Skip to content

Commit d661fc1

Browse files
aojeaaojea
authored
Merge pull request #157 from aojea/domainnames
Admin Network Policies: NPEP-133: Domain Names Selector for Egress Traffic
2 parents 38be8ab + 9fb72b9 commit d661fc1

File tree

20 files changed

+1735
-109
lines changed

20 files changed

+1735
-109
lines changed

.github/workflows/bats.yml

Lines changed: 43 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,43 @@
1+
name: bats
2+
3+
on:
4+
push:
5+
branches:
6+
- 'main'
7+
tags:
8+
- 'v*'
9+
pull_request:
10+
branches: [ main ]
11+
workflow_dispatch:
12+
13+
env:
14+
GO_VERSION: "1.23"
15+
K8S_VERSION: "v1.32.0"
16+
KIND_VERSION: "v0.27.0"
17+
IMAGE_NAME: registry.k8s.io/networking/kube-network-policies
18+
KIND_CLUSTER_NAME: kind
19+
20+
jobs:
21+
bats_tests:
22+
runs-on: ubuntu-22.04
23+
name: Bats e2e tests
24+
steps:
25+
- name: Checkout
26+
uses: actions/checkout@v2
27+
- name: Setup Bats and bats libs
28+
id: setup-bats
29+
uses: bats-core/[email protected]
30+
- name: Bats tests
31+
shell: bash
32+
env:
33+
BATS_LIB_PATH: ${{ steps.setup-bats.outputs.lib-path }}
34+
TERM: xterm
35+
run: bats -o _artifacts tests/
36+
37+
- name: Upload logs
38+
if: always()
39+
uses: actions/upload-artifact@v4
40+
with:
41+
name: kind-logs-${{ env.JOB_NAME }}-${{ github.run_id }}
42+
path: ./_artifacts
43+

.github/workflows/e2e.yml

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -46,7 +46,7 @@ jobs:
4646

4747
e2e:
4848
name: e2e
49-
runs-on: ubuntu-22.04
49+
runs-on: ubuntu-latest
5050
timeout-minutes: 100
5151
needs:
5252
- build
@@ -87,7 +87,10 @@ jobs:
8787
sudo cp ${TMP_DIR}/e2e.test /usr/local/bin/e2e.test
8888
sudo cp ${TMP_DIR}/kubectl /usr/local/bin/kubectl
8989
sudo cp ${TMP_DIR}/kind /usr/local/bin/kind
90-
sudo chmod +x /usr/local/bin/*
90+
sudo chmod +x /usr/local/bin/ginkgo
91+
sudo chmod +x /usr/local/bin/e2e.test
92+
sudo chmod +x /usr/local/bin/kubectl
93+
sudo chmod +x /usr/local/bin/kind
9194
9295
- name: Create multi node cluster
9396
run: |

.github/workflows/npa.yml

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -47,7 +47,7 @@ jobs:
4747

4848
e2e_npa:
4949
name: e2e_npa
50-
runs-on: ubuntu-22.04
50+
runs-on: ubuntu-latest
5151
timeout-minutes: 100
5252
needs:
5353
- build
@@ -78,7 +78,9 @@ jobs:
7878
# Install
7979
sudo cp ${TMP_DIR}/kubectl /usr/local/bin/kubectl
8080
sudo cp ${TMP_DIR}/kind /usr/local/bin/kind
81-
sudo chmod +x /usr/local/bin/*
81+
sudo chmod +x /usr/local/bin/kubectl
82+
sudo chmod +x /usr/local/bin/kind
83+
8284
8385
- name: Create multi node cluster
8486
run: |

.gitignore

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -15,3 +15,4 @@
1515
# vendor/
1616
bin/
1717
dist/
18+
_artifacts/

cmd/main.go

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -38,6 +38,7 @@ var (
3838
metricsBindAddress string
3939
hostnameOverride string
4040
netfilterBug1766Fix bool
41+
disableNRI bool
4142
)
4243

