compliantkubernetes-apps icon indicating copy to clipboard operation
compliantkubernetes-apps copied to clipboard

Published 20 hours ago verified publisher icon elastisys

Lucian/net pol for dns and calico

Open lucianvlad opened this issue 2 years ago • 8 comments

What this PR does / why we need it: Network Policies for coredns, node-local-dns, dns-autoscaler, calico-accountant

Special notes for reviewer: I have added the Calico IPIPTunnel ip's in the sc-nodes / wc-nodes section as it was needed by coredns I did not create an allow rule for calico-accountant and it is using host network and the policy does not apply to it I did not create network policy for calico as it is using host network Add a screenshot or an example to illustrate the proposed solution:

Checklist:

  • [x] Proper commit message prefix on all commits

lucianvlad avatar Oct 14 '22 12:10 lucianvlad

Could you set the base for this PR to the branch you forked from? Makes it easier to review your changes

Xartos avatar Oct 17 '22 07:10 Xartos

Do your changes depend on rw/np-sec or could you rebase on main and remove all other commits? Currently the diff includes changes already merged to main.

aarnq avatar Nov 03 '22 13:11 aarnq

Do your changes depend on rw/np-sec or could you rebase on main and remove all other commits? Currently the diff includes changes already merged to main.

I initially made my changes based on rw/np-sec , but I just rebased on main about 30 min's ago

lucianvlad avatar Nov 03 '22 13:11 lucianvlad

Do your changes depend on rw/np-sec or could you rebase on main and remove all other commits? Currently the diff includes changes already merged to main.

I initially made my changes based on rw/np-sec , but I just rebased on main about 30 min's ago

Can you then drop the commits from rw/np-sec and change so the pr merges into main?

aarnq avatar Nov 03 '22 15:11 aarnq

Do your changes depend on rw/np-sec or could you rebase on main and remove all other commits? Currently the diff includes changes already merged to main.

I initially made my changes based on rw/np-sec , but I just rebased on main about 30 min's ago

Can you then drop the commits from rw/np-sec and change so the pr merges into main?

done just a few minutes ago

lucianvlad avatar Nov 04 '22 13:11 lucianvlad

I don't see the point of having netpols for calico-accountant and node-local-dns since they use the host network, and regular Kubernetes netpols don't apply to the host network.

aarnq avatar Nov 18 '22 13:11 aarnq

I don't see the point of having netpols for calico-accountant and node-local-dns since they use the host network, and regular Kubernetes netpols don't apply to the host network.

Removed the network policies for node-local-dns and calico-accountant

lucianvlad avatar Nov 25 '22 13:11 lucianvlad

Update WIP-CHANGELOG

Done

lucianvlad avatar Dec 06 '22 15:12 lucianvlad

ping @OlleLarsson @Pavan-Gunda @aarnq @raviranjanelastisys @viktor-f @robinAwallace

Xartos avatar Dec 14 '22 10:12 Xartos