933e5be2cd
Ignore namespace and pod updates that we have not action items on. ( #556 )
2020-05-05 16:48:23 -07:00
6712d8b9b6
Making a fix to prevent NPM from deleting ipsets on delete network policies. ( #555 )
2020-05-05 11:39:17 -07:00
5e26843be6
Named Ports Support ( #553 )
...
* Initial changes to support named ports.
* add support for named ports via ipset ip+port hash
* fixing a couple of operational bugs
* adding simple test to validate named port parsing
2020-05-01 11:42:05 -07:00
26569aa10d
Update NPM base image to 20.04 ( #552 )
2020-04-30 11:27:44 -07:00
ef14c8d186
Fix a bug that created a random egress entry when deleting from ingress-centric policy group. Also added a check to add multiple default entries to prevent deletion of once policy to affect another. ( #551 )
2020-04-29 14:32:22 -07:00
8162a2bc45
Check Processed NP Map & Add Update Pod Conditions ( #546 )
...
* Check raw and processed network policy maps separately in add operation.
* Remove failed & succeeded pods from ipset
2020-04-14 11:19:32 -07:00
5bcce3b1ac
Revising add and update network policy logic in npm ( #544 )
2020-04-13 12:35:10 -07:00
e98b789916
Fix NPM Bugs ( #542 )
...
* Remove old npm chains which were causing errors on uninit
* Utilize rawNpMap and refrain from updating policies with no change.
* redacted
* add added policy to processedNpMap
2020-04-10 17:54:24 -07:00
38dc38e898
Move NPM from dep to go mod ( #539 )
...
* Moving NPM to use gomod
* Vendoring via go mod
* add more npm tests
* remove go dep specific commands
* adding pipeline changes
2020-04-06 16:18:17 -07:00
2427888550
Lock update operations to prevent race in between updates. ( #536 )
...
* Lock update operations to prevent race in between updates.
* fixing tests
* fixing nwpolicy files
2020-04-03 13:31:02 -07:00
d2ba9bb2f3
IPv6 Node IPAM ( #532 )
...
* switch to go mod
* pull node spec from apiserver
* carve v6 addresses
* address pool
* update go mod vendor
* build image
* build image
* build image
* separate go mod for npm
* add manager ipv6 ipam test
* added comments and addressed feedback
* address comments
* address comments
* address comments
* check if loaded
* address comments
* update pipeline
* update pipeline
* update test message
Co-authored-by: Ubuntu <azureuser@k8s-agentpool1-23761303-0.2w0jm2xwiahebmp33klngrlq1d.xx.internal.cloudapp.net>
2020-04-02 11:01:05 -07:00
b69f72ea3f
Update npm image version to use the latest v1.0.33 ( #521 )
2020-03-06 13:22:52 -08:00
358736681c
Upgrade packages at image build time ( #504 )
...
* upgrade packages at image build time
* update pipeline to use MCR
* use mcr
* use mcr
* use mcr
* use mcr
* use mcr
* use mcr
* env
* env
* update pipeline
* update pipeline
* update pipeline
* update pipeline
* update pipeline
* update pipeline
* update pipeline
* update pipeline
* update pipeline
* update pipeline
* update pipelines
* update pipelines
* update pipelines
2020-02-21 13:38:14 -08:00
0576688c57
copy kube-proxy tolerations NPM may run on customer tainted nodes ( #493 )
2020-02-07 11:53:22 -08:00
2378d37546
NPM Version Validation ( #498 )
...
* The value of minor was incorrectly assumed to be e.g. 14.8-hotfix.20191113 instead of 14+
* adding Jonathan Chauncey's test
* addressing Robbie's comments
2020-02-07 11:49:22 -08:00
ca00635a6b
Fix CNS regression ( #489 )
...
log.SetTarget creates the log file under log directory using golang os package. Whenever code sets the log directory, it needed to call SetTarget to create the actual log file under that directory. In the recent logger changes, InitLogger by default set the log directory to the current folder. This created the log file in the current folder. The code then set the log directory to a different location without a subsequent call to log.SetTarget. This resulted into the logger to not find the actual log file in the set log directory.
This fix updates the logger InitLogger function to accept the log directory to create the file in correct log directory. To avoid having such issue, this fix also combines the function calls to set log directory and set target into a single function. This prevents any out of order calls resulting into such issue.
2020-01-30 09:33:35 -08:00
21888133e9
Limit NPM AI Telemetry Handle Retrievals ( #488 )
...
* let npm loop 30 min (1 heartbeat interval) for AI telemetry handle
* fix cns dockerfile so that it may resolve it's ip via env var
2020-01-29 15:01:56 -08:00
dd1777c776
Network Policy Namespace Leak ( #479 )
...
* add changes to contain rule application within policy namespace
* fix slice leak
* fixing pod and namespace selector combination bug
2020-01-24 16:23:08 -08:00
df012bcd1f
Adding AI metrics for NPM ( #475 )
...
* Adding AI metrics for NPM
* addressing tamilmani's comments
2020-01-23 13:52:30 -08:00
94759f579b
Azure NPM UT Test Refactor ( #467 )
...
* add policy yamls for test scenarios
* fix policy names
* fix jump entry
2020-01-02 18:16:31 -08:00
e6c4e77476
append jump ipt entries and prepend the rest ( #468 )
2020-01-02 16:19:58 -08:00
d272578994
We need to allow external instead of all-namespaces when ingress/egress rules only contain {} ( #466 )
2020-01-02 14:26:27 -08:00
570f9b0920
Prevent Namespace Race ( #463 )
...
