Skip to content

Releases: kubernetes-sigs/network-policy-api

v0.1.7

29 Jul 14:21
@tssurya tssurya
v0.1.7
0638d39
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.1.7 Latest
Latest

API Version: v1alpha1

This is a patch release of the network-policy-api. It includes two
main resources geared towards cluster admins:

  • AdminNetworkPolicy
  • BaselineAdminNetworkPolicy

The new aspects of the API being released here that are worth highlighting include:

  • A new type of egress peer networks is supported to be able to express CIDR ranges as peers
  • An experimental egress peer nodes is supported to be able to express Kubernetes nodes as peers
  • An experimental egress peer domainNames is supported to be able to express FQDNs as peers
  • Docs text change around calling out that host-networked pods are not selected as part of subject or peers
  • More conformance tests specially for the new fields

Another noteworthy change is the removal of sameLabels and notSameLabels fields from the API.
Originally these fields were added to be able to express a form of tenancy that was relative to
the selected subject of the policy. Given the selection based on sameness and not-sameness of labels
could compound to many possible ways of expressing relations that would exceed cardinality, the
community is working on a better API proposal for tenancy. See NPEP-122 for more details.

Please check out the network-policy-api website for more information.

Many thanks to all of the community members who made contributions that helped make this release 😄

Changes of importance for released code

  • NPEP: Add support for egress traffic control by @tssurya in #117
  • add release channels and support levels by @astoycos in #131
  • Fix BANP's max peer length by @tssurya in #149
  • Add conformance profiles NPEP by @tssurya in #138
  • Add Conformance Profiles Test Reporting System by @tssurya in #142
  • Callout namespaces/pods peers do not include host-net pods by @tssurya in #156
  • Create NPEP-122 for Tenancy API update. by @npinaeva in #123
  • feat(Policy Assistant): data structures simulating connectivity for (B)ANP by @huntergregory in #159
  • Implement Cluster Egress Traffic semantics (ANP&BANP NorthBound Support) - PART1 - Nodes by @tssurya in #143
  • Add conformance testcases for AdminNetworkPolicy named port feature by @Dyanngg in #132
  • NPEP: FQDN Selector for Egress, User stories by @rahulkjoshi in #134
  • NPEP: Iron out Cluster Egress Support API Design by @tssurya in #144
  • Add blog post for getting started with ANP by @Dyanngg in #146
  • Implement inline CIDR block egress peer by @tssurya in #185
  • Add conformance tests for node and cidr selector peers by @tssurya in #193
  • Add kubebuilder syntax for status.conditions by @tssurya in #209
  • Remove same-not-same-labels by @tssurya in #196
  • Add validation for ANP/BANP Enum actions by @tssurya in #213
  • Add Missing API Validations by @tssurya in #215
  • Ensure we clarify subjects don't include host-net pods by @tssurya in #219
  • add ci for conformance tests by @aojea in #224
  • Add API spec for FQDN selector by @rahulkjoshi in #200
  • Update the text about duplicate priority values by @danwinship in #229
  • Update domain selector to domainNames by @rahulkjoshi in #232
  • [Policy Assistant] Add support for k8s native workload traffic by @gabrielggg in #227
  • Add DomainName field to AdminNetworkPolicyEgressPeer by @rahulkjoshi in #233
  • analyze: start parsing anps and banp from kube server or path by @Peac36 in #239
  • Disallow empty port list for ANP peers. by @npinaeva in #250
  • docs: changelog for v0.0.1-policy-assistant by @huntergregory in #271
  • Explicitly explain "fail closed". by @fasaxc in #252
  • Clarify API docs about priority conflicts by @danwinship in #293
  • Remove extended fields support by @tssurya in #284
  • Graduate networks to standard by @tssurya in #296

New Contributors

Full Changelog: v0.1.1...v0.1.7

Contributors

danwinship, fasaxc, and 11 other contributors
Assets 2
Loading

v0.0.1-policy-assistant

19 Nov 17:56
@danwinship danwinship
v0.0.1-policy-assistant
6b27658
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.0.1-policy-assistant

This release contains the policy-assistant Command-Line Interface (CLI) and its source code.

Policy Assistant is a project to help users develop/troubleshoot upstream network policies. Current APIs: NetworkPolicy (v1), AdminNetworkPolicy and BaselineAdminNetworkPolicy.

policy-assistant is a static analysis tool which can simulate policy verdicts for traffic.
policy-assistant can either read policies/pods from file or from a Kubernetes cluster.

For more information, see the Policy Assistant README or this demo.

What's New

Inaugural release for policy-assistant.

Supported APIs

Special Notes

We will be iterating on how we version policy assistant.
It's possible that future releases will not follow the same release version format.

Loading

v0.1.1

17 Aug 17:10
@astoycos astoycos
v0.1.1
64aa20f
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.1.1

API Version: v1alpha1

This is a patch release of the network-policy-api. It includes two
main resources geared towards cluster admins:

  • AdminNetworkPolicy
  • BaselineAdminNetworkPolicy

Additionally it includes many conformance test updates and fixes:

  • Ingress/Egress Traffic conformance for TCP/UDP/SCTP
  • Movement of base testing yamls
  • Variable renaming and comment improvements
  • Increased default timeout
  • Removal of K8s.io/kubernetes dependency

Please check out the network-policy-api website for more information.

Also many thanks to all of the folks who pushed commits to help make this happen 😄

Changes of importance for released code

  • Add BANP conformance tests for .Spec.Ingress and .Spec.Egress fields by @tssurya in #109
  • Add conformance for Gress rules by @tssurya in #112
  • Add conformance test for .spec.Priority field in ANP by @tssurya in #113
  • Fix some nits in conformance package by @Dyanngg in #124
  • Change conformance test ready condition by @Dyanngg in #125
  • Remove k8s.io/kubernetes from project dependency by @Dyanngg in #129

New Contributors

Full Changelog: v0.1.0...v0.1.1

Contributors

rahulkjoshi, tssurya, and 2 other contributors
Loading

v0.1.0

23 May 20:12
@astoycos astoycos
v0.1.0
7321d85
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.1.0

API Version: v1alpha1

This is the initial release of the network-policy-api. It includes two main resources geared towards cluster admins:

  • AdminNetworkPolicy
  • BaselineAdminNetworkPolicy

Please check out the network-policy-api website for more information.

Also many thanks to all of the folks who pushed commits to help make this happen 😄

Contributors (since the project's creation)

Full Changelog: https://github.com/kubernetes-sigs/network-policy-api/commits/v0.1.0

Contributors

danwinship, abhiraut, and 7 other contributors
Loading