Enhancements: Bring Network Policy to GA

Created on 28 Jan 2017  Â·  20Comments  Â·  Source: kubernetes/enhancements

Feature Description

  • One-line feature description (can be used as a release note): NetworkPolicy promoted to GA
  • Primary contact (assignee): @danwinship
  • Responsible SIGs: @kubernetes/sig-network-misc
  • Design proposal link (community repo): Design Proposal
  • Reviewer(s): @thockin @caseydavenport
  • Approver: @thockin
  • Feature target (which target equals to which milestone):

    • Alpha release target (x.y) N/A

    • Beta release target (x.y) v1.5.0

    • Stable release target (x.y) v1.7.0

# Description Network Policy is a specification of how selections of pods are allowed to communicate with each other and other network endpoints. # Progress Tracker - [ ] Alpha - [ ] Write and maintain draft quality doc - [ ] During development keep a doc up-to-date about the desired experience of the feature and how someone can try the feature in its current state. Think of it as the README of your new feature and a skeleton for the docs to be written before the Kubernetes release. Paste link to Google Doc: **DOC-LINK** - [ ] Design Approval - [ ] Design Proposal. This goes under [design-proposals](https://github.com/kubernetes/community/tree/master/contributors/design-proposals). Doing a proposal as a PR allows line-by-line commenting from community, and creates the basis for later design documentation. Paste link to merged design proposal here: **PROPOSAL-NUMBER** - [ ] Decide which repo this feature's code will be checked into. Not everything needs to land in the core kubernetes repo. **REPO-NAME** - [ ] Initial API review (if API). Maybe same PR as design doc. **PR-NUMBER** - Any code that changes an API (`/pkg/apis/...`) - **cc `@kubernetes/api`** - [ ] Identify shepherd (your SIG lead and/or [email protected] will be able to help you). **My Shepherd is:** [email protected]_ (and/or GH Handle) - A shepherd is an individual who will help acquaint you with the process of getting your feature into the repo, identify reviewers and provide feedback on the feature. They are _not_ (necessarily) the code reviewer of the feature, or tech lead for the area. - The shepherd is _not_ responsible for showing up to Kubernetes-PM meetings and/or communicating if the feature is on-track to make the release goals. That is still your responsibility. - [ ] Identify secondary/backup contact point. **My Secondary Contact Point is:** [email protected]_ (and/or GH Handle) - [ ] Write (code + tests + docs) then get them merged. **ALL-PR-NUMBERS** - [ ] **Code needs to be disabled by default.** Verified by code OWNERS - [ ] Minimal testing - [ ] Minimal docs - cc `@kubernetes/docs` on docs PR - **cc `@kubernetes/feature-reviewers` on this issue** to get approval before checking this off - New apis: *Glossary Section Item* in the docs repo: kubernetes/kubernetes.github.io - [ ] Update release notes - [ ] Beta - [ ] Testing is sufficient for beta - [ ] User docs with tutorials - *Updated walkthrough / tutorial* in the docs repo: kubernetes/kubernetes.github.io - cc `@kubernetes/docs` on docs PR - **cc `@kubernetes/feature-reviewers` on this issue** to get approval before checking this off - [ ] Thorough API review - **cc `@kubernetes/api`** - [ ] Stable - [ ] docs/proposals/foo.md moved to docs/design/foo.md - **cc `@kubernetes/feature-reviewers` on this issue** to get approval before checking this off - [ ] Soak, load testing - [ ] detailed user docs and examples - **cc `@kubernetes/docs`** - **cc `@kubernetes/feature-reviewers` on this issue** to get approval before checking this off *FEATURE_STATUS is used for feature tracking and to be updated by `@kubernetes/feature-reviewers`.* **FEATURE_STATUS: IN_DEVELOPMENT** More advice: Design - Once you get LGTM from a *`@kubernetes/feature-reviewers`* member, you can check this checkbox, and the reviewer will apply the "design-complete" label. Coding - Use as many PRs as you need. Write tests in the same or different PRs, as is convenient for you. - As each PR is merged, add a comment to this issue referencing the PRs. Code goes in the http://github.com/kubernetes/kubernetes repository, and sometimes http://github.com/kubernetes/contrib, or other repos. - When you are done with the code, apply the "code-complete" label. - When the feature has user docs, please add a comment mentioning `@kubernetes/feature-reviewers` and they will check that the code matches the proposed feature and design, and that everything is done, and that there is adequate testing. They won't do detailed code review: that already happened when your PRs were reviewed. When that is done, you can check this box and the reviewer will apply the "code-complete" label. Docs - [ ] Write user docs and get them merged in. - User docs go into http://github.com/kubernetes/kubernetes.github.io. - When the feature has user docs, please add a comment mentioning `@kubernetes/docs`. - When you get LGTM, you can check this checkbox, and the reviewer will apply the "docs-complete" label.
sinetwork stagstable
Source
picture mdelio

Most helpful comment

The feature still works, it's just beta. And in fact, there's a facet of
the API (named ports) that apparently almost nobody implements, so leaving
it beta isn't unwarranted.

