From 552dc7b4fcbadfd430f364452f24867f08a97444 Mon Sep 17 00:00:00 2001
From: Matteo Mortari <matteo.mortari@gmail.com>
Date: Mon, 20 May 2024 11:14:14 +0200
Subject: [PATCH 1/3] add Model Registry networkpolicy

Signed-off-by: Matteo Mortari <matteo.mortari@gmail.com>
---
 .../networkpolicies/base/kustomization.yaml   |  1 +
 .../networkpolicies/base/model-registry.yaml  | 29 +++++++++++++++++++
 2 files changed, 30 insertions(+)
 create mode 100644 common/networkpolicies/base/model-registry.yaml

diff --git a/common/networkpolicies/base/kustomization.yaml b/common/networkpolicies/base/kustomization.yaml
index 3592bc9a2b..33bf626c6d 100644
--- a/common/networkpolicies/base/kustomization.yaml
+++ b/common/networkpolicies/base/kustomization.yaml
@@ -16,6 +16,7 @@ resources:
   - minio.yaml
   - ml-pipeline-ui.yaml
   - ml-pipeline.yaml
+  - model-registry.yaml
   - poddefaults.yaml
   - pvcviewer-webhook.yaml
   - seldon.yaml
diff --git a/common/networkpolicies/base/model-registry.yaml b/common/networkpolicies/base/model-registry.yaml
new file mode 100644
index 0000000000..a5be3f7a4f
--- /dev/null
+++ b/common/networkpolicies/base/model-registry.yaml
@@ -0,0 +1,29 @@
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: model-registry
+  namespace: kubeflow
+spec:
+  podSelector:
+    matchExpressions:
+      - key: component
+        operator: In
+        values:
+          - model-registry-server
+  ingress:
+    - from:
+        - namespaceSelector:
+            matchExpressions:
+              - key: app.kubernetes.io/part-of
+                operator: In
+                values:
+                  - kubeflow-profile
+        - namespaceSelector:
+            matchExpressions:
+              - key: kubernetes.io/metadata.name
+                operator: In
+                values:
+                  - istio-system
+        - podSelector: {} # allow all pods from the same namespace
+  policyTypes:
+    - Ingress

From 5778fca0091da5d35e5e8f1a11bdd93b2cc7eaec Mon Sep 17 00:00:00 2001
From: tarilabs <matteo.mortari@gmail.com>
Date: Thu, 23 May 2024 13:22:19 +0200
Subject: [PATCH 2/3] implement review feedback

Signed-off-by: tarilabs <matteo.mortari@gmail.com>
---
 common/networkpolicies/base/model-registry.yaml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/common/networkpolicies/base/model-registry.yaml b/common/networkpolicies/base/model-registry.yaml
index a5be3f7a4f..1fe783a10e 100644
--- a/common/networkpolicies/base/model-registry.yaml
+++ b/common/networkpolicies/base/model-registry.yaml
@@ -25,5 +25,10 @@ spec:
                 values:
                   - istio-system
         - podSelector: {} # allow all pods from the same namespace
+      ports:
+        - protocol: TCP
+          port: 8080
+        - protocol: TCP
+          port: 9090
   policyTypes:
     - Ingress

From 5871263a7fe2f3c8403f9f2ca914bba874bcb752 Mon Sep 17 00:00:00 2001
From: Matteo Mortari <matteo.mortari@gmail.com>
Date: Mon, 3 Jun 2024 15:22:23 +0200
Subject: [PATCH 3/3] implement code review feedback

Signed-off-by: Matteo Mortari <matteo.mortari@gmail.com>
---
 common/networkpolicies/base/model-registry.yaml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/common/networkpolicies/base/model-registry.yaml b/common/networkpolicies/base/model-registry.yaml
index 1fe783a10e..801a2145ad 100644
--- a/common/networkpolicies/base/model-registry.yaml
+++ b/common/networkpolicies/base/model-registry.yaml
@@ -24,7 +24,6 @@ spec:
                 operator: In
                 values:
                   - istio-system
-        - podSelector: {} # allow all pods from the same namespace
       ports:
         - protocol: TCP
           port: 8080