multitenancy.acn.azure.com_multitenantpodnetworkconfigs.yaml +++ b/crd/multitenancy/manifests/multitenancy.acn.azure.com_multitenantpodnetworkconfigs.yaml @@ -77,7 +77,7 @@ spec: type: string DefaultDenyACL: description: indicates whether default deny policy will be present on the pods upon pod creation - type: bool + type: boolean interfaceInfos: description: InterfaceInfos describes all of the network container goal state for this Pod diff --git a/crd/multitenancy/manifests/multitenancy.acn.azure.com_podnetworkinstances.yaml b/crd/multitenancy/manifests/multitenancy.acn.azure.com_podnetworkinstances.yaml index 3d6df73a8f..be1ef53e73 100644 --- a/crd/multitenancy/manifests/multitenancy.acn.azure.com_podnetworkinstances.yaml +++ b/crd/multitenancy/manifests/multitenancy.acn.azure.com_podnetworkinstances.yaml @@ -60,7 +60,7 @@ spec: defaultDenyACL: default: false description: indicates whether default deny policy will be present on the pods upon pod creation - type: bool + type: boolean podNetworkConfigs: description: |- PodNetworkConfigs describes each PodNetwork to attach to a single Pod From ec74f22e4d1f3a075776c0290d24f72e625f2a01 Mon Sep 17 00:00:00 2001 From: rejain456 Date: Fri, 13 Dec 2024 13:21:43 -0800 Subject: [PATCH 05/10] updated schema/lowercased default dent --- ...multitenancy.acn.azure.com_multitenantpodnetworkconfigs.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crd/multitenancy/manifests/multitenancy.acn.azure.com_multitenantpodnetworkconfigs.yaml b/crd/multitenancy/manifests/multitenancy.acn.azure.com_multitenantpodnetworkconfigs.yaml index 23d023b5e2..267d65d86d 100644 --- a/crd/multitenancy/manifests/multitenancy.acn.azure.com_multitenantpodnetworkconfigs.yaml +++ b/crd/multitenancy/manifests/multitenancy.acn.azure.com_multitenantpodnetworkconfigs.yaml @@ -75,7 +75,7 @@ spec: gatewayIP: description: Deprecated - use InterfaceInfos type: string - DefaultDenyACL: + defaultDenyACL: description: indicates whether default deny policy will be present on the pods upon pod creation type: boolean interfaceInfos: From 39cdc301e2632fcfb4e3f55f22cb0d77acd22ce0 Mon Sep 17 00:00:00 2001 From: rejain456 Date: Tue, 17 Dec 2024 10:21:37 -0800 Subject: [PATCH 06/10] fixing crd pipeline error --- ...cy.acn.azure.com_multitenantpodnetworkconfigs.yaml | 9 ++++++--- ...ultitenancy.acn.azure.com_podnetworkinstances.yaml | 11 +++++++---- 2 files changed, 13 insertions(+), 7 deletions(-) diff --git a/crd/multitenancy/manifests/multitenancy.acn.azure.com_multitenantpodnetworkconfigs.yaml b/crd/multitenancy/manifests/multitenancy.acn.azure.com_multitenantpodnetworkconfigs.yaml index 267d65d86d..c9df979403 100644 --- a/crd/multitenancy/manifests/multitenancy.acn.azure.com_multitenantpodnetworkconfigs.yaml +++ b/crd/multitenancy/manifests/multitenancy.acn.azure.com_multitenantpodnetworkconfigs.yaml @@ -72,12 +72,13 @@ spec: description: MultitenantPodNetworkConfigStatus defines the observed state of PodNetworkConfig properties: + defaultDenyACL: + description: DefaultDenyAcl bool indicates whether default deny policy + will be present on the pods upon pod creation + type: boolean gatewayIP: description: Deprecated - use InterfaceInfos type: string - defaultDenyACL: - description: indicates whether default deny policy will be present on the pods upon pod creation - type: boolean interfaceInfos: description: InterfaceInfos describes all of the network container goal state for this Pod @@ -122,6 +123,8 @@ spec: primaryIP: description: Deprecated - use InterfaceInfos type: string + required: + - defaultDenyACL type: object type: object served: true diff --git a/crd/multitenancy/manifests/multitenancy.acn.azure.com_podnetworkinstances.yaml b/crd/multitenancy/manifests/multitenancy.acn.azure.com_podnetworkinstances.yaml index be1ef53e73..49a5d7e9ef 100644 --- a/crd/multitenancy/manifests/multitenancy.acn.azure.com_podnetworkinstances.yaml +++ b/crd/multitenancy/manifests/multitenancy.acn.azure.com_podnetworkinstances.yaml @@ -53,14 +53,15 @@ spec: spec: description: PodNetworkInstanceSpec defines the desired state of PodNetworkInstance properties: + defaultDenyACL: + default: false + description: DefaultDenyAcl bool indicates whether default deny policy + will be present on the pods upon pod creation + type: boolean podIPReservationSize: default: 0 description: Deprecated - use PodNetworks type: integer - defaultDenyACL: - default: false - description: indicates whether default deny policy will be present on the pods upon pod creation - type: boolean podNetworkConfigs: description: |- PodNetworkConfigs describes each PodNetwork to attach to a single Pod @@ -84,6 +85,8 @@ spec: podnetwork: description: Deprecated - use PodNetworks type: string + required: + - defaultDenyACL type: object status: description: PodNetworkInstanceStatus defines the observed state of PodNetworkInstance From 43023254692a742fa9b17ce04152233448ecd838 Mon Sep 17 00:00:00 2001 From: rejain456 Date: Tue, 17 Dec 2024 11:17:06 -0800 Subject: [PATCH 07/10] tset --- crd/multitenancy/api/v1alpha1/podnetworkinstance.go | 1 - 1 file changed, 1 deletion(-) diff --git a/crd/multitenancy/api/v1alpha1/podnetworkinstance.go b/crd/multitenancy/api/v1alpha1/podnetworkinstance.go index 5b9d5c6751..4a594e47ce 100644 --- a/crd/multitenancy/api/v1alpha1/podnetworkinstance.go +++ b/crd/multitenancy/api/v1alpha1/podnetworkinstance.go @@ -57,7 +57,6 @@ type PodNetworkInstanceSpec struct { // +kubebuilder:validation:Optional PodNetworkConfigs []PodNetworkConfig `json:"podNetworkConfigs"` // DefaultDenyAcl bool indicates whether default deny policy will be present on the pods upon pod creation - // +kubebuilder:default=false DefaultDenyACL bool `json:"defaultDenyACL"` } From bae503dc061c96a7205d3ad67d46e515a0128c0f Mon Sep 17 00:00:00 2001 From: rejain456 Date: Tue, 17 Dec 2024 11:23:00 -0800 Subject: [PATCH 08/10] revert --- crd/multitenancy/api/v1alpha1/podnetworkinstance.go | 1 + 1 file changed, 1 insertion(+) diff --git a/crd/multitenancy/api/v1alpha1/podnetworkinstance.go b/crd/multitenancy/api/v1alpha1/podnetworkinstance.go index 4a594e47ce..5b9d5c6751 100644 --- a/crd/multitenancy/api/v1alpha1/podnetworkinstance.go +++ b/crd/multitenancy/api/v1alpha1/podnetworkinstance.go @@ -57,6 +57,7 @@ type PodNetworkInstanceSpec struct { // +kubebuilder:validation:Optional PodNetworkConfigs []PodNetworkConfig `json:"podNetworkConfigs"` // DefaultDenyAcl bool indicates whether default deny policy will be present on the pods upon pod creation + // +kubebuilder:default=false DefaultDenyACL bool `json:"defaultDenyACL"` } From 02a8c4eace3ec2ee7bc8c5ae50fa4deda2590e8f Mon Sep 17 00:00:00 2001 From: rejain456 Date: Fri, 20 Dec 2024 15:48:30 -0800 Subject: [PATCH 09/10] resolved nits from pr --- crd/multitenancy/api/v1alpha1/multitenantpodnetworkconfig.go | 3 ++- crd/multitenancy/api/v1alpha1/podnetworkinstance.go | 3 ++- ...ultitenancy.acn.azure.com_multitenantpodnetworkconfigs.yaml | 2 -- .../multitenancy.acn.azure.com_podnetworkinstances.yaml | 2 -- 4 files changed, 4 insertions(+), 6 deletions(-) diff --git a/crd/multitenancy/api/v1alpha1/multitenantpodnetworkconfig.go b/crd/multitenancy/api/v1alpha1/multitenantpodnetworkconfig.go index 3798027268..dba7fdd117 100644 --- a/crd/multitenancy/api/v1alpha1/multitenantpodnetworkconfig.go +++ b/crd/multitenancy/api/v1alpha1/multitenantpodnetworkconfig.go @@ -85,7 +85,8 @@ type MultitenantPodNetworkConfigStatus struct { // InterfaceInfos describes all of the network container goal state for this Pod // +kubebuilder:validation:Optional InterfaceInfos []InterfaceInfo `json:"interfaceInfos,omitempty"` - // DefaultDenyAcl bool indicates whether default deny policy will be present on the pods upon pod creation + // DefaultDenyACL bool indicates whether