Merge pull request #1041 from gunjan5/bringbackoursnp

SNP for calico v2.4 or older

Author: gunjan5

hack/remove-calico-policy/override-policy.md

@@ -3,13 +3,13 @@
 This section describes how to override the Calico-enabled Network Policy using higher priority system-wide
 network policy.
 
-In the following we describe how to create a `GlobalNetworkPolicy` resource using `kubectl` to allow all
-ingress and egress traffic, overriding any other Network Policy that has been configured.
+In the following we describe how to create a `GlobalNetworkPolicy` (`SystemNetworkPolicy` for Calico `v2.4.x` or older) 
+resource using `kubectl` to allow all ingress and egress traffic, overriding any other Network Policy that has been configured.
 
 ### Requirements / Assumptions
 
-- Calico version v2.5 or higher
-- Kubernetes v1.7 or higher
+- Calico version `v2.3` or higher
+- Kubernetes `v1.6` or higher
 - Calico is running in policy-only mode (without Calico networking)
 - Calico is using using the Kubernetes API as the datastore
 
@@ -19,17 +19,33 @@ ingress and egress traffic, overriding any other Network Policy that has been co
 
 #### Override Calico policy to allow all traffic
 
-Create a `GlobalNetworkPolicy` resource by running the following command:
+Create a policy-override resource by running the following command:
+
+For Calico `v2.5.x` or higher:
 
 ```
 kubectl create -f=https://raw.githubusercontent.com/projectcalico/calico/master/hack/remove-calico-policy/global-network-policy-override.yaml
 ```
 
+For Calico `v2.3.x` and `v2.4.x`:
+
+```
+kubectl create -f=https://raw.githubusercontent.com/projectcalico/calico/master/hack/remove-calico-policy/system-network-policy-override.yaml
+```
+
 #### Revert override to enable Calico policy
 
-To revert the override of Calico policy, delete the `GlobalNetworkPolicy` resource 
+To revert the override of Calico policy, delete the policy-override resource 
 responsible for the override by running the following command:
 
+For Calico `v2.5.x` or higher:
+
 ```
 kubectl delete -f=https://raw.githubusercontent.com/projectcalico/calico/master/hack/remove-calico-policy/global-network-policy-override.yaml
 ```
+
+For Calico `v2.3.x` and `v2.4.x`:
+
+```
+kubectl delete -f=https://raw.githubusercontent.com/projectcalico/calico/master/hack/remove-calico-policy/system-network-policy-override.yaml
+```

hack/remove-calico-policy/system-network-policy-override.yaml

@@ -0,0 +1,11 @@
+apiVersion: "alpha.projectcalico.org/v1"
+kind: SystemNetworkPolicy
+metadata:
+  name: allow-all-calico-policy
+  namespace: kube-system
+spec:
+  order: 0.0
+  ingress:
+  - action: allow
+  egress:
+  - action: allow