Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

To Support Antrea Host Network Policy #5348

Closed
rajnkamr opened this issue Aug 2, 2023 · 6 comments
Closed

To Support Antrea Host Network Policy #5348

rajnkamr opened this issue Aug 2, 2023 · 6 comments
Assignees
@rajnkamr @Atish-iaf
Labels
area/network-policy Issues or PRs related to network policies. area/OS/linux Issues or PRs related to the Linux operating system. kind/feature Categorizes issue or PR as related to a new feature. lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale.

Comments

@rajnkamr
Copy link
Contributor

rajnkamr commented Aug 2, 2023

Describe the problem/challenge you have

Antrea Cluster network policy can be only applied to pod level,
Scope of the work involves
1.Support this feature on Node Interface in Encap mode by introducing new configuration toggle.
2.To handle non IP Packet in datapath
3.To handle IP Packet in datapath
4.To allow management connection to host when network policy is enforced

Describe the solution you'd like

This feature proposes to apply Antrea Cluster Network Policy to K8s Nodes. User can apply ACNP on K8s Node by using nodeSelector in appliedTo field and provide matching Node label(s).

Anything else you would like to add?

To support network policy application on host having multiple interface
@rajnkamr rajnkamr added the kind/feature Categorizes issue or PR as related to a new feature. label Aug 2, 2023
@rajnkamr rajnkamr added this to the Antrea v1.14 release milestone Aug 2, 2023
@rajnkamr rajnkamr added area/OS/linux Issues or PRs related to the Linux operating system. area/network-policy Issues or PRs related to network policies. labels Aug 2, 2023
@rajnkamr rajnkamr mentioned this issue Aug 2, 2023
Closed
@antoninbas
Copy link
Contributor

This is a duplicate of #4213, so please close one of them

@rajnkamr
Copy link
Contributor Author

rajnkamr commented Aug 3, 2023

@antoninbas ,
It is created to track additional use-cases related to Antrea Host network policy, apart from the use case which is mentioned in scope of #4213 , In 4213, we will not be supporting multiple interfaces use-case and few other use-cases.

@tnqn
Copy link
Member

tnqn commented Aug 3, 2023

@rajnkamr it seems the use cases mentioned in the issue is not very different from 4213. "To handle non IP Packet in datapath" doesn't seem a valid requirement, I don't know in which case users want to use NetworkPolicy to manage non IP packets.
Please also note that the proposal I made in #4213 (comment) didn't get agreement in the community meeting. So if your proposal is based on it, please consider the mentioned risks and complexity. I want to also mention that we are reconsidering other approaches that are less disruptive. To avoid duplicate efforts, please discuss your proposal first before making code change.

@rajnkamr
Copy link
Contributor Author

rajnkamr commented Aug 3, 2023

@tnqn
With non ip packet i meant packets which are not destined for pod network, for example for Host-level communication the node on which Antrea is running is a regular host in the network. As such, it may still receive and process non-IP packets destined for the node itself, unrelated to pod networking.
also the underlying network infrastructure that connects the nodes may carry non-IP traffic. For example, communication between network switches, routing protocols, or other specialized networking functions might utilize non-IP packets.

Although this issue is created based on #4213 proposal, we might not want to cover all use-cases under 4213,
Currently, proposal is in discussion only and demo solution is only partially ready, we will have design and final proposal discussion before going for final implementation.

@rajnkamr rajnkamr removed this from the Antrea v1.14 release milestone Aug 3, 2023
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Nov 2, 2023

This issue is stale because it has been open 90 days with no activity. Remove stale label or comment, or this will be closed in 90 days

@github-actions github-actions bot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Nov 2, 2023
@rajnkamr
Copy link
Contributor Author

closing , refer #4213 & #5671

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@rajnkamr rajnkamr

@Atish-iaf Atish-iaf

Labels
area/network-policy Issues or PRs related to network policies. area/OS/linux Issues or PRs related to the Linux operating system. kind/feature Categorizes issue or PR as related to a new feature. lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@antoninbas @tnqn @rajnkamr @Atish-iaf