Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add NetworkPolicy to all components #314

Open
metalmatze opened this issue Oct 26, 2023 · 0 comments · May be fixed by #315
Open

Add NetworkPolicy to all components #314

metalmatze opened this issue Oct 26, 2023 · 0 comments · May be fixed by #315
Labels
enhancement New feature or request good first issue Good for newcomers help wanted Extra attention is needed

Comments

@metalmatze
Copy link
Member

I would be great to add NetworkPolicy to all components.

Here's an example for a thanos-store:

    networkPolicy: {
      kind: 'NetworkPolicy',
      apiVersion: 'networking.k8s.io/v1',
      metadata: {
        name: 'thanos-store',
        namespace: cfg.namespace,
      },
      spec: {
        podSelector: {
          matchLabels: {
            'app.kubernetes.io/name': 'thanos-store',
          },
        },
        egress: [{}],  // Allow all outside egress to connect to object storage
        ingress: [{
          from: [{
            namespaceSelector: {
              matchLabels: {
                'kubernetes.io/metadata.name': cfg.namespace,
              },
            },
            podSelector: {
              matchLabels: {
                'app.kubernetes.io/name': 'thanos-query',
              },
            },
          }],
        }],
        policyTypes: ['Egress'],
      },
    },

Example PR to add the network policy to individual components: https://github.com/parca-dev/demo-deployments/pull/189/files
This should really live in kube-thanos and not in each individual downstream project.
@metalmatze metalmatze added enhancement New feature or request help wanted Extra attention is needed good first issue Good for newcomers labels Oct 26, 2023
@harsh-ps-2003 harsh-ps-2003 linked a pull request Jan 6, 2024 that will close this issue
Open
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request good first issue Good for newcomers help wanted Extra attention is needed
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

adding networkpolicy for thanos components harsh-ps-2003/kube-thanos
1 participant
@metalmatze