Skip to content

Update apiVersion in migrate-network-policy.sh, add comments #19977

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Jul 26, 2018
Merged

Update apiVersion in migrate-network-policy.sh, add comments #19977

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
21 changes: 18 additions & 3 deletions contrib/migration/migrate-network-policy.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,20 @@
#!/bin/bash

# Prepares a multitenant cluster for running the networkpolicy plugin by
#
# 1) creating NetworkPolicy objects (and Namespace labels) that
# implement the same isolation/sharing as had been configured in
# the multitenant cluster via "oc adm pod-network".
#
# 2) re-isolating all projects that had previously been joined or
# made global (since the networkpolicy plugin requires every
# project to have a distinct NetID).
#
# See the documentation for more information on how to use this script
# (the section "Migrating from ovs-networkpolicy to ovs-multitenant"
# in the "Configuring the SDN" document in the "Installation and
# Configuration" guide).

set -o errexit
set -o nounset
set -o pipefail
Expand All @@ -13,7 +28,7 @@ fi
function default-deny() {
oc create --namespace "$1" -f - <<EOF
kind: NetworkPolicy
apiVersion: extensions/v1beta1
apiVersion: networking.k8s.io/v1
metadata:
name: default-deny
spec:
Expand All @@ -24,7 +39,7 @@ EOF
function allow-from-self() {
oc create --namespace "$1" -f - <<EOF
kind: NetworkPolicy
apiVersion: extensions/v1beta1
apiVersion: networking.k8s.io/v1
metadata:
name: allow-from-self
spec:
Expand All @@ -38,7 +53,7 @@ EOF
function allow-from-other() {
oc create --namespace "$1" -f - <<EOF
kind: NetworkPolicy
apiVersion: extensions/v1beta1
apiVersion: networking.k8s.io/v1
metadata:
name: $2
spec:
Expand Down
10 changes: 10 additions & 0 deletions contrib/migration/unmigrate-network-policy.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,15 @@
#!/bin/bash

# Undoes the effects of the migrate-network-policy.sh script by
# re-isolating and re-making-global the previously isolated/global
# projects.
#
# This only undoes the changes originally made by the migration script
# (or other changes that were intentionally made to look the same as
# the changes made by the migration script). It does not attempt to
# convert arbitrary NetworkPolicy objects into multitenant-style
# isolation.

set -o errexit
set -o nounset
set -o pipefail
Expand Down