kepler icon indicating copy to clipboard operation
kepler copied to clipboard
verified publisher icon sustainable-computing-io

NetworkPolicy for kepler

Open jcpunk opened this issue 4 months ago • 1 comments

Target Version

Current version (0.10.0+) - New Architecture

Feature Description

It would be nice if the sample manifests and helm chart included a NetworkPolicy for the kepler service.

Problem Statement

Kubernetes audits often complain about deployments with unrestricted networking.

Proposed Solution

A sample network policy that limits kepler inbound/outbound traffic

Alternatives Considered

Something home grown

Additional Context

https://github.com/sustainable-computing-io/kepler-helm-chart/commit/566acb5e68dac98affb79151044e3b9d3848c7fd

And a handy link to doc: https://kubernetes.io/docs/concepts/services-networking/network-policies/

jcpunk avatar Aug 27 '25 20:08 jcpunk

I am working on this issue and have one question. The additional context set no limits for egress traffic but I don't know why it is needed.

I think Kepler only read sysfs and procfs, then generate metrics, exposing with 28282 port for Prometheus to pull. And I also run CI on my fork and it works well.

Is there anything I miss for the egress traffic? Or limiting all egress traffic is okay?

ExplorerRay avatar Oct 05 '25 03:10 ExplorerRay