Merge pull request #61689 from Lion-Wei/kubectl-np

Automatic merge from submit-queue (batch tested with PRs 62510, 61689). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. Extend kubectl describe for networkPolicy **What this PR does / why we need it**: Recently `networkpolicy` was allowed podSelector and namespaceSelector to be specified together in a NetworkPolicyPeer, so we need to extend `kubectl describe` for networkpolicy. **Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*: Fixes kubernetes/kubectl#376 **Special notes for your reviewer**: Here is the example output of `kubectl describe networkpolicies`: NetworkPolicy file: ```yaml apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: test-network-policy namespace: default spec: podSelector: matchLabels: role: db ingress: - from: - namespaceSelector: matchLabels: project: myproject podSelector: matchLabels: role: frontend ports: - protocol: TCP port: 6379 egress: - to: - namespaceSelector: matchLabels: project: myproject podSelector: matchLabels: role: frontend ports: - protocol: TCP port: 6379 ``` describe: ```shell # ./kubectl describe netpol test-network-policy Name: test-network-policy Namespace: default Created on: 2018-03-26 15:20:11 +0800 CST Labels: <none> Annotations: <none> Spec: PodSelector: role=db Allowing ingress traffic: To Port: 6379/TCP From NamespaceSelector: project=myproject PodSelector: role=frontend Allowing egress traffic: To Port: 6379/TCP To NamespaceSelector: project=myproject PodSelector: role=frontend Policy Types: Ingress, Egress ``` **Release note**: ```release-note NONE ```
2025-07-25 12:43:23 +00:00 · 2018-04-18 19:36:11 -07:00 · 2018-04-18 19:36:11 -07:00 · 44ede98e94
commit 44ede98e94
parent 40bd5f0890 69ea7722c8
2 changed files with 70 additions and 22 deletions
--- a/pkg/printers/internalversion/describe.go
+++ b/pkg/printers/internalversion/describe.go
@ -3281,15 +3281,18 @@ func printNetworkPolicySpecIngressFrom(npirs []networking.NetworkPolicyIngressRu
 			w.Write(LEVEL_0, "%s%s\n", initialIndent, "From: <any> (traffic not restricted by source)")
 		} else {
 			for _, from := range npir.From {
-				w.Write(LEVEL_0, "%s", initialIndent)
+				w.Write(LEVEL_0, "%s%s\n", initialIndent, "From:")
-				if from.PodSelector != nil {
+				if from.PodSelector != nil && from.NamespaceSelector != nil {
-					w.Write(LEVEL_0, "%s: %s\n", "From PodSelector", metav1.FormatLabelSelector(from.PodSelector))
+					w.Write(LEVEL_1, "%s%s: %s\n", initialIndent, "NamespaceSelector", metav1.FormatLabelSelector(from.NamespaceSelector))
 					w.Write(LEVEL_1, "%s%s: %s\n", initialIndent, "PodSelector", metav1.FormatLabelSelector(from.PodSelector))
 				} else if from.PodSelector != nil {
 					w.Write(LEVEL_1, "%s%s: %s\n", initialIndent, "PodSelector", metav1.FormatLabelSelector(from.PodSelector))
 				} else if from.NamespaceSelector != nil {
-					w.Write(LEVEL_0, "%s: %s\n", "From NamespaceSelector", metav1.FormatLabelSelector(from.NamespaceSelector))
+					w.Write(LEVEL_1, "%s%s: %s\n", initialIndent, "NamespaceSelector", metav1.FormatLabelSelector(from.NamespaceSelector))
 				} else if from.IPBlock != nil {
-					w.Write(LEVEL_0, "From IPBlock:\n")
+					w.Write(LEVEL_1, "%sIPBlock:\n", initialIndent)
-					w.Write(LEVEL_0, "%s%sCIDR: %s\n", initialIndent, initialIndent, from.IPBlock.CIDR)
+					w.Write(LEVEL_2, "%sCIDR: %s\n", initialIndent, from.IPBlock.CIDR)
-					w.Write(LEVEL_0, "%s%sExcept: %v\n", initialIndent, initialIndent, strings.Join(from.IPBlock.Except, ", "))
+					w.Write(LEVEL_2, "%sExcept: %v\n", initialIndent, strings.Join(from.IPBlock.Except, ", "))
 				}
 			}
 		}
@ -3322,15 +3325,18 @@ func printNetworkPolicySpecEgressTo(npers []networking.NetworkPolicyEgressRule,
 			w.Write(LEVEL_0, "%s%s\n", initialIndent, "To: <any> (traffic not restricted by source)")
 		} else {
 			for _, to := range nper.To {
-				w.Write(LEVEL_0, "%s", initialIndent)