On Wed, Mar 1, 2017 at 12:30 AM, Andrew Howden notifications@github.com
wrote:

Ohh I know this is inappropriate for GitHub but I was super excited about
this feature!

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/kubernetes/features/issues/185#issuecomment-283276776,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AFVgVIlWaV_qUc3dEtLhvHyVlAleQ2sFks5rhSysgaJpZM4LwUfE
.

picture thockin on 1 Mar 2017
👍2

All 20 comments

@mdelio @thockin are there any updates on the feature status?

idvoretskyi picture idvoretskyi on 28 Feb 2017

The PR(s) missed the window. I am not sure if we should apply for an
exception, but it was largely my fault (review bandwidth)

On Tue, Feb 28, 2017 at 4:56 AM, Ihor Dvoretskyi notifications@github.com
wrote:

@mdelio https://github.com/mdelio @thockin https://github.com/thockin
are there any updates on the feature status?

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/kubernetes/features/issues/185#issuecomment-283031904,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AFVgVOqa3ju8h6PS2sfSbQgoa7wdq9HVks5rhBmFgaJpZM4LwUfE
.

thockin picture thockin on 1 Mar 2017

Ohh I know this is inappropriate for GitHub but I was super excited about this feature!

andrewhowdencom picture andrewhowdencom on 1 Mar 2017

The feature still works, it's just beta. And in fact, there's a facet of
the API (named ports) that apparently almost nobody implements, so leaving
it beta isn't unwarranted.

On Wed, Mar 1, 2017 at 12:30 AM, Andrew Howden notifications@github.com
wrote:

Ohh I know this is inappropriate for GitHub but I was super excited about
this feature!

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/kubernetes/features/issues/185#issuecomment-283276776,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AFVgVIlWaV_qUc3dEtLhvHyVlAleQ2sFks5rhSysgaJpZM4LwUfE
.

thockin picture thockin on 1 Mar 2017
👍2

@thockin thank you for clarifying.

idvoretskyi picture idvoretskyi on 1 Mar 2017

Thanks for the clarification @thockin. I'm guessing this will make it to GKE once it reaches GA in open source kubernetes?

lazyfunctor picture lazyfunctor on 22 Mar 2017
👍1

can someone from @kubernetes/sig-network-feature-requests update the issue description to the new template. Thanks!

calebamiles picture calebamiles on 4 May 2017

@calebamiles happy to update the description to the new template, but I don't seem to have the right GitHub permissions to do so.

caseydavenport picture caseydavenport on 4 May 2017

@caseydavenport invited to the features maintainers. Please, update the description.

idvoretskyi picture idvoretskyi on 18 May 2017
👍1

/assign @danwinship

cmluciano picture cmluciano on 19 May 2017

Current status:

caseydavenport picture caseydavenport on 6 Jun 2017

But also, we have to figure out if we want to get kubernetes/kubernetes#47123 (ability to update NetworkPolicy.spec) in

danwinship picture danwinship on 7 Jun 2017

Oh, what do we do about the old design proposal (which now documents incorrect semantics)? Delete it? Update it to reflect reality? Add a prominent comment noting that it is out of date?

danwinship picture danwinship on 8 Jun 2017

@danwinship I'd update it with a history section linking to relevant historic versions of it

luxas picture luxas on 8 Jun 2017

Current status:

  • [X] The networking/v1 API changes are merged: kubernetes/kubernetes#39164
  • [ ] The updated e2e tests are almost ready for merge kubernetes/kubernetes#46630
  • [ ] Docs are ready to merge kubernetes/kubernetes.github.io#4003

All three of those are now complete

But also, we have to figure out if we want to get kubernetes/kubernetes#47123 (ability to update NetworkPolicy.spec) in

It looks like people are OK with that sliding to 1.8.

danwinship picture danwinship on 8 Jun 2017

I think this can be closed?

danwinship picture danwinship on 12 Jun 2017

@idvoretskyi Anything left for us to do here?

cmluciano picture cmluciano on 12 Jun 2017

@cmluciano please keep it open until the release will be shipped - it may happen that the discussion has to continue.

idvoretskyi picture idvoretskyi on 12 Jun 2017

@idvoretskyi This feature is complete for 1.8. Is there anymore to do with this issue or do we just close it?

cmluciano picture cmluciano on 13 Jul 2017

I think we can close this

luxas picture luxas on 13 Jul 2017
👍1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

sparciii picture sparciii  Â·  13Comments
mitar picture mitar  Â·  8Comments
saschagrunert picture saschagrunert  Â·  6Comments
wlan0 picture wlan0  Â·  9Comments
xing-yang picture xing-yang  Â·  13Comments