4344
func init() {
@@ -48,6 +49,7 @@ func init() {
4849
flag.StringVar(&metricsBindAddress, "metrics-bind-address", ":9080", "The IP address and port for the metrics server to serve on")
4950
flag.StringVar(&hostnameOverride, "hostname-override", "", "If non-empty, will be used as the name of the Node that kube-network-policies is running on. If unset, the node name is assumed to be the same as the node's hostname.")
5051
flag.BoolVar(&netfilterBug1766Fix, "netfilter-bug-1766-fix", true, "If set, process DNS packets on the PREROUTING hooks to avoid the race condition on the conntrack subsystem, not needed for kernels 6.12+ (see https://bugzilla.netfilter.org/show_bug.cgi?id=1766)")
52+
flag.BoolVar(&disableNRI, "disable-nri", false, "If set, disable NRI, that is used to get the Pod IP information directly from the runtime to avoid the race explained in https://issues.k8s.io/85966")
5153

5254
flag.Usage = func() {
5355
fmt.Fprint(os.Stderr, "Usage: kube-network-policies [options]\n\n")

go.mod

Lines changed: 43 additions & 30 deletions
Original file line numberDiff line numberDiff line change
@@ -3,35 +3,41 @@ module sigs.k8s.io/kube-network-policies
33
go 1.23.0
44

55
require (
6+
github.com/armon/go-radix v1.0.0
7+
github.com/containerd/nri v0.9.0
68
github.com/florianl/go-nfqueue v1.3.2
7-
github.com/google/go-cmp v0.6.0
9+
github.com/google/go-cmp v0.7.0
810
github.com/google/nftables v0.3.0
911
github.com/mdlayher/netlink v1.7.3-0.20250113171957-fbb4dce95f42
10-
github.com/prometheus/client_golang v1.20.5
12+
github.com/prometheus/client_golang v1.21.1
13+
github.com/vishvananda/netlink v1.3.0
1114
github.com/vishvananda/netns v0.0.5
12-
golang.org/x/sys v0.30.0
13-
k8s.io/api v0.32.2
14-
k8s.io/apimachinery v0.32.2
15-
k8s.io/client-go v0.32.2
16-
k8s.io/component-base v0.32.1
17-
k8s.io/component-helpers v0.32.0
15+
golang.org/x/net v0.38.0
16+
golang.org/x/sys v0.32.0
17+
k8s.io/api v0.32.3
18+
k8s.io/apimachinery v0.32.3
19+
k8s.io/client-go v0.32.3
20+
k8s.io/component-base v0.32.3
21+
k8s.io/component-helpers v0.32.3
1822
k8s.io/klog/v2 v2.130.1
19-
k8s.io/utils v0.0.0-20241210054802-24370beab758
20-
sigs.k8s.io/network-policy-api v0.1.5
23+
k8s.io/utils v0.0.0-20250321185631-1f6e0b77f77e
24+
sigs.k8s.io/network-policy-api v0.1.6-0.20250401132235-45061d10895e
2125
)
2226

