[Multiple-Networks] more future enhancements

[shireenf-ibm]

• bad path check (NADs with same name must have same network config) + bad path tests on NAD and Multi-Netpols

• update diff conns output with "[udn]" labels (a udn may be unchanged/added/removed)

• support exposure-analysis with user-defined-networks - add tests with exposure-analysis +update output labels if required:

  • peer in a primary udn is isolated in its namespace and should not be exposed to any namespace
  • general exposure in the cluster when there are UDNs in the input resources :
    • if the exposed peer is in a primary UDN, then it is exposed only in the udn
    • if the exposed peer in a regular namespace (i.e. belongs to the pod-network), it is exposed to all namespaces in the pod network ( not exposed to peers in UDNs)

• When a pod is assigned to a primary UDN, it can access the Kubernetes API (KAPI) and DNS (kube-dns) services on the cluster’s default network.

• To allow default network pods to connect to a user-defined network pod, you can use the k8s.ovn.org/open-default-ports annotation. This annotation opens specific ports on the user-defined network pod for access from the default network.

- [ ] add support on live-cluster mentioned in #538

• Virtual Machine: add support with ingress-analyzer (with service object and specified ports/named-ports) - assume it accepts all ports (resolved on ebcf91a)

• extend UDN & CUDN support to Role: Secondary network too (when supported for openshift)

• support eval command with NetworkAttachmentDefinition and MultiNetworkPolicy objects