Skip to content

Add NetworkPolicy to all components #314

Open
#315
Open
Add NetworkPolicy to all components#314
#315
Labels
enhancementNew feature or requestgood first issueGood for newcomershelp wantedExtra attention is needed
@metalmatze

Description

@metalmatze
metalmatze
opened on Oct 26, 2023

I would be great to add NetworkPolicy to all components.

Here's an example for a thanos-store:

    networkPolicy: {
      kind: 'NetworkPolicy',
      apiVersion: 'networking.k8s.io/v1',
      metadata: {
        name: 'thanos-store',
        namespace: cfg.namespace,
      },
      spec: {
        podSelector: {
          matchLabels: {
            'app.kubernetes.io/name': 'thanos-store',
          },
        },
        egress: [{}],  // Allow all outside egress to connect to object storage
        ingress: [{
          from: [{
            namespaceSelector: {
              matchLabels: {
                'kubernetes.io/metadata.name': cfg.namespace,
              },
            },
            podSelector: {
              matchLabels: {
                'app.kubernetes.io/name': 'thanos-query',
              },
            },
          }],
        }],
        policyTypes: ['Egress'],
      },
    },

Example PR to add the network policy to individual components: https://github.com/parca-dev/demo-deployments/pull/189/files
This should really live in kube-thanos and not in each individual downstream project.

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or requestgood first issueGood for newcomershelp wantedExtra attention is needed

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions