Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support grouping internet network policies by /24 CIDR to reduce number of IP addresses per policy #513

Merged
merged 8 commits into from
Nov 13, 2024
Merged

Support grouping internet network policies by /24 CIDR to reduce number of IP addresses per policy #513

merged 8 commits into from
Nov 13, 2024

Conversation

evyatarmeged
Copy link
Contributor

@evyatarmeged evyatarmeged commented Nov 10, 2024
edited by amitlicht
Loading

Description

ClientIntents with DNS names are eventually translated into Egress network policies with IP addresses. The number of IPs per policy could get quite big, causing unexpected behavior in multiple CNIs. This change adds a feature flag for consolidating IPs to /24 networks to reduce the number of addresses per policy.

Testing

Describe how this can be tested by reviewers. Be specific about anything not tested and reasons why. If this library has unit and/or integration testing, tests should be added for new functionality and existing tests should complete without errors.

Please include any manual steps for testing end-to-end or functionality not covered by unit/integration tests.

Also include details of the environment this PR was developed in (language/platform/browser version).

  • This change adds test coverage for new/changed/fixed functionality

@evyatarmeged evyatarmeged changed the title Tweaking internet egress netpol builder to consolidate multiple IPs to /16 networks if possible Changing internet network policies to use /16 networks to reduce number of IP addresses per policy Nov 10, 2024
@amitlicht amitlicht changed the title Changing internet network policies to use /16 networks to reduce number of IP addresses per policy Support grouping internet network policies by /16 CIDR to reduce number of IP addresses per policy Nov 10, 2024
@amitlicht amitlicht mentioned this pull request Nov 10, 2024
Merged
@amitlicht amitlicht changed the title Support grouping internet network policies by /16 CIDR to reduce number of IP addresses per policy Support grouping internet network policies by /24 CIDR to reduce number of IP addresses per policy Nov 10, 2024
@evyatarmeged evyatarmeged merged commit 46abcae into main Nov 13, 2024
20 checks passed
@evyatarmeged evyatarmeged deleted the evya/egress_ip_to_cidr_consolidation branch November 13, 2024 01:20
@github-actions github-actions bot locked and limited conversation to collaborators Nov 13, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@amitlicht amitlicht amitlicht approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@evyatarmeged @amitlicht