Skip to content

Improve Network Policy setup & doc#2497

Merged
jotak merged 2 commits intonetobserv:mainfrom
jotak:upstream-letpol
Mar 4, 2026
Merged

Improve Network Policy setup & doc#2497
jotak merged 2 commits intonetobserv:mainfrom
jotak:upstream-letpol

Conversation

@jotak
Copy link
Member

@jotak jotak commented Feb 24, 2026

Description

Fixes #2491

  • Fix built-in netpol install on ovn-kubernetes and kindnet
    • and make them enabled by default
  • Emphasize risks when netpol is disabled
  • Document how to create your own netpol

Dependencies

n/a

Checklist

If you are not familiar with our processes or don't know what to answer in the list below, let us know in a comment: the maintainers will take care of that.

  • Is this PR backed with a JIRA ticket? If so, make sure it is written as a title prefix (in general, PRs affecting the NetObserv/Network Observability product should be backed with a JIRA ticket - especially if they bring user facing changes).
  • Does this PR require product documentation?
    • If so, make sure the JIRA epic is labeled with "documentation" and provides a description relevant for doc writers, such as use cases or scenarios. Any required step to activate or configure the feature should be documented there, such as new CRD knobs.
  • Does this PR require a product release notes entry?
    • If so, fill in "Release Note Text" in the JIRA.
  • Is there anything else the QE team should know before testing? E.g: configuration changes, environment setup, etc.
    • If so, make sure it is described in the JIRA ticket.
  • QE requirements (check 1 from the list):
    • Standard QE validation, with pre-merge tests unless stated otherwise.
    • Regression tests only (e.g. refactoring with no user-facing change).
    • No QE (e.g. trivial change with high reviewer's confidence, or per agreement with the QE team).

@openshift-ci
Copy link

openshift-ci bot commented Feb 24, 2026

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign memodi for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@codecov
Copy link

codecov bot commented Feb 24, 2026
edited
Loading

Codecov Report

❌ Patch coverage is 89.36170% with 5 lines in your changes missing coverage. Please review.
✅ Project coverage is 72.64%. Comparing base (5c0ce2b) to head (387af69).

Files with missing lines Patch % Lines
internal/pkg/cluster/cluster.go 83.33% 2 Missing and 1 partial ⚠️
internal/pkg/cluster/live_client.go 75.00% 2 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #2497      +/-   ##
==========================================
+ Coverage   72.59%   72.64%   +0.05%     
==========================================
  Files         104      104              
  Lines       10615    10635      +20     
==========================================
+ Hits         7706     7726      +20     
  Misses       2432     2432              
  Partials      477      477
Flag Coverage Δ
unittests 72.64% <89.36%> (+0.05%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Files with missing lines Coverage Δ
api/flowcollector/v1beta2/flowcollector_types.go 100.00% <ø> (ø)
...lector/v1beta2/flowcollector_validation_webhook.go 73.70% <100.00%> (ø)
api/flowcollector/v1beta2/helper.go 82.75% <100.00%> (ø)
internal/controller/networkpolicy/np_objects.go 96.57% <100.00%> (ø)
internal/pkg/cluster/live_client.go 50.00% <75.00%> (-2.95%) ⬇️
internal/pkg/cluster/cluster.go 84.29% <83.33%> (-0.08%) ⬇️

... and 1 file with indirect coverage changes

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@jotak jotak force-pushed the upstream-letpol branch from 0006e57 to fffb3c1 Compare March 2, 2026 15:02
@jotak jotak added the needs-review Tells that the PR needs a review label Mar 2, 2026
@jotak jotak force-pushed the upstream-letpol branch from fffb3c1 to 6124eb3 Compare March 3, 2026 16:27
@jotak jotak added the ok-to-test To set manually when a PR is safe to test. Triggers image build on PR. label Mar 3, 2026
jotak added 2 commits March 3, 2026 18:14
@jotak
Improve Network Policy setup & doc
445bbf0 
Fixes netobserv#2491

- Fix built-in netpol install on ovn-kubernetes and kindnet
  - and make them enabled by default
- Emphasize risks when netpol is disabled
- Document how to create your own netpol
@jotak
add tests
387af69
@jotak jotak force-pushed the upstream-letpol branch from 6124eb3 to 387af69 Compare March 3, 2026 17:14
@github-actions github-actions bot removed the ok-to-test To set manually when a PR is safe to test. Triggers image build on PR. label Mar 3, 2026
@jotak jotak added the ok-to-test To set manually when a PR is safe to test. Triggers image build on PR. label Mar 3, 2026
@github-actions
Copy link

github-actions bot commented Mar 3, 2026

New images:

quay.io/netobserv/network-observability-operator:20bc92d

quay.io/netobserv/network-observability-operator-bundle:v0.0.0-sha-20bc92d

quay.io/netobserv/network-observability-operator-catalog:v0.0.0-sha-20bc92d

They will expire in two weeks.

To deploy this build:

# Direct deployment, from operator repo
IMAGE=quay.io/netobserv/network-observability-operator:20bc92d
 make deploy

# Or using operator-sdk
operator-sdk run bundle quay.io/netobserv/network-observability-operator-bundle:v0.0.0-sha-20bc92d

Or as a Catalog Source:

apiVersion: operators.coreos.com/v1alpha1
kind: CatalogSource
metadata:
  name: netobserv-dev
  namespace: openshift-marketplace
spec:
  sourceType: grpc
  image: quay.io/netobserv/network-observability-operator-catalog:v0.0.0-sha-20bc92d

  displayName: NetObserv development catalog
  publisher: Me
  updateStrategy:
    registryPoll:
      interval: 1m

leandroberetta
leandroberetta approved these changes Mar 4, 2026
View reviewed changes
Copy link
Contributor

@leandroberetta leandroberetta left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@jotak jotak merged commit 6fa63ed into netobserv:main Mar 4, 2026
15 of 16 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@leandroberetta leandroberetta leandroberetta approved these changes

@OlivierCazade OlivierCazade Awaiting requested review from OlivierCazade

Assignees

No one assigned

Labels

needs-review Tells that the PR needs a review ok-to-test To set manually when a PR is safe to test. Triggers image build on PR.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Improve Network Policy setup & doc

2 participants

@jotak @leandroberetta