Added new Network Policy to access Mariadb from DSPO

[VaniHaripriya]

The issue resolved by this Pull Request:

Resolves RHOAIENG-5314

Description of your changes:

Added new Network policy which allows DSPO to resolve connections to mariadb deployed in the user namespace.

Testing instructions

The error has been reproduced by applying the below NWP in DSPA namespace, the pipeline server failed to come up due to lack of access to mariadb.

kind: NetworkPolicy
apiVersion: networking.k8s.io/v1
metadata:
  name: dummypol
  namespace: user7-auto
spec:
  podSelector: {}
  ingress:
    - from:
        - podSelector: {}
  policyTypes:
    - Ingress     

1. Deploy DSPO, create a DSPA namepsace and apply the above NWP.
2. Deploy DSPA to verify the pipeline server running successfully after it creates a new NWP which allows DSPO to access mariadb.
3. Verify the Network Policies in DSPA namespace, to see a new NWP for mariadb. Eg. mariadb-simple

Checklist

• The commits are squashed in a cohesive manner and have meaningful messages.
• Testing instructions have been added in the PR body (for PRs involving changes that are not immediately obvious).
• The developer has manually tested the changes and verified that the changes work

[dsp-developers]

A new image has been built to help with testing out this PR: quay.io/opendatahub/data-science-pipelines-operator:pr-638
An OCP cluster where you are logged in as cluster admin is required.

To use this image run the following:

cd $(mktemp -d)
git clone git@github.com:opendatahub-io/data-science-pipelines-operator.git
cd data-science-pipelines-operator/
git fetch origin pull/638/head
git checkout -b pullrequest 9d15247a6f31f56ac2984cee53255dbafc839b68
oc new-project opendatahub
make deploy IMG="quay.io/opendatahub/data-science-pipelines-operator:pr-638"

More instructions here on how to deploy and test a Data Science Pipelines Application.

[dsp-developers]

Change to PR detected. A new PR build was completed.
A new image has been built to help with testing out this PR: quay.io/opendatahub/data-science-pipelines-operator:pr-638

[dsp-developers]

Change to PR detected. A new PR build was completed.
A new image has been built to help with testing out this PR: quay.io/opendatahub/data-science-pipelines-operator:pr-638

[dsp-developers]

Change to PR detected. A new PR build was completed.
A new image has been built to help with testing out this PR: quay.io/opendatahub/data-science-pipelines-operator:pr-638

[dsp-developers]

Change to PR detected. A new PR build was completed.
A new image has been built to help with testing out this PR: quay.io/opendatahub/data-science-pipelines-operator:pr-638

[dsp-developers]

Change to PR detected. A new PR build was completed.
A new image has been built to help with testing out this PR: quay.io/opendatahub/data-science-pipelines-operator:pr-638

[HumairAK]

/lgtm
/approve

One thing I want to note is when there's no DSPO_NAMESPACE provided, the namespace field is blank, so the NWP auto rejects any connection to mariadb outside the DSPA namespace. This would only occur if:

1. we alter the manifests somehow before deploying it (unlikely)
2. in development where we run the operator locally

for (2) we can't really connect locally to mariadb anyways since it's a svc endpoint so I don't see that as a blocker for this issue, but it's worth noting here.

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: HumairAK

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [HumairAK]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment