-
Epic
-
Resolution: Unresolved
-
Major
-
None
-
None
-
None
-
None
-
backdoor-icmp-config-network-policy
-
In Progress
-
Product / Portfolio Work
-
-
63% To Do, 25% In Progress, 13% Done
-
False
-
-
False
-
Not Selected
-
None
-
None
-
None
Template:
Networking Definition of Planned
Epic Template descriptions and documentation
Epic Goal
- Kubernetes Network Policies don't allow ICMP protocol matches
- KNPWG also doesn't allow ICMP protocol matches in MultiNetworkPolicies
- Long term correct solution is to account for ICMP (like we are in CNPs upstream)
- In the interim customers are asking to have ICMP allowed always when using network policies like ARP is.
- This EPIC tracks the short-term backdoor channel to be used for customers via config-knob like BGP loose mode
- We don't plan to document this feature and in the long term the proper fix is to do https://issues.redhat.com/browse/RFE-6896 in the successor of MNPs
- There is a PR upstream that does this already: https://github.com/ovn-kubernetes/ovn-kubernetes/pull/5247 that needs to be reviewed
- NOTE: Some open ended-questions to be answered - should we be doing this only for MNPs for now? Won't doing it for NPs break K8s conformance or not?
- CNO PR to allow customers to enable this also needs to be done
- no-docs, yes-qe effort.
Why is this important?
Planning Done Checklist
The following items must be completed on the Epic prior to moving the Epic from Planning to the ToDo status
Priority+ is set by engineering- Epic must be Linked to a +Parent Feature
- Target version+ must be set
- Assignee+ must be set
- (Enhancement Proposal is Implementable
- (No outstanding questions about major work breakdown
- (Are all Stakeholders known? Have they all been notified about this item?
- Does this epic affect SD? {}Have they been notified{+}? (View plan definition for current suggested assignee)
- Please use the “Discussion Needed: Service Delivery Architecture Overview” checkbox to facilitate the conversation with SD Architects. The SD architecture team monitors this checkbox which should then spur the conversation between SD and epic stakeholders. Once the conversation has occurred, uncheck the “Discussion Needed: Service Delivery Architecture Overview” checkbox and record the outcome of the discussion in the epic description here.
- The guidance here is that unless it is very clear that your epic doesn’t have any managed services impact, default to use the Discussion Needed checkbox to facilitate that conversation.
Additional information on each of the above items can be found here: Networking Definition of Planned
Acceptance Criteria
- CI - MUST be running successfully with tests automated
- Release Technical Enablement - Provide necessary release enablement
details and documents.
...
Dependencies (internal and external)
1.
...
Previous Work (Optional):
1. …
Open questions::
1. …
Done Checklist
- CI - CI is running, tests are automated and merged.
- Release Enablement <link to Feature Enablement Presentation>
- DEV - Upstream code and tests merged: <link to meaningful PR or GitHub Issue>
- DEV - Upstream documentation merged: <link to meaningful PR or GitHub Issue>
- DEV - Downstream build attached to advisory: <link to errata>
- QE - Test plans in Polarion: <link or reference to Polarion>
- QE - Automated tests merged: <link or reference to automated tests>
- DOC - Downstream documentation merged: <link to meaningful PR>
