Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add network policy #2022

Merged
merged 21 commits into from
May 9, 2023
Merged

add network policy #2022

merged 21 commits into from
May 9, 2023

Conversation

ykadowak
Copy link
Contributor

@ykadowak ykadowak commented May 1, 2023
edited
Loading

Description:

Added network policy with the configuration as in the table. Also only allowed traffic within the deployed namespace. Plus please note that the egress of the filter gateway is fully open due to the wide variety of user-defined filter configurations.

from \ to agent discoverer filter gateway lb gateway index User-defined Filters k8s apiserver
agent N/A
discoverer N/A
filter gateway N/A
lb gateway N/A
index N/A
User-defined Filters N/A
k8s apiserver N/A

Confirmed this configuration passes e2e with the steps below.

make k8s/vald/deploy HELM_VALUES=example/helm/values.yaml
make e2e

Related Issue:

Versions:

  • Go Version: 1.20.3
  • Docker Version: 20.10.8
  • Kubernetes Version: 1.22.0
  • NGT Version: 2.0.9

Checklist:

Special notes for your reviewer:

This PR will be followed by these PRs below.

  • e2e test on PR when there's helm template change
  • User-defined network policy for things like OpenTelemetry

NetworkPolicy is off by default until these changes are done.

@vdaas-ci
Copy link
Collaborator

vdaas-ci commented May 1, 2023

[CHATOPS:HELP] ChatOps commands.

  • 🙆‍♀️ /approve - approve
  • 💌 /changelog - replace the PR body by changelog details
  • 🍱 /format - format codes and add licenses
  • /gen-test - generate test codes
  • 🏷️ /label - add labels
  • /rebase - rebase main
  • 🔚 2️⃣ 🔚 /label actions/e2e-deploy - run E2E deploy & integration test

@cloudflare-workers-and-pages
Copy link

cloudflare-workers-and-pages bot commented May 1, 2023
edited
Loading

Deploying with  Cloudflare Pages  Cloudflare Pages

Latest commit: 6aa2081
Status: ✅  Deploy successful!
Preview URL: https://b632e142.vald.pages.dev
Branch Preview URL: https://feature-charts-add-network-p.vald.pages.dev

View logs

@kpango kpango requested review from a team and kevindiu and removed request for a team May 1, 2023 04:54
@ykadowak ykadowak removed request for kevindiu and a team May 1, 2023 06:03
@ykadowak ykadowak changed the title [WIP] add network policy add network policy May 2, 2023
@ykadowak ykadowak requested review from a team, kpango and hlts2 and removed request for a team May 2, 2023 02:37
kpango
kpango reviewed May 2, 2023
View reviewed changes
Makefile Show resolved Hide resolved
charts/vald/templates/common/deny-all.yaml Outdated Show resolved Hide resolved
charts/vald/templates/gateway/filter/networkpolicy.yaml Show resolved Hide resolved
charts/vald/values.yaml Show resolved Hide resolved
@vankichi vankichi requested a review from datelier May 8, 2023 04:46
@ykadowak ykadowak requested a review from kpango May 8, 2023 07:21
@ykadowak
Copy link
Contributor Author

ykadowak commented May 8, 2023
edited
Loading

There is a known bug in kube-linter and caused the K8s manifests / runner / kubelinter for vald chart fail. The fix should be released soon so we are leaving it.
stackrox/kube-linter#546

kpango
kpango approved these changes May 8, 2023
View reviewed changes
Copy link
Collaborator

@kpango kpango left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

hlts2
hlts2 approved these changes May 9, 2023
View reviewed changes
Copy link
Contributor

@hlts2 hlts2 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@kpango kpango merged commit 3b73544 into main May 9, 2023
@kpango kpango deleted the feature/charts/add-network-policy branch May 9, 2023 04:56
This was referenced Jun 12, 2023
Merged
Merged
Merged
@ykadowak ykadowak mentioned this pull request Jun 20, 2023
Merged
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kpango kpango kpango approved these changes

@hlts2 hlts2 hlts2 approved these changes

@datelier datelier Awaiting requested review from datelier

Assignees
No one assigned
Labels
area/helm area/makefile priority/medium size/S team/sre SRE team type/feature New feature
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@ykadowak @vdaas-ci @kpango @hlts2