2327
require (
2428
github.com/beorn7/perks v1.0.1 // indirect
2529
github.com/blang/semver/v4 v4.0.0 // indirect
2630
github.com/cespare/xxhash/v2 v2.3.0 // indirect
31+
github.com/containerd/log v0.1.0 // indirect
32+
github.com/containerd/ttrpc v1.2.6-0.20240827082320-b5cd6e4b3287 // indirect
2733
github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
28-
github.com/emicklei/go-restful/v3 v3.12.1 // indirect
29-
github.com/fxamacker/cbor/v2 v2.7.0 // indirect
34+
github.com/emicklei/go-restful/v3 v3.12.2 // indirect
35+
github.com/fxamacker/cbor/v2 v2.8.0 // indirect
3036
github.com/go-logr/logr v1.4.2 // indirect
3137
github.com/go-logr/zapr v1.3.0 // indirect
32-
github.com/go-openapi/jsonpointer v0.21.0 // indirect
38+
github.com/go-openapi/jsonpointer v0.21.1 // indirect
3339
github.com/go-openapi/jsonreference v0.21.0 // indirect
34-
github.com/go-openapi/swag v0.23.0 // indirect
40+
github.com/go-openapi/swag v0.23.1 // indirect
3541
github.com/gogo/protobuf v1.3.2 // indirect
3642
github.com/golang/protobuf v1.5.4 // indirect
3743
github.com/google/gnostic-models v0.6.9 // indirect
@@ -40,35 +46,42 @@ require (
4046
github.com/inconshreveable/mousetrap v1.1.0 // indirect
4147
github.com/josharian/intern v1.0.0 // indirect
4248
github.com/json-iterator/go v1.1.12 // indirect
43-
github.com/klauspost/compress v1.17.11 // indirect
49+
github.com/klauspost/compress v1.18.0 // indirect
50+
github.com/knqyf263/go-plugin v0.8.1-0.20240827022226-114c6257e441 // indirect
4451
github.com/mailru/easyjson v0.9.0 // indirect
4552
github.com/mdlayher/socket v0.5.1 // indirect
4653
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
4754
github.com/modern-go/reflect2 v1.0.2 // indirect
4855
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
56+
github.com/opencontainers/runtime-spec v1.0.3-0.20220825212826-86290f6a00fb // indirect
4957
github.com/pkg/errors v0.9.1 // indirect
5058
github.com/prometheus/client_model v0.6.1 // indirect
51-
github.com/prometheus/common v0.61.0 // indirect
52-
github.com/prometheus/procfs v0.15.1 // indirect
53-
github.com/spf13/cobra v1.8.1 // indirect
54-
github.com/spf13/pflag v1.0.5 // indirect
59+
github.com/prometheus/common v0.63.0 // indirect
60+
github.com/prometheus/procfs v0.16.0 // indirect
61+
github.com/sirupsen/logrus v1.9.3 // indirect
62+
github.com/spf13/cobra v1.9.1 // indirect
63+
github.com/spf13/pflag v1.0.6 // indirect
64+
github.com/tetratelabs/wazero v1.8.2-0.20241030035603-dc08732e57d5 // indirect
5565
github.com/x448/float16 v0.8.4 // indirect
56-
go.opentelemetry.io/otel v1.33.0 // indirect
57-
go.opentelemetry.io/otel/trace v1.33.0 // indirect
66+
go.opentelemetry.io/otel v1.35.0 // indirect
67+
go.opentelemetry.io/otel/trace v1.35.0 // indirect
5868
go.uber.org/multierr v1.11.0 // indirect
5969
go.uber.org/zap v1.27.0 // indirect
60-
golang.org/x/net v0.34.0 // indirect
61-
golang.org/x/oauth2 v0.25.0 // indirect
62-
golang.org/x/sync v0.10.0 // indirect
63-
golang.org/x/term v0.28.0 // indirect
64-
golang.org/x/text v0.21.0 // indirect
65-
golang.org/x/time v0.9.0 // indirect
66-
google.golang.org/protobuf v1.36.2 // indirect
70+
golang.org/x/oauth2 v0.29.0 // indirect
71+
golang.org/x/sync v0.13.0 // indirect
72+
golang.org/x/term v0.31.0 // indirect
73+
golang.org/x/text v0.24.0 // indirect
74+
golang.org/x/time v0.11.0 // indirect
75+
google.golang.org/genproto/googleapis/rpc v0.0.0-20240826202546-f6391c0de4c7 // indirect
76+
google.golang.org/grpc v1.65.0 // indirect
77+
google.golang.org/protobuf v1.36.6 // indirect
6778
gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect
6879
gopkg.in/inf.v0 v0.9.1 // indirect
6980
gopkg.in/yaml.v3 v3.0.1 // indirect
70-
k8s.io/kube-openapi v0.0.0-20241212222426-2c72e554b1e7 // indirect
81+
k8s.io/cri-api v0.25.3 // indirect
82+
k8s.io/kube-openapi v0.0.0-20250318190949-c8a335a9a2ff // indirect
7183
sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 // indirect
72-
sigs.k8s.io/structured-merge-diff/v4 v4.5.0 // indirect
84+
sigs.k8s.io/randfill v1.0.0 // indirect
85+
sigs.k8s.io/structured-merge-diff/v4 v4.6.0 // indirect
7386
sigs.k8s.io/yaml v1.4.0 // indirect
7487
)

0 commit comments

Comments
 (0)