Skip to content

Commit

Permalink
Add network policies for rhoai (#1023)
Browse files Browse the repository at this point in the history 
* Add allow-from-redhat-ods-app-to-mariadb network policy

* Add allow-from-redhat-ods-app-to-mm network policy

* Add network policies to base tier too

* Update deploy/templates/nstemplatetiers/base/ns_stage.yaml

* Update deploy/templates/nstemplatetiers/base/ns_stage.yaml

* Update deploy/templates/nstemplatetiers/base1ns/ns_dev.yaml

* Update deploy/templates/nstemplatetiers/base1ns/ns_dev.yaml

* Update deploy/templates/nstemplatetiers/base/ns_dev.yaml

* Update deploy/templates/nstemplatetiers/base/ns_dev.yaml

---------

Co-authored-by: Alexey Kazakov <alkazako@redhat.com>
  • Loading branch information
@rajivnathan @alexeykazakov
rajivnathan and alexeykazakov committed May 3, 2024
1 parent 3693380 commit dbf0c82
Show file tree
Hide file tree
Showing 3 changed files with 114 additions and 0 deletions.
38 changes: 38 additions & 0 deletions deploy/templates/nstemplatetiers/base/ns_dev.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -188,6 +188,44 @@ objects:
podSelector: {}
policyTypes:
- Ingress
- apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: allow-from-redhat-ods-app-to-mariadb
namespace: ${SPACE_NAME}-dev
spec:
podSelector:
matchLabels:
app: mariadb-dspa
ingress:
- ports:
- protocol: TCP
port: 3306
from:
- podSelector:
matchLabels:
app.kubernetes.io/name: data-science-pipelines-operator
namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: redhat-ods-applications
policyTypes:
- Ingress
- apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: allow-from-redhat-ods-app-to-mm
namespace: ${SPACE_NAME}-dev
spec:
podSelector:
matchLabels:
modelmesh-service: modelmesh-serving
ingress:
- from:
- namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: redhat-ods-applications
policyTypes:
- Ingress
parameters:
- name: SPACE_NAME
required: true
38 changes: 38 additions & 0 deletions deploy/templates/nstemplatetiers/base/ns_stage.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -188,6 +188,44 @@ objects:
podSelector: {}
policyTypes:
- Ingress
- apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: allow-from-redhat-ods-app-to-mariadb
namespace: ${SPACE_NAME}-stage
spec:
podSelector:
matchLabels:
app: mariadb-dspa
ingress:
- ports:
- protocol: TCP
port: 3306
from:
- podSelector:
matchLabels:
app.kubernetes.io/name: data-science-pipelines-operator
namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: redhat-ods-applications
policyTypes:
- Ingress
- apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: allow-from-redhat-ods-app-to-mm
namespace: ${SPACE_NAME}-stage
spec:
podSelector:
matchLabels:
modelmesh-service: modelmesh-serving
ingress:
- from:
- namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: redhat-ods-applications
policyTypes:
- Ingress
parameters:
- name: SPACE_NAME
required: true
38 changes: 38 additions & 0 deletions deploy/templates/nstemplatetiers/base1ns/ns_dev.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -214,6 +214,44 @@ objects:
podSelector: {}
policyTypes:
- Ingress
- apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: allow-from-redhat-ods-app-to-mariadb
namespace: ${SPACE_NAME}-dev
spec:
podSelector:
matchLabels:
app: mariadb-dspa
ingress:
- ports:
- protocol: TCP
port: 3306
from:
- podSelector:
matchLabels:
app.kubernetes.io/name: data-science-pipelines-operator
namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: redhat-ods-applications
policyTypes:
- Ingress
- apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: allow-from-redhat-ods-app-to-mm
namespace: ${SPACE_NAME}-dev
spec:
podSelector:
matchLabels:
modelmesh-service: modelmesh-serving
ingress:
- from:
- namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: redhat-ods-applications
policyTypes:
- Ingress
parameters:
- name: SPACE_NAME
required: true
Expand Down

0 comments on commit dbf0c82

Please sign in to comment.