Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add user custom network policy #2078

Merged
merged 11 commits into from
Jun 21, 2023
Merged

add user custom network policy #2078

merged 11 commits into from
Jun 21, 2023

Conversation

ykadowak
Copy link
Contributor

@ykadowak ykadowak commented Jun 16, 2023
edited
Loading

Description:

With this PR, a vald user can add their own network policy on top of the default one that was added with #2022. This is required, for example, when a vald user needs to configure observability components with network policy enabled (an example below).

vald/charts/vald/values/dev-observability.yaml

Lines 45 to 50 in 73cc0a6

custom:
egress:
- to:
- podSelector:
matchLabels:
app.kubernetes.io/name: opentelemetry-collector-collector

In addition to helm templates change, these changes also have been made,

  • Added cluster role for helm operator to create network policy
  • Enabled network policy for e2e-deploy tests to to verify the deploy and communication between each component with the default network policy settings.

Related Issue:

Versions:

  • Go Version: 1.20.3
  • Docker Version: 20.10.8
  • Kubernetes Version: 1.22.0
  • NGT Version: 2.0.11

Checklist:

Special notes for your reviewer:

@vdaas-ci
Copy link
Collaborator

[CHATOPS:HELP] ChatOps commands.

  • 🙆‍♀️ /approve - approve
  • 💌 /changelog - replace the PR body by changelog details
  • 🍱 /format - format codes and add licenses
  • /gen-test - generate test codes
  • 🏷️ /label - add labels
  • /rebase - rebase main
  • 🔚 2️⃣ 🔚 /label actions/e2e-deploy - run E2E deploy & integration test

@cloudflare-pages
Copy link

cloudflare-pages bot commented Jun 19, 2023
edited
Loading

Deploying with  Cloudflare Pages  Cloudflare Pages

Latest commit: 3798457
Status: ✅  Deploy successful!
Preview URL: https://cbefc5db.vald.pages.dev
Branch Preview URL: https://feature-charts-custom-networ.vald.pages.dev

View logs

@vdaas-ci
Copy link
Collaborator

Profile Report

typevald-agent-ngtvald-lb-gatewayvald-discoverervald-manager-index
cpu
heap
 other images

@ykadowak ykadowak changed the title [WIP] Feature/charts/custom network policy add user custom network policy Jun 20, 2023
@ykadowak ykadowak requested review from a team, kmrmt and vankichi and removed request for a team June 20, 2023 02:12
kpango
kpango previously approved these changes Jun 20, 2023
View reviewed changes
Copy link
Collaborator

@kpango kpango left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

kmrmt
kmrmt previously approved these changes Jun 20, 2023
View reviewed changes
Copy link
Contributor

@kmrmt kmrmt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@ykadowak ykadowak dismissed stale reviews from kmrmt and kpango via 3798457 June 20, 2023 09:06
kpango
kpango approved these changes Jun 20, 2023
View reviewed changes
Copy link
Collaborator

@kpango kpango left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@vankichi vankichi merged commit b0bf240 into main Jun 21, 2023
36 checks passed
@vankichi vankichi deleted the feature/charts/custom-network-policy branch June 21, 2023 06:48
ykadowak added a commit that referenced this pull request Jun 26, 2023
@ykadowak @deepsource-autofix
Add user custom network policy (#2078)
0ef188c 
* add user custom network policy template

* add appPort to access grafana from host

* add kube-system as egress allow for agent

* add network policy settings as an example

* add stern in dev container

* add schema comments

* add network policy enabled to ci helm values

* add cluster role to deploy network policy

* style: Format code with prettier and gofumpt

* remove unnecesary network policy ci settings

* add pyroscope to ingress rule

---------

Co-authored-by: deepsource-autofix[bot] <62050782+deepsource-autofix[bot]@users.noreply.github.com>
@hlts2 hlts2 mentioned this pull request Sep 13, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kmrmt kmrmt kmrmt approved these changes

@kpango kpango kpango approved these changes

@vankichi vankichi vankichi approved these changes

Assignees
No one assigned
Labels
actions/e2e-chaos actions/e2e-deploy actions/e2e-max-dim actions/e2e-profiling area/helm priority/medium size/S team/sre SRE team type/ci type/feature New feature
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@ykadowak @vdaas-ci @kmrmt @kpango @vankichi