NetworkPolicy can replicate what namespace isolation does (and much
more), so we are removing the code that is not needed
Change-Id: Ib79c21cb92c522744658a204001383b6c0e98846
When a namespace is created, deleted or updated and
its labels matches the namespaceSelector of a NP,
the CRD and the respective sg must be updated.
Partially Implements: blueprint k8s-network-policies
Change-Id: I515de28647f5f06248555733c27dd4f5a56149ec
When a pod gets created, deleted or updated and its labels
matches the PodSelector of a NP, the sg must be updated.
Partially Implements: blueprint k8s-network-policies
Change-Id: Ic0dd3bc93e2453460c4d8dea360efd414b6ae42b
This patch ensures namespace handler does not depend on specific
functions implemented on the security group driver for the namespace
isolation. This way it will be possible to enable the namespace
handler (to create a different network per namespace) together with
the network policy that will perform the isolation between pods/svc
in a different way.
Partially Implements: blueprint k8s-network-policies
Closes-Bug: #1799496
Change-Id: Ied892e616075ce16fdc15ceb31219c100e011536
This patch introduces LBaaSSpecHandler that handles K8s Service
events and updates related Endpoints with LBaaSServiceSpec when
necessary.
Change-Id: I09a0235842edd06827437f37aeac7ca5daeb1774
Partially-Implements: blueprint kuryr-k8s-integration
This patch adds a new driver type used to determine Neutron security
groups that should be used for Kubernetes pods. This patch also
provides a default driver implementation that uses a list of security
groups set in configuration file.
Change-Id: Id76f70b8a99ffa8372dfd3d199371e7db46fb812
Partially-Implements: blueprint kuryr-k8s-integration