+				w.Write(LEVEL_0, "%s%s\n", initialIndent, "To:")
-				if to.PodSelector != nil {
+				if to.PodSelector != nil && to.NamespaceSelector != nil {
-					w.Write(LEVEL_0, "%s: %s\n", "To PodSelector", metav1.FormatLabelSelector(to.PodSelector))
+					w.Write(LEVEL_1, "%s%s: %s\n", initialIndent, "NamespaceSelector", metav1.FormatLabelSelector(to.NamespaceSelector))
 					w.Write(LEVEL_1, "%s%s: %s\n", initialIndent, "PodSelector", metav1.FormatLabelSelector(to.PodSelector))
 				} else if to.PodSelector != nil {
 					w.Write(LEVEL_1, "%s%s: %s\n", initialIndent, "PodSelector", metav1.FormatLabelSelector(to.PodSelector))
 				} else if to.NamespaceSelector != nil {
-					w.Write(LEVEL_0, "%s: %s\n", "To NamespaceSelector", metav1.FormatLabelSelector(to.NamespaceSelector))
+					w.Write(LEVEL_1, "%s%s: %s\n", initialIndent, "NamespaceSelector", metav1.FormatLabelSelector(to.NamespaceSelector))
 				} else if to.IPBlock != nil {
-					w.Write(LEVEL_0, "To IPBlock:\n")
+					w.Write(LEVEL_1, "%sIPBlock:\n", initialIndent)
-					w.Write(LEVEL_0, "%s%sCIDR: %s\n", initialIndent, initialIndent, to.IPBlock.CIDR)
+					w.Write(LEVEL_2, "%sCIDR: %s\n", initialIndent, to.IPBlock.CIDR)
-					w.Write(LEVEL_0, "%s%sExcept: %v\n", initialIndent, initialIndent, strings.Join(to.IPBlock.Except, ", "))
+					w.Write(LEVEL_2, "%sExcept: %v\n", initialIndent, strings.Join(to.IPBlock.Except, ", "))
 				}
 			}
 		}
--- a/pkg/printers/internalversion/describe_test.go
+++ b/pkg/printers/internalversion/describe_test.go
@ -2275,10 +2275,17 @@ Spec:
  Allowing ingress traffic:
    To Port: 80/TCP
    To Port: 82/TCP
-    From PodSelector: id=app2,id2=app3
+    From:
-    From NamespaceSelector: id=app2,id2=app3
+      NamespaceSelector: id=ns1,id2=ns2
-    From NamespaceSelector: foo in (bar1,bar2),id=app2,id2=app3
+      PodSelector: id=pod1,id2=pod2
-    From IPBlock:
+    From:
      PodSelector: id=app2,id2=app3
    From:
      NamespaceSelector: id=app2,id2=app3
    From:
      NamespaceSelector: foo in (bar1,bar2),id=app2,id2=app3
    From:
      IPBlock:
        CIDR: 192.168.0.0/16
        Except: 192.168.3.0/24, 192.168.4.0/24
    ----------
@ -2287,10 +2294,17 @@ Spec:
  Allowing egress traffic:
    To Port: 80/TCP
    To Port: 82/TCP
-    To PodSelector: id=app2,id2=app3
+    To:
-    To NamespaceSelector: id=app2,id2=app3
+      NamespaceSelector: id=ns1,id2=ns2
-    To NamespaceSelector: foo in (bar1,bar2),id=app2,id2=app3
+      PodSelector: id=pod1,id2=pod2
-    To IPBlock:
+    To:
      PodSelector: id=app2,id2=app3
    To:
      NamespaceSelector: id=app2,id2=app3
    To:
      NamespaceSelector: foo in (bar1,bar2),id=app2,id2=app3
    To:
      IPBlock:
        CIDR: 192.168.0.0/16
        Except: 192.168.3.0/24, 192.168.4.0/24
    ----------
@ -2327,6 +2341,20 @@ Spec:
 						{Port: &port82, Protocol: &protoTCP},
 					},
 					From: []networking.NetworkPolicyPeer{
 						{
 							PodSelector: &metav1.LabelSelector{
 								MatchLabels: map[string]string{
 									"id":  "pod1",
 									"id2": "pod2",
 								},
 							},
 							NamespaceSelector: &metav1.LabelSelector{
 								MatchLabels: map[string]string{
 									"id":  "ns1",
 									"id2": "ns2",
 								},
 							},
 						},
 						{
 							PodSelector: &metav1.LabelSelector{
 								MatchLabels: map[string]string{
@ -2371,6 +2399,20 @@ Spec:
 						{Port: &port82, Protocol: &protoTCP},
 					},
 					To: []networking.NetworkPolicyPeer{
 						{
 							PodSelector: &metav1.LabelSelector{
 								MatchLabels: map[string]string{
 									"id":  "pod1",
 									"id2": "pod2",
 								},
 							},
 							NamespaceSelector: &metav1.LabelSelector{
 								MatchLabels: map[string]string{
 									"id":  "ns1",
 									"id2": "ns2",
 								},
 							},
 						},
 						{
 							PodSelector: &metav1.LabelSelector{
 								MatchLabels: map[string]string{