Bug 1461208
Summary: | [RFE] Allow project administrators to manage networkpolicies in their own projects | ||
---|---|---|---|
Product: | OpenShift Container Platform | Reporter: | Alexis Solanas <asolanas> |
Component: | Networking | Assignee: | Dan Winship <danw> |
Status: | CLOSED ERRATA | QA Contact: | Hongan Li <hongli> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 3.5.0 | CC: | aos-bugs, bbennett, simon.gunzenreiner, xtian |
Target Milestone: | --- | ||
Target Release: | 3.7.0 | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | No Doc Update | |
Doc Text: |
(covered by other doc updates)
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2017-11-28 21:56:55 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Alexis Solanas
2017-06-13 21:47:54 UTC
1. Why does the customer need this? To enable a Feature team to work independently, network policies that would only affect routing *inside* of a project should be configurable on a project level. 2.How would the customer like to achieve this? (List the functional requirements here) That being said, a policy aspect like 'net.beta.kubernetes.io/network-policy={"ingress":{"isolation":"DefaultDeny"}}' must not be modifyable by a project admin. This will be fixed in 3.6 when https://github.com/openshift/origin/pull/14830 merges. Project admins will be able to create/edit/delete NetworkPolicies and NetworkPolicy will no longer need an annotation on the project to enable it. verified in atomic-openshift-3.6.135-1.git.0.56fd7dc.el7.x86_64, the normal user (project admin) can create/delete/list the networkpolices in their own projects. # oc create -f npolicy.yaml # oc get networkpolicy NAME POD-SELECTOR AGE allow-from-red-to-blue type=blue 1m allow-to-label type=blue 19m default-deny <none> 1h # oc delete networkpolicy allow-from-red-to-blue networkpolicy "allow-from-red-to-blue" deleted Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2017:3188 |