* wip: apply dirty NetPols every 500ms in Linux
* only build npm linux image
* fix: check for empty cache
* feat: toggle for netpol interval. default 500 ms
* ci: remove stages "build binaries" and "run windows tests"
* wip: max batched netpols (toggle-specified)
* ci: remove manifest build/push for win npm
* wip: handle ipset deletion properly and max batch for delete too
* fix: correct remove policy
* fix: only remove policy if it was in kernel
* finalize toggles, allowing ability to turn off iptablesInBackground
* ci: conf + cyc use PR's configmaps
* fix: lints
* fix dp toggle: iptablesInBackground
* fix lock typo and config logging
* fix background thread. add comments. only add tmp ref when enabled
* copy pod selector list
* fix: removepolicy needs namespace too
* rename opInfo to event
* fix: fix references and prevent concurrent map read/write
* tmp: debug logging
* fix: missing set references by swap keys and values
* Revert "tmp: debug logging"
This reverts commit 70ed34c714ea4a6d009a1fe90a7168be4bedd5bf.
* fix: add podSelectorList to fake NetPol
* log: do not print error when failing to delete non-existent nft rule
* log: verbose iptables bootup
* log: use fmt.Errorf for clean logging
* log: never return error for iptables in background and fix some lints
* fix: activate/deactivate azure chain rules
* fix: correctly decrement netpols in kernel
* ci: run UTs again
* ci: update profiles. default to placefirst=false
* address comment: rename batch to pendingPolicy
* refactor: make dirty cache OS-specific
* test: UTs
* test: put UT cfg back to placefirst to not break things
* ci: update cyclonus workflows
* fmt: address comment & lint
* fmt: rename numInKernel to policiesInKernel
* log: switch to fmt.Errorf
* fmt: whitespace
* feat: resiliency to errors while reconciling dirty netpols
* log: temporarily print everything for ipset restore
* fix: remove nomatch from ipset -D for cidr blocks
* test: UTs for non-happy path
* test: fix hns fake
* fix: don't change windows. let it delete ipsets when removing policies
* fix windows lint
* fix: ignore chain doesn't exist errors for iptables -D
* feat: latency and failure metrics
* test: update exit code for UT
* metrics: new metrics should go in node-metrics path
* style: simplify nesting
* style: move identical windows & linux code to shared file
* ci: remove v1 conformance and cyclonus
* feat: add NetPols in background from the DP (revert background code in pMgr)
* style: remove "background" from iptables metrics
* revert changes in ipsetmanager, const.go, and dp.Remove/UpdatePolicy
* style: whitespace
* perf: use len() instead of creating slice from map
* remove verbosity for iptables bootup
* build: add return statement
* style: whitespace
* build: fix variable shadowing
* build: fix more import shadowing
* build: windows pointer issue and UT issue
* test: fix UT for iptables error code 2
* ci: enable linux scale test
* ci: revert to master pipeline.yaml
* revert changes to chain-management. do changes in PR #2012
* log: change wording
* test: UTs for netpol in background
* log: wording
* feat: apply ipsets for each netpol individually
* config: rearrange ConfigMap & update capz yaml
* fix: windows bootup phase logic for addpolicy
* feat: restrict netpol in background to linux + nftables
* test: skip nftables check for UT
* style: netpols[0] instead of loop
* log: address log comments
* style: lint for long line
---------
Co-authored-by: Vamsi Kalapala <vakr@microsoft.com>
* cherry-picking stuff from apply in background POC
* add all policies poc
* add debug prints
* fix deadlock
* fix other GetPolicy deadlock
* update whitespace in yamls
* properly merge
* properly merge 2
* add ACLs in batches
* cleanup errors
* lint and log
* persist state as we add
* refactor into function so we can do UTs on batching
* fix lint
* batch struct
* successful policies
* reduce batch limit to 30
* wip
* fix UT by applying dataplane immediately for RemovePolicy()
* configmap options for apply in background
* fix deadlocks
* better logging
* rename config variables, update default config, change shouldApply check
* update configmap values
* FIXME: remove tmp commit overriding applyDP config (using for pipeline tests)
* optimize applying ipsets for add policy
* cleanup code and finalize apply ipsets for netpols
* flip order of if statement
* UTs. address comments. fix netpol behavior by waiting to start pod controller
* all UTs except ones related to issue #1729
* remove bootup phase stuff
* fix lints and move applyinbackground to toggle
* fix lint
* don't check isWindows every time
* use diff var for applyinbackground
* fix lint
* set kubeconfig on capz
* update dockerfile
* test network name Calico
* add base acls
* add WindowsNetworkName toggle and revert hard coded Calico parts
* update base acls for calico and add UTs
* capitalize calico network name
* fix connectivity. try with host allow acls
* revert change to policy_windows.go
* more UTs and add base ACLs for other "new endpoint" scenario
* run all UTs
* update npm image to .42
* add log line
* allow traffic going inter-node
* Revert "allow traffic going inter-node"
This reverts commit e1014822d5.
* add long-runner pod for testing vfp tags in capz
* fix lints
* add placeFirst to pMgr cfg
* add placeFirst=false functionality to v2
* use constant instead of bool values for placeFirst
* fix bug and update cyclonus profiles
* set placefirst config based on configmap
* make code cleaner
* position azure jump first or directly after kube jump
* fix npm encoder ut
* Update codes to enable V2 NPM
* Deleted dead codes (if we want to keep it, please let me know)
* Update azure-npm.yaml to add toggle parameters
* Fix incorrect call for v2 NPM
* put jump from forward to azure-npm chain above the one to kube-services
* update unit test
* add toggle for chain position
* incorporate toggle in iptm and update UTs. v1 controller tests seem broken
* rename toggle name
* jump to azure chain on new ct state and update default toggle (UTs will break)
* make util constant for UTs and fix UT errors (besides ones I get for controllers)
* added missing module args for ctstate NEW
* reconcile jump to azure chain at top
* delete deprecated jump to azure chain on uninit, and fix go lint
* assign correct default toggle value
* addressed comments
* fix UTs after removing index 1 for placing chain first. Also make all tests subtests for check and add forward chain
* set PlaceAzureChainFirst: true
* switch to correct default for PlaceAzureChainFirst
Hunter Gregory
Nitish Malhotra
Mathew Merrick
JungukCho