msd api to return kubernetes network policy object #2396
Conversation
abvaidya
force-pushed
the
msd-k8s-policy-api
branch
from
c0c2c12 to
957c356
Compare
| include "KubernetesNetworkPolicy.tdl"; | ||
|
|
||
| // API endpoint to get the Kubernetes network policy converted from the corresponding MSD policy | ||
| resource KubernetesNetworkPolicyResponse GET "/domain/{domainName}/service/{serviceName}/kubernetesnetworkpolicy" { |
There was a problem hiding this comment.
It may not be feasible to call one service per request, for an environment with hundreds/thousands of services.
There was a problem hiding this comment.
It would be good to have an option to make batch call, another endpoint is also fine.
There was a problem hiding this comment.
yeah that could be another endpoint.
| resource KubernetesNetworkPolicyResponse GET "/domain/{domainName}/service/{serviceName}/kubernetesnetworkpolicy" { | ||
| DomainName domainName; //Name of the domain | ||
| EntityName serviceName; //Name of the service | ||
| KubernetesNetworkPolicyRequest request; //Struct representing input options based on the cluster context |
There was a problem hiding this comment.
How does this be passed for a get call ? am i missing something ?
There was a problem hiding this comment.
Good catch! It wont, I will update it to be POST.
| String requestedApiVersion (optional); //Requested network policy apiVersion | ||
| String networkPolicyNamespace (optional); //Kubernetes namespace for the network policy target | ||
| KubernetesLabelSelector podSelector (optional); //Kubernetes pod selector for the network policy target | ||
| } |
There was a problem hiding this comment.
I think one option is missing - whether to use a combination of namespace selector and label selector to form the k8s policies OR use only the label selector.
There was a problem hiding this comment.
I debated about that in my mind too, and added athenzDomainLabel key for that. But probably a good idea for a flag to indicate whether the athenzDomainLabel should be a namespace selector.
There was a problem hiding this comment.
upon further review, noticed this definition uses namespace selector as well, so let me rephrase the previous question - how can user choose between combination of namespace selector and label selector and only the label selector, using athenzServiceLabel ?
| } | ||
|
|
||
| // Kubernetes network policy port range | ||
| type KubernetesNetworkPolicyPort PolicyPort { |
There was a problem hiding this comment.
Can't we reuse TransportPolicyPort here, like TransportPolicyProtocol ?
There was a problem hiding this comment.
I would prefer to keep the objects separate for api calls even though they have similar members for now. RDL doesnt like to share Enums unlike Struct so couldn't create KubernetesNetworkPolicyProtocol
| @@ -7,7 +7,7 @@ | |||
|
|
|||
| // | |||
| // NetworkPolicyChangeEffect - IMPACT indicates that a change in network policy | |||
| // will interfere with workings of one or more transport policies NO_IMAPCT | |||
There was a problem hiding this comment.
😄 , took some time for me to realize what is changed
There was a problem hiding this comment.
😂 without spell check, I dont think I would have noticed it.
Signed-off-by: Abhijeet V <[email protected]>
abvaidya
force-pushed
the
msd-k8s-policy-api
branch
from
957c356 to
992d948
Compare
Description
Contribution Checklist:
Attach Screenshots (Optional)