Skip to content

Some minor rewording of the priority conflict #303

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Some minor rewording of the priority conflict #303

wants to merge 1 commit into from

Conversation

bowei
Copy link

@bowei bowei commented Jun 17, 2025

This makes it more clear that admins should make different priorties for conflicts.

@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: bowei
Once this PR has been reviewed and has the lgtm label, please assign astoycos for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot requested review from aojea and astoycos June 17, 2025 18:04
@netlify Netlify
Copy link

netlify bot commented Jun 17, 2025
edited
Loading

Deploy Preview for kubernetes-sigs-network-policy-api ready!

Name Link
🔨 Latest commit 5a8f6f2
🔍 Latest deploy log https://app.netlify.com/projects/kubernetes-sigs-network-policy-api/deploys/687ffdbdba40c10008ab7168
😎 Deploy Preview https://deploy-preview-303--kubernetes-sigs-network-policy-api.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

@k8s-ci-robot k8s-ci-robot added cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. size/S Denotes a PR that changes 10-29 lines, ignoring generated files. labels Jun 17, 2025
@bowei bowei force-pushed the pr-minor-reword branch from f491f1b to 613c3a6 Compare June 17, 2025 18:56
@k8s-ci-robot k8s-ci-robot added size/M Denotes a PR that changes 30-99 lines, ignoring generated files. and removed size/S Denotes a PR that changes 10-29 lines, ignoring generated files. labels Jun 17, 2025
@bowei
Copy link
Author

bowei commented Jun 17, 2025

/assign @tssurya

tssurya
tssurya reviewed Jun 23, 2025
View reviewed changes
Copy link
Contributor

@tssurya tssurya left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thanks @bowei ! a few inline questions, otherwise i am good

apis/v1alpha1/adminnetworkpolicy_types.go Outdated
//
// If two (or more) policies with equal priority match the same
// traffic, then any one of the policies will be applied to the
// traffic. There is no way for the user to reliably determine the
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So this unreliability is exactly how it was previously and we purposefully changed it to also include:

then the implementation can apply any of the matching policies to the connection part to suggest to users - so they know its the implementation's algorithm not governed by the API, so should we keep this sentence?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I actually added something to make it clear that only one policy is applied? We should probably discuss this to make sure we are OK with that.

Regarding talking about the implementation, IMO it's clearer to focus on the behavior for the end user. In the end, the implementation has to meet the contract -- so saying the "implementation can do X" doesn't add anything towards describing how it works.

@tssurya tssurya mentioned this pull request Jul 1, 2025
Merged
danwinship
danwinship reviewed Jul 1, 2025
View reviewed changes
@danwinship danwinship mentioned this pull request Jul 11, 2025
Open
@bowei bowei force-pushed the pr-minor-reword branch from e0fe359 to 966c31b Compare July 22, 2025 20:26
@bowei
Some rewording of the priority conflict
5a8f6f2 
- Assert that if multiple policies match, even though it is
  indeterminate which policy matches, only a single one will be applied.
- This makes it more clear that admins should make different priorties for
  conflicts.
@bowei bowei force-pushed the pr-minor-reword branch from 966c31b to 5a8f6f2 Compare July 22, 2025 21:08
@bowei
Copy link
Author

bowei commented Aug 11, 2025

Ping on this -- I think I address your comment @tssurya? Let me know.

tssurya
tssurya reviewed Aug 12, 2025
View reviewed changes
apis/v1alpha1/adminnetworkpolicy_types.go
// values. All AdminNetworkPolicy rules have higher precedence
// than NetworkPolicy or BaselineAdminNetworkPolicy rules.
//
// If two (or more) policies with equal priority match the
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

connection v/s traffic we should discuss more - #305

I'm pretty sure some implementations do it connection based and that's how initially network policies were also defined.

@tssurya
Copy link
Contributor

tssurya commented Aug 12, 2025
edited
Loading

LGTM on the priority wordings.
cc @danwinship since you had initially added "stance on implementation" side of things

@bowei I think we should keep it as connections instead of traffic for now in v1alpha1 and then for alpha2 we should revisit it. - at least the scope of this PR was to reword priorities and we can then merged this and we can revisit the packets v/s connection topic later

@bowei
Copy link
Author

bowei commented Aug 18, 2025

I'm ok with which ever give this is all changing significantly. Please close if this is no longer relevant.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@danwinship danwinship danwinship left review comments

@tssurya tssurya tssurya left review comments

@aojea aojea Awaiting requested review from aojea

@astoycos astoycos Awaiting requested review from astoycos

Assignees

@tssurya tssurya

Labels
cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. size/M Denotes a PR that changes 30-99 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@bowei @k8s-ci-robot @tssurya @danwinship