v0.2.0

API Version: v1alpha2

This is a minor release of the network-policy-api that introduces v1alpha2 version of the API with
a single unified resource for cluster administrators:

• ClusterNetworkPolicy (CNP)

ClusterNetworkPolicy combines the previously separate AdminNetworkPolicy and
BaselineAdminNetworkPolicy resources into a single CRD with a tier field
(Admin or Baseline) to control policy precedence. See NPEP-285 for more details.

The new aspects of the API being released here that are worth highlighting include:

• The Allow action has been renamed to Accept.
• NPEP-187: Ports and Protocols - The ports field has been replaced with
  a new protocols field that provides explicit per-protocol matching for TCP,
  UDP, and SCTP with clearer semantics.
• Reduced MaxItems from 100 to 25 for rules and peers

What's Changed

• npep-285: Combine ANP and BANP by @npinaeva in #289
• ClusterNetworkPolicy: implementation and clients by @npinaeva in #306
• [CRD doc] replace "lower priority" with "lower precedence". by @npinaeva in #310
• Allow => Accept by @bowei in #318
• Remove dependency on perl (for awk) in the update codegen script by @bowei in #327
• use latest version of kube-network-policies for testing by @aojea in #322
• Bump 1.34 by @aojea in #323
• Update the Makefile help text to include all of the targets by @bowei in #325
• CNP update tests by @npinaeva in #307
• Update OWNERS by @npinaeva in #334
• Update the user stories to ClusterNetworkPolicy by @bowei in #321
• Change MaxItems from 100 to 25 by @bowei in #329
• Fix make conformance to select only the requested tests by @bowei in #336
• Some fixes to codegen by @bowei in #337
• Update comment to match validation rules (100 => 25) by @bowei in #338
• Adds unit test to test CRDs by @bowei in #331
• CNP: update docs to use CNP instead of ANP and BANP by @npinaeva in #333
• [conformance] Make host network ports configurable. by @npinaeva in #345
• npep-187: More protocols support by @npinaeva in #297
• Implements option #3 (npep-187: More protocols support) by @bowei in #347
• Fix typo 'continguous'. by @fasaxc in #356
• Update conformance test for new protocol/port schema by @TheBeeZee in #357
• Conformance: Improve test reliability by @mazdakn in #353
• [conformance] increase test timeout due to the added retries by @npinaeva in #362
• Bump k8s dependencies to 1.35.2 and lint v2 by @tssurya in #373
• Run make docs by @tssurya in #367
• Update docs to match port/protocol schema changes in v1alpha2 by @TheBeeZee in #363
• chore(docs): add cnp support in kube-ovn by @SkalaNetworks in #354
• Add a simple dependabot config by @npinaeva in #377
• Bump golang from 1.15 to 1.26 by @dependabot[bot] in #378
• Cut release v0.2.0 by @tssurya in #369

New Contributors

• @bowei made their first contribution in #318
• @TheBeeZee made their first contribution in #357
• @mazdakn made their first contribution in #353
• @SkalaNetworks made their first contribution in #354
• @dependabot[bot] made their first contribution in #378

Full Changelog: v0.1.7...v0.2.0

v0.1.7

API Version: v1alpha1

This is a patch release of the network-policy-api. It includes two
main resources geared towards cluster admins:

• AdminNetworkPolicy
• BaselineAdminNetworkPolicy

The new aspects of the API being released here that are worth highlighting include:

• A new type of egress peer networks is supported to be able to express CIDR ranges as peers
• An experimental egress peer nodes is supported to be able to express Kubernetes nodes as peers
• An experimental egress peer domainNames is supported to be able to express FQDNs as peers
• Docs text change around calling out that host-networked pods are not selected as part of subject or peers
• More conformance tests specially for the new fields

Another noteworthy change is the removal of sameLabels and notSameLabels fields from the API.
Originally these fields were added to be able to express a form of tenancy that was relative to
the selected subject of the policy. Given the selection based on sameness and not-sameness of labels
could compound to many possible ways of expressing relations that would exceed cardinality, the
community is working on a better API proposal for tenancy. See NPEP-122 for more details.

Please check out the network-policy-api website for more information.

Many thanks to all of the community members who made contributions that helped make this release 😄

Changes of importance for released code

• NPEP: Add support for egress traffic control by @tssurya in #117
• add release channels and support levels by @astoycos in #131
• Fix BANP's max peer length by @tssurya in #149
• Add conformance profiles NPEP by @tssurya in #138
• Add Conformance Profiles Test Reporting System by @tssurya in #142
• Callout namespaces/pods peers do not include host-net pods by @tssurya in #156
• Create NPEP-122 for Tenancy API update. by @npinaeva in #123
• feat(Policy Assistant): data structures simulating connectivity for (B)ANP by @huntergregory in #159
• Implement Cluster Egress Traffic semantics (ANP&BANP NorthBound Support) - PART1 - Nodes by @tssurya in #143
• Add conformance testcases for AdminNetworkPolicy named port feature by @Dyanngg in #132
• NPEP: FQDN Selector for Egress, User stories by @rahulkjoshi in #134
• NPEP: Iron out Cluster Egress Support API Design by @tssurya in #144
• Add blog post for getting started with ANP by @Dyanngg in #146
• Implement inline CIDR block egress peer by @tssurya in #185
• Add conformance tests for node and cidr selector peers by @tssurya in #193
• Add kubebuilder syntax for status.conditions by @tssurya in #209
• Remove same-not-same-labels by @tssurya in #196
• Add validation for ANP/BANP Enum actions by @tssurya in #213
• Add Missing API Validations by @tssurya in #215
• Ensure we clarify subjects don't include host-net pods by @tssurya in #219
• add ci for conformance tests by @aojea in #224
• Add API spec for FQDN selector by @rahulkjoshi in #200
• Update the text about duplicate priority values by @danwinship in #229
• Update domain selector to domainNames by @rahulkjoshi in #232
• [Policy Assistant] Add support for k8s native workload traffic by @gabrielggg in #227
• Add DomainName field to AdminNetworkPolicyEgressPeer by @rahulkjoshi in #233
• analyze: start parsing anps and banp from kube server or path by @Peac36 in #239
• Disallow empty port list for ANP peers. by @npinaeva in #250
• docs: changelog for v0.0.1-policy-assistant by @huntergregory in #271
• Explicitly explain "fail closed". by @fasaxc in #252
• Clarify API docs about priority conflicts by @danwinship in #293
• Remove extended fields support by @tssurya in #284
• Graduate networks to standard by @tssurya in #296

New Contributors

• @huntergregory made their first contribution in #157
• @jongwooo made their first contribution in #184
• @gabrielggg made their first contribution in #181
• @Peac36 made their first contribution in #188
• @aojea made their first contribution in #224
• @danwinship made their first contribution in #229
• @frozenprocess made their first contribution in #265
• @fasaxc made their first contribution in #252

Full Changelog: v0.1.1...v0.1.7

v0.0.1-policy-assistant

This release contains the policy-assistant Command-Line Interface (CLI) and its source code.

Policy Assistant is a project to help users develop/troubleshoot upstream network policies. Current APIs: NetworkPolicy (v1), AdminNetworkPolicy and BaselineAdminNetworkPolicy.

policy-assistant is a static analysis tool which can simulate policy verdicts for traffic.
policy-assistant can either read policies/pods from file or from a Kubernetes cluster.

For more information, see the Policy Assistant README or this demo.

What's New

Inaugural release for policy-assistant.

Supported APIs

• NetworkPolicy v1 (networking.k8s.io/v1)
• AdminNetworkPolicy and BaselineAdminNetworkPolicy v1alpha1 (policy.networking.k8s.io/v0.1.1)

Special Notes

We will be iterating on how we version policy assistant.
It's possible that future releases will not follow the same release version format.

v0.1.1

API Version: v1alpha1

This is a patch release of the network-policy-api. It includes two
main resources geared towards cluster admins:

• AdminNetworkPolicy
• BaselineAdminNetworkPolicy

Additionally it includes many conformance test updates and fixes:

• Ingress/Egress Traffic conformance for TCP/UDP/SCTP
• Movement of base testing yamls
• Variable renaming and comment improvements
• Increased default timeout
• Removal of K8s.io/kubernetes dependency

Please check out the network-policy-api website for more information.

Also many thanks to all of the folks who pushed commits to help make this happen 😄

Changes of importance for released code

• Add BANP conformance tests for .Spec.Ingress and .Spec.Egress fields by @tssurya in #109
• Add conformance for Gress rules by @tssurya in #112
• Add conformance test for .spec.Priority field in ANP by @tssurya in #113
• Fix some nits in conformance package by @Dyanngg in #124
• Change conformance test ready condition by @Dyanngg in #125
• Remove k8s.io/kubernetes from project dependency by @Dyanngg in #129

New Contributors

• @npinaeva made their first contribution in #119
• @rahulkjoshi made their first contribution in #116

Full Changelog: v0.1.0...v0.1.1

v0.1.0

API Version: v1alpha1

This is the initial release of the network-policy-api. It includes two main resources geared towards cluster admins:

• AdminNetworkPolicy
• BaselineAdminNetworkPolicy

Please check out the network-policy-api website for more information.

Also many thanks to all of the folks who pushed commits to help make this happen 😄

Contributors (since the project's creation)

• @astoycos made their first contribution in #1
• @abhiraut made their first contribution in #10
• @kundan2707 made their first contribution in #27
• @tssurya made their first contribution in #40
• @Dyanngg made their first contribution in #32
• @olivercodes made their first contribution in #47
• @cailynse made their first contribution in #53
• @xmudrii made their first contribution in #79
• @danwinship For countless review cycles and support

Full Changelog: https://github.com/kubernetes-sigs/network-policy-api/commits/v0.1.0