default deny policy will be present on the pods upon pod creation + // +kubebuilder:validation:Optional DefaultDenyACL bool `json:"defaultDenyACL"` } diff --git a/crd/multitenancy/api/v1alpha1/podnetworkinstance.go b/crd/multitenancy/api/v1alpha1/podnetworkinstance.go index 5b9d5c6751..0437bee57f 100644 --- a/crd/multitenancy/api/v1alpha1/podnetworkinstance.go +++ b/crd/multitenancy/api/v1alpha1/podnetworkinstance.go @@ -56,8 +56,9 @@ type PodNetworkInstanceSpec struct { // optional for now in case orchestrator uses the deprecated fields // +kubebuilder:validation:Optional PodNetworkConfigs []PodNetworkConfig `json:"podNetworkConfigs"` - // DefaultDenyAcl bool indicates whether default deny policy will be present on the pods upon pod creation + // DefaultDenyACL bool indicates whether default deny policy will be present on the pods upon pod creation // +kubebuilder:default=false + // +kubebuilder:validation:Optional DefaultDenyACL bool `json:"defaultDenyACL"` } diff --git a/crd/multitenancy/manifests/multitenancy.acn.azure.com_multitenantpodnetworkconfigs.yaml b/crd/multitenancy/manifests/multitenancy.acn.azure.com_multitenantpodnetworkconfigs.yaml index c9df979403..ee0596e2a7 100644 --- a/crd/multitenancy/manifests/multitenancy.acn.azure.com_multitenantpodnetworkconfigs.yaml +++ b/crd/multitenancy/manifests/multitenancy.acn.azure.com_multitenantpodnetworkconfigs.yaml @@ -123,8 +123,6 @@ spec: primaryIP: description: Deprecated - use InterfaceInfos type: string - required: - - defaultDenyACL type: object type: object served: true diff --git a/crd/multitenancy/manifests/multitenancy.acn.azure.com_podnetworkinstances.yaml b/crd/multitenancy/manifests/multitenancy.acn.azure.com_podnetworkinstances.yaml index 49a5d7e9ef..da1dc4c8d3 100644 --- a/crd/multitenancy/manifests/multitenancy.acn.azure.com_podnetworkinstances.yaml +++ b/crd/multitenancy/manifests/multitenancy.acn.azure.com_podnetworkinstances.yaml @@ -85,8 +85,6 @@ spec: podnetwork: description: Deprecated - use PodNetworks type: string - required: - - defaultDenyACL type: object status: description: PodNetworkInstanceStatus defines the observed state of PodNetworkInstance From df4be6c5947801771c118f8b25a33a82b0cfd1fa Mon Sep 17 00:00:00 2001 From: rejain456 Date: Fri, 20 Dec 2024 15:55:18 -0800 Subject: [PATCH 10/10] resolved crg gen failing issue --- ...multitenancy.acn.azure.com_multitenantpodnetworkconfigs.yaml | 2 +- .../multitenancy.acn.azure.com_podnetworkinstances.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/crd/multitenancy/manifests/multitenancy.acn.azure.com_multitenantpodnetworkconfigs.yaml b/crd/multitenancy/manifests/multitenancy.acn.azure.com_multitenantpodnetworkconfigs.yaml index ee0596e2a7..9390424b82 100644 --- a/crd/multitenancy/manifests/multitenancy.acn.azure.com_multitenantpodnetworkconfigs.yaml +++ b/crd/multitenancy/manifests/multitenancy.acn.azure.com_multitenantpodnetworkconfigs.yaml @@ -73,7 +73,7 @@ spec: of PodNetworkConfig properties: defaultDenyACL: - description: DefaultDenyAcl bool indicates whether default deny policy + description: DefaultDenyACL bool indicates whether default deny policy will be present on the pods upon pod creation type: boolean gatewayIP: diff --git a/crd/multitenancy/manifests/multitenancy.acn.azure.com_podnetworkinstances.yaml b/crd/multitenancy/manifests/multitenancy.acn.azure.com_podnetworkinstances.yaml index da1dc4c8d3..8dbbbe127f 100644 --- a/crd/multitenancy/manifests/multitenancy.acn.azure.com_podnetworkinstances.yaml +++ b/crd/multitenancy/manifests/multitenancy.acn.azure.com_podnetworkinstances.yaml @@ -55,7 +55,7 @@ spec: properties: defaultDenyACL: default: false - description: DefaultDenyAcl bool indicates whether default deny policy + description: DefaultDenyACL bool indicates whether default deny policy will be present on the pods upon pod creation type: boolean podIPReservationSize: