Skip to content

Define own NetworkPolicyPort field.#219

Merged
majst01 merged 4 commits into
masterfrom
own-networking-policy
Jun 16, 2026
Merged

Define own NetworkPolicyPort field.#219
majst01 merged 4 commits into
masterfrom
own-networking-policy

Conversation

@Gerrit91

@Gerrit91 Gerrit91 commented May 11, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Description

Closes #73.

Noteworthy

The `ClusterWideNetworkPolicy` only supports ports of type `int32` now. Before that, we allowed `intstr`. The string value, however, was always prevented by validation such that the transition should not cause any issues.

Used AI-Tools ✨

  • None used for generation

Gerrit91
Gerrit91 commented May 11, 2026
View reviewed changes
Comment thread pkg/nftables/networkpolicy.go Outdated
func calculatePorts(ports []firewallv1.NetworkPolicyPort) (tcpPorts, udpPorts []string) {
for _, p := range ports {
proto := proto(p.Protocol)
portStr := fmt.Sprint(p.Port)

@Gerrit91 Gerrit91 May 11, 2026

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I am not sure if this really worked before in case nil was provided? 🙈

@Gerrit91 Gerrit91 May 11, 2026

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Took out the pointer possibility as to me it looked like this was not working.

@Gerrit91 Gerrit91 marked this pull request as ready for review May 11, 2026 08:56
@Gerrit91 Gerrit91 requested a review from a team as a code owner May 11, 2026 08:56
majst01
majst01 reviewed May 11, 2026
View reviewed changes
Comment thread pkg/nftables/service_test.go
}

func port(p int) *intstr.IntOrString {
intstr := intstr.FromInt(p)

@majst01 majst01 May 11, 2026

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I thought we can now get rid of this as we only support int ports now ?

@Gerrit91 Gerrit91 May 11, 2026

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's in a test and we use to create rules from Kubernetes resources (i.e. Service) for which we cannot change the type.

@Gerrit91 Gerrit91 moved this to In Progress in Development Jun 1, 2026
@majst01

majst01 commented Jun 8, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Kubernetes actually defines a ClusterNetworkPolicy: https://network-policy-api.sigs.k8s.io/api-overview/ exactly for the purpose we aim for.

https://github.com/kubernetes-sigs/network-policy-api/blob/main/apis/v1alpha2/clusternetworkpolicy_types.go

Maybe we should migrate to that ?

@majst01 majst01 merged commit b32ee2e into master Jun 16, 2026
2 checks passed
@majst01 majst01 deleted the own-networking-policy branch June 16, 2026 12:40
@github-project-automation github-project-automation Bot moved this from In Progress to Done in Development Jun 16, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@majst01 majst01 majst01 approved these changes

Assignees

No one assigned

Labels

None yet

Projects

Development
Status: Done

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

implementation is not matching the cwnp spec

2 participants

@Gerrit91 @majst01