Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: add ingress network policy with generic sandbox label #1113

Open
wants to merge 25 commits into
base: master
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
25 commits
Select commit Hold shift + click to select a range
8d24435
remove spacebinding request migration controller
mfrancisc Dec 7, 2023
a25fb02
Merge branch 'master' of github.com:mfrancisc/host-operator
mfrancisc Jan 2, 2024
fd840c6
Merge branch 'master' of github.com:mfrancisc/host-operator
mfrancisc Feb 7, 2024
0221d40
Merge branch 'master' of github.com:mfrancisc/host-operator
mfrancisc Feb 14, 2024
0f4717d
Merge branch 'master' of github.com:mfrancisc/host-operator
mfrancisc Feb 19, 2024
0977ae6
Merge branch 'master' of github.com:mfrancisc/host-operator
mfrancisc Mar 26, 2024
7aa35c5
Merge branch 'master' of github.com:mfrancisc/host-operator
mfrancisc Apr 3, 2024
d09f3b8
Merge branch 'master' of github.com:mfrancisc/host-operator
mfrancisc Apr 4, 2024
79c20ca
Merge branch 'master' of github.com:mfrancisc/host-operator
mfrancisc Apr 25, 2024
b21f39f
Merge branch 'master' of github.com:mfrancisc/host-operator
mfrancisc May 27, 2024
b0aea00
Merge branch 'master' of github.com:mfrancisc/host-operator
mfrancisc May 31, 2024
e9e35bc
Merge branch 'master' of github.com:mfrancisc/host-operator
mfrancisc Jul 29, 2024
969562e
Merge branch 'master' of github.com:mfrancisc/host-operator
Aug 28, 2024
344bc04
Merge branch 'master' of github.com:mfrancisc/host-operator
Sep 12, 2024
ea71877
Merge branch 'master' of github.com:mfrancisc/host-operator
Sep 23, 2024
ef294f7
Merge branch 'master' of github.com:mfrancisc/host-operator
Sep 27, 2024
1f8d51d
Merge branch 'master' of github.com:mfrancisc/host-operator
Oct 31, 2024
b27cde7
Merge branch 'master' of github.com:mfrancisc/host-operator
Nov 6, 2024
bbb2689
Merge branch 'master' of github.com:mfrancisc/host-operator
Nov 18, 2024
ec51de9
Merge branch 'master' of github.com:mfrancisc/host-operator
Nov 28, 2024
cc3a260
Merge branch 'master' of github.com:mfrancisc/host-operator
Dec 16, 2024
ed8eeea
allow from dev sandbox managed NS
Dec 16, 2024
72d7fe7
Update deploy/templates/nstemplatetiers/base/ns_dev.yaml
mfrancisc Dec 16, 2024
cf5a1a4
fix typo
Dec 17, 2024
ec0bb86
Merge remote-tracking branch 'origin/allowfromdevsandboxmanaged' into…
Dec 17, 2024
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
13 changes: 13 additions & 0 deletions deploy/templates/nstemplatetiers/base/ns_dev.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -226,6 +226,19 @@ objects:
kubernetes.io/metadata.name: redhat-ods-applications
policyTypes:
- Ingress
- apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: allow-from-dev-sandbox-managed-ns
namespace: ${SPACE_NAME}-dev
spec:
ingress:
- from:
- namespaceSelector:
matchLabels:
dev-sandbox/policy-group: ingress
policyTypes:
- Ingress
parameters:
- name: SPACE_NAME
required: true
13 changes: 13 additions & 0 deletions deploy/templates/nstemplatetiers/base/ns_stage.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -226,6 +226,19 @@ objects:
kubernetes.io/metadata.name: redhat-ods-applications
policyTypes:
- Ingress
- apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: allow-from-dev-sandbox-managed-ns
namespace: ${SPACE_NAME}-stage
spec:
ingress:
- from:
- namespaceSelector:
matchLabels:
dev-sandbox/policy-group: ingress
policyTypes:
- Ingress
parameters:
- name: SPACE_NAME
required: true
13 changes: 13 additions & 0 deletions deploy/templates/nstemplatetiers/base1ns/ns_dev.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -252,6 +252,19 @@ objects:
kubernetes.io/metadata.name: redhat-ods-applications
policyTypes:
- Ingress
- apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: allow-from-dev-sandbox-managed-ns
namespace: ${SPACE_NAME}-dev
spec:
ingress:
- from:
- namespaceSelector:
matchLabels:
dev-sandbox/policy-group: ingress
policyTypes:
- Ingress
parameters:
- name: SPACE_NAME
required: true
Expand Down
13 changes: 13 additions & 0 deletions deploy/templates/nstemplatetiers/intellarge/ns_dev.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -252,6 +252,19 @@ objects:
kubernetes.io/metadata.name: redhat-ods-applications
policyTypes:
- Ingress
- apiVersion: networking.k8s.io/v1
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

BTW, we need to delete all intel tiers :) But let's do it in a separate PR.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

got it, I'll open a new one, once those are merged!

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

should we keep them , just in case they might be used by the intel team for their own kubesaw instance ?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We can always revert the cleanup PRs later if needed. But most likely we won't need these tiers anytime soon.

kind: NetworkPolicy
metadata:
name: allow-from-dev-sandbox-managed-ns
namespace: ${SPACE_NAME}-dev
spec:
ingress:
- from:
- namespaceSelector:
matchLabels:
dev-sandbox/policy-group: ingress
policyTypes:
- Ingress
parameters:
- name: SPACE_NAME
required: true
Expand Down
13 changes: 13 additions & 0 deletions deploy/templates/nstemplatetiers/intelmedium/ns_dev.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -252,6 +252,19 @@ objects:
kubernetes.io/metadata.name: redhat-ods-applications
policyTypes:
- Ingress
- apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: allow-from-dev-sandbox-managed-ns
namespace: ${SPACE_NAME}-dev
spec:
ingress:
- from:
- namespaceSelector:
matchLabels:
dev-sandbox/policy-group: ingress
policyTypes:
- Ingress
parameters:
- name: SPACE_NAME
required: true
Expand Down
13 changes: 13 additions & 0 deletions deploy/templates/nstemplatetiers/test/ns_dev.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -197,6 +197,19 @@ objects:
podSelector: {}
policyTypes:
- Ingress
- apiVersion: networking.k8s.io/v1
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We don't have to modify the test tier. But it won't heart to add it here too.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ok, makes sense. I wasn't sure, just wanted to be consitent.

kind: NetworkPolicy
metadata:
name: allow-from-dev-sandbox-managed-ns
namespace: ${SPACE_NAME}-dev
spec:
ingress:
- from:
- namespaceSelector:
matchLabels:
dev-sandbox/policy-group: ingress
policyTypes:
- Ingress
parameters:
- name: SPACE_NAME
required: true
Expand Down
Loading