MultiNetworkPolicy does not allow for empty podSelector

[trozet]

NetworkPolicy allows an empty podSelector:

// NetworkPolicySpec provides the specification of a NetworkPolicy
type NetworkPolicySpec struct {
	// podSelector selects the pods to which this NetworkPolicy object applies.
	// The array of ingress rules is applied to any pods selected by this field.
	// Multiple network policies can select the same set of pods. In this case,
	// the ingress rules for each are combined additively.
	// This field is NOT optional and follows standard label selector semantics.
	// An empty podSelector matches all pods in this namespace.
	PodSelector metav1.LabelSelector `json:"podSelector" protobuf:"bytes,1,opt,name=podSelector"`

However, MultiNetworkPolicy does not:

trozet@fedora:~/go/src/github.com/ovn-org/ovn-kubernetes/contrib$ cat /home/trozet/network_policy_port_range_udn.yml
---
apiVersion: k8s.cni.cncf.io/v1beta1
kind: MultiNetworkPolicy
metadata:
  name: deny-by-default
  annotations:
    k8s.v1.cni.cncf.io/policy-for: ns1/l3-network
spec:
  podSelector:
#    matchLabels:
#      key: value
  policyTypes:
  - Egress
  egress: 
   - to:
     - ipBlock:
         cidr: 10.244.0.0/16
     ports:
       - protocol: TCP
         port: 15384
         endPort: 65535
       - port: 1337
         endPort: 1338    
trozet@fedora:~/go/src/github.com/ovn-org/ovn-kubernetes/contrib$ oc create -f /home/trozet/network_policy_port_range_udn.yml
The MultiNetworkPolicy "deny-by-default" is invalid: spec.podSelector: Required value

[zeeke]

I don't know why exactly NetworkPolicy accepts that syntax, but the empty selector should be {}, as per k8s documentation:
https://kubernetes.io/docs/concepts/services-networking/network-policies/#default-deny-all-ingress-traffic

and that works fine with MultiNetworkPolicies.

Do you need to support omitting the podSelector? It is not optional and it's stated in the code comment

// This field is NOT optional and follows standard label selector semantics.