Uploaded image for project: 'OpenShift Virtualization'
  1. OpenShift Virtualization
  2. CNV-24259

OVN Kubernetes multi-homing in CNV: ipBlock Policies

XMLWordPrintable

    • cnv-ovn-k-multi-policies-ip-block
    • Hide
      • (must-have) D/S test automation
      • (must-have) D/S documentation covering this as a separate page or an extension of the current CNV-NetworkPolicies documentation. This documentation should clearly cover the conditions under which can be Policies used with VMs
      • (must-have) VMs connected to localnet not using OVN Kubernetes IPAM should be able to utilize NetworkPolicies API with ipBlock
      • (should-have) VMs connected to L2 overlay not using OVN Kubernetes IPAM should be able to utilize NetworkPolicies API with ipBlock
      • (should-have) Test network segmentation including inter-VM communication
      • No UXD.
      Show
      (must-have) D/S test automation (must-have) D/S documentation covering this as a separate page or an extension of the current CNV-NetworkPolicies documentation. This documentation should clearly cover the conditions under which can be Policies used with VMs (must-have) VMs connected to localnet not using OVN Kubernetes IPAM should be able to utilize NetworkPolicies API with ipBlock (should-have) VMs connected to L2 overlay not using OVN Kubernetes IPAM should be able to utilize NetworkPolicies API with ipBlock (should-have) Test network segmentation including inter-VM communication No UXD.
    • Green
    • To Do
    • CNV-16692 - Networking OVN and UDN Integration
    • CNV-16692Networking OVN and UDN Integration
    • 0% To Do, 0% In Progress, 100% Done
    • dev-ready, doc-ready, po-ready, qe-ready, ux-ready
    • Hide

      2024-02-05: WIP...

      Show
      2024-02-05: WIP...

      Goal

      Productize NetworkPolicy API with OpenShift Virtualization on secondary networks.

      User Stories

      • As a developer,
        I want to segment traffic on secondary networks.
      • As a cluster admin,
        I need to enforce a network policy that allows VM-to-VM communication only within specific IP blocks,
        restricting inter-VM traffic to predefined network boundaries.
      • As a cluster administrator,
        I want to define a network policy that enables communication between a VM and a specific service running on a different node within the cluster,
        but only if the traffic is limited to predefined IP blocks.

      Non-Requirements

      Notes

      • <...>

      Done Checklist

      Who What Reference
      DEV Upstream roadmap issue N/A
      DEV Upstream code and tests merged https://github.com/ovn-org/ovn-kubernetes/pull/3814
      DEV Upstream documentation merged https://github.com/ovn-org/ovn-kubernetes/blob/master/docs/multi-homing.md#multi-network-policies
      DEV gap doc updated N/A
      DEV Upgrade consideration None
      DEV CEE/PX summary presentation N/A
      QE Test plans in Polarion https://polarion.engineering.redhat.com/polarion/#/project/CNV/workitem?id=CNV-10456
      QE Automated tests merged https://code.engineering.redhat.com/gerrit/c/cnv-tests/+/450272/6..8
      DOC Downstream documentation merged https://github.com/openshift/openshift-docs/pull/71717

       

              nrozen@redhat.com Nir Rozen
              phoracek@redhat.com Petr Horacek
              Nir Rozen Nir Rozen
              Votes:
              1 Vote for this issue
              Watchers:
              7 Start watching this issue

                Created:
                Updated:
                Resolved: