Support both podSelector and namespaceSelector in NetworkPolicy #3312
Comments
|
@brb I gave it a shot to fix this #3428 It appears to me that current design to keep per namespace selector collection does not easily fit in to the combination of podSelector and namespaceSelector. So the association I extended a bit Before i go down the path can you check #3428 and see if there is any simple way to solve this? |
|
My idea was to get rid of the |
|
Hi friends, is this still targeted for 2.5.1 or needs more research on the approach? |
|
@murali-reddy thanks for the super quick update. I'm sure things are still in flux for 2.6 but is there any rough estimate? This would be hugely beneficial for us and i'm sure most of the other folks as separating apps to their own namespaces is pretty much a defacto setup but you still don't want everything in a namespace to be able to connect to everything in the other namespace :) I'd be happy to help test it out when the work ramps up. |
|
Sorry, not clear to me, does this mean that I cannot use both |
|
Yes, at the moment
its more like selected pods from selected namespaces |
in network policies - enhance selectorSpec to accomodate both pod and namespace selectors - enhance analysePolicy to handle policies with both selectors Fixes #3312
in network policies - enhance selectorSpec to accomodate both pod and namespace selectors - enhance analysePolicy to handle policies with both selectors Fixes #3312
|
PR #3647 is in progress implementing this feature. I have done testing with ingress and egress network policies with pod selectors, namespace selectors and combination of namespace and pod selectors. However more testing would be helpful. If any one wish to help test this functionality please replace |
Upcoming Kubernetes release will allow us to select pods in selected namespaces (kubernetes/kubernetes#60452). We should support it in weave-npc.
The text was updated successfully, but these errors were encountered: