Skip to content

✨ Introduce NetworkPolicy for core component workloads. #3579

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 6 commits into from
May 16, 2025
Merged

✨ Introduce NetworkPolicy for core component workloads. #3579

merged 6 commits into from
May 16, 2025

Conversation

anik120
Copy link
Contributor

@anik120 anik120 commented May 14, 2025

RFC

Description of the change:

Motivation for the change:

Architectural changes:

Testing remarks:

Reviewer Checklist

  • Implementation matches the proposed design, or proposal is updated to match implementation
  • Sufficient unit test coverage
  • Sufficient end-to-end test coverage
  • Bug fixes are accompanied by regression test(s)
  • e2e tests and flake fixes are accompanied evidence of flake testing, e.g. executing the test 100(0) times
  • tech debt/todo is accompanied by issue link(s) in comments in the surrounding code
  • Tests are comprehensible, e.g. Ginkgo DSL is being used appropriately
  • Docs updated or added to /doc
  • Commit messages sensible and descriptive
  • Tests marked as [FLAKE] are truly flaky and have an issue
  • Code is properly formatted

@openshift-ci openshift-ci bot added the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label May 14, 2025
@openshift-ci openshift-ci bot requested review from camilamacedo86 and oceanc80 May 14, 2025 19:37
@anik120
Copy link
Contributor Author

anik120 commented May 14, 2025

Depends on #3568 for the tests to pass

perdasilva
perdasilva reviewed May 15, 2025
View reviewed changes
@perdasilva
Copy link
Collaborator

perdasilva commented May 15, 2025
edited
Loading

oh oh - it's not liking the policies - I'll debug a bit and see if I can figure out what's up...

rc: deny all blocks incoming comms on the catalogsource pod - we need Joe's PR (it's merging now)
we may also need to add egress 50051 to one or both of the controller policies

@anik120 anik120 force-pushed the core-component-network-policy branch from 2290f6b to 61b47ec Compare May 15, 2025 16:48
@anik120 anik120 force-pushed the core-component-network-policy branch from d43b009 to 416021f Compare May 15, 2025 19:19
Per G. da Silva added 3 commits May 16, 2025 09:08
Fix formatting
afa6f9b 
Signed-off-by: Per G. da Silva <[email protected]>
template network policy
90300eb 
Signed-off-by: Per G. da Silva <[email protected]>
restrict kube-apiserver and dns traffic
717e871 
Signed-off-by: Per G. da Silva <[email protected]>
joelanford
joelanford reviewed May 16, 2025
View reviewed changes
joelanford
joelanford requested changes May 16, 2025
View reviewed changes
@perdasilva perdasilva force-pushed the core-component-network-policy branch from 74eeae0 to 1062a46 Compare May 16, 2025 13:04
@perdasilva perdasilva changed the title WIP: Introduce NetworkPolicy for core component workloads. ✨ Introduce NetworkPolicy for core component workloads. May 16, 2025
@openshift-ci openshift-ci bot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label May 16, 2025
Address reviewer comments
7e013e0 
Signed-off-by: Per G. da Silva <[email protected]>
@perdasilva perdasilva force-pushed the core-component-network-policy branch from 1062a46 to 7e013e0 Compare May 16, 2025 13:25
@perdasilva perdasilva enabled auto-merge May 16, 2025 13:26
@perdasilva perdasilva added this pull request to the merge queue May 16, 2025
Merged via the queue into operator-framework:master with commit dcd8ad8 May 16, 2025
13 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@perdasilva perdasilva perdasilva left review comments

@joelanford joelanford joelanford approved these changes

@camilamacedo86 camilamacedo86 Awaiting requested review from camilamacedo86

@oceanc80 oceanc80 Awaiting requested review from oceanc80

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@anik120 @perdasilva @joelanford