* poll api-server version for a minute before panicking
* always add namespace set, when adding nw policy
* create the ns set in add pod, if add namespace has not been called yet
2019-12-19 21:38:57 -08:00
43746bc677
apply policies in a way where the network policy may seem order agnostic ( #462 )
2019-12-18 16:28:08 -08:00
8ae2c0a3a2
Merge NPM Port Rules Properly ( #456 )
...
* Fix NPM port rules
* Add port entry logic for ipblock, namespace, and pod selector; Fix tests.
* removing unnecessary hops between chains
2019-12-17 15:45:28 -08:00
61ccd6f387
Fix NPM Regression & Remove TelemetryBuffer Sidecar ( #449 )
...
* give precedence to drop rules (over allow)
* - Moving kube-system-chain above target-sets-chain
- Add drop entry at the end of Ingress-From and Egress-To chains when there are non Allow-All* entries
* write logs to stdout (and log file) so that we can see logs via kubectl
* removing kube-system chain and fixing tests
* removing telemetry buffer
2019-12-05 13:58:11 -08:00
d27696bb9b
K8s Version Comparison Fix ( #437 )
...
* Modifying the way we compare k8s version so that we don't fail versions with hotfix / pre-release tag
* cleaning build directory
2019-11-14 18:25:17 -08:00
2c0ae6d723
Allow egress all and ingress all without target set ( #435 )
...
* allow all egress and ingress without drop
* remove comment breaks
* update test
* remove sleep and socket cleanup
* address feedback
* all namespaces
* fix tests
* update npm test
* aks-engine
* aks-engine
* pipeline
* pipeline
* pipeline
* pipeline
* remove comment breaks
* remove comment breaks
* remove comment breaks
* remove comment breaks
* pipeline
* pipeline
* pipeline
* pipeline
* pipeline
* pipeline
* pipeline
* pipeline
* pipeline
* pipeline
* pipeline
* pipeline
* pipeline
2019-11-14 11:11:11 -08:00
ca99852ac1
Pull azure-vnet-telemetry image from MCR ( #416 )
2019-10-01 12:28:23 -04:00
2e8d6f556e
Update npm yaml to version v1.0.28 ( #414 )
2019-09-30 20:39:19 -04:00
ff7b9c0801
clear stale states on creation ( #411 )
...
* clear stale states on creation
* log first UninitNpmChains() call
* adding kube system namespace after reboot
2019-09-30 19:09:49 -04:00
f2c8c38903
Adding tests to verify that allow policies should take precedence over deny ( #405 )
2019-09-25 17:45:22 -07:00
d2b3f58cef
Update azure-npm.yaml ( #404 )
2019-09-25 11:32:29 -07:00
c44e775344
NPM test fixes + Azure Pipelines ( #402 )
...
Initial Azure Pipelines config, run pipeline tests in container, CNM and NPM fixes
2019-09-20 16:15:08 -07:00
3ad49688d9
Fix default drop entries ( #398 )
...
* Retrieve and append the appropriate default drop entries based on policy type.
* Modifying translate_policy unit tests that use getDefaultDropEntries.
* Address Yongli's comments
2019-09-16 13:56:37 -07:00
36f188cfc9
Merge policies ( #390 )
2019-08-30 14:02:45 -07:00
d1d8d95ace
update base image to ubuntu:19.10 ( #378 )
2019-07-19 15:41:07 -07:00
f6bff8e3af
change telemetry to message queue and add npm ( #366 )
...
* change telemetry to message queue and add npm
* remove [Azure-NPM] prefix
* remove npmreport url
* fair scheduling
* holds up to 1k reports for each type
* fix cap on reports
2019-06-19 14:08:35 -07:00
313878e8c3
added default wait timeot to 60 seconds to get iptable lock ( #343 )
2019-04-24 16:34:58 -07:00
9cfec88252
add following support: ( #342 )
...
1. ip6table cmd support
2. wiat falg with timeout
2019-04-24 16:04:37 -07:00
cc49b45924
Add azure-npm documentation ( #329 )
...
* add azure-npm documentation
* address comment
2019-04-11 12:38:53 -07:00
ea70592862
Handle failover scenarios ( #320 )
2019-03-27 11:23:54 -07:00
97d3ddc13c
Honoring xtables lock ( #315 )
2019-03-20 14:25:53 -07:00
d8d848fe24
Support new network policy definition since Kubernetes version 1.11 ( #307 )
2019-03-01 15:46:17 -08:00
e5f6b0d03c
Update host machine ip ( #300 )
...
* Limiting the size of our buffered payload to ~2MB
* Changing IPs for calls to host machines from 169.254.169.254 to 168.63.129.16.
2019-02-26 16:03:29 -08:00
d05cabc9cd
removed calling gethostmetadata from npm as it will called by telemetry process
2019-02-01 17:22:04 -08:00
55dbf50359
fixed compilation issue in npm
2019-02-01 17:10:18 -08:00
434ddf768f
LIFO order for network policies ( #258 )
...
* reverseOrder
* add npm to circleCI
2018-10-12 15:40:45 -07:00
45914be23d
Adding telemetry report functions for DNC. ( #216 )
...
* Adding telemetry report functions for DNC.
* Addressing Yongli's suggestions.
* commit to switch branches
* Adding some changes to npm due to telemetry change.
* Modifying tests for interface reports...
2018-08-16 14:12:58 -07:00
6a0f9ff207
Add Azure-npm to provide k8s network policy support ( #173 )
...
* address comments
* make azure-npm versiona consistent with main version
* Npm telemetry (#12 )
* azure-npm
* set logging file
* parameterize telemetry API
* avoid null ptr derefence
* add telemetry to npm
* address comments
* add descriptive comments
* add copyright info
* returns on err
2018-07-19 14:23:11 -07:00
Jaeryn
Mathew Merrick
shchen
Ashvin Deodhar
Yongli Chen
tamilmani1989