Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Create NetworkPolicy to allow Ingress to RHSSO #139

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Create NetworkPolicy to allow Ingress to RHSSO #139

wants to merge 1 commit into from

Conversation

A-Beck
Copy link

@A-Beck A-Beck commented Nov 29, 2022

When Deploying MTA 6 and Exposing RHSSO, a NetworkPolicy needs to be created manually to access the RHSSO UI.

This PR enables the operator to automatically create this NetPol when the user enables RHSSO to be exposed.

@A-Beck
Create NetPol to allow Ingress to RHSSO
5c8859f 
NetPol is created only if external access is enabled.
@jmontleon
Copy link
Member

@A-Beck can you help us to understand what adding a network policy is intended to do? Is this to provide added security by limiting communication?

Do you know if enabling it adds any limitations to functionality?

@jmontleon
Copy link
Member

I might be crossing my wires with #82 Allow namespace isolation via network policies. @fbladilo are you able to help us understand the two?

@A-Beck
Copy link
Author

A-Beck commented Apr 10, 2023

@jmontleon Adding the RHSSO network policy is intended to allow traffic to the RHSSO instance so that user access can be managed through the RHSSO UI when feature_isolate_namespace is set to true.

The current network policies allow traffic to the tackle UI only, as intended by #82

@kaovilai
Copy link
Member

need dco

@jmontleon
Copy link
Member

@A-Beck can you signoff on the PR so DCO will pass and fix the conflicts. Once done I'll get this merged. Thank you!

@jmontleon jmontleon added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Jun 6, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jmontleon jmontleon Awaiting requested review from jmontleon

@kaovilai kaovilai Awaiting requested review from kaovilai

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@A-Beck @jmontleon @kaovilai