WIP: Implementing Network Policy #207
No reviewers
Labels
No Label
has
backport
in progress
invalid
kind
breaking
kind
bug
kind
build
kind
dependency
kind
deployment
kind
docs
kind
enhancement
kind
feature
kind
lint
kind
proposal
kind
question
kind
refactor
kind
security
kind
testing
kind
translation
kind
ui
need
backport
priority
critical
priority
low
priority
maybe
priority
medium
reviewed
duplicate
reviewed
invalid
reviewed
wontfix
skip-changelog
status
blocked
status
needs-feedback
status
needs-reviews
status
wip
upstream
gitea
upstream
other
No Milestone
No Assignees
2 Participants
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: gitea/helm-chart#207
Loading…
Reference in New Issue
Block a user
No description provided.
Delete Branch "safaG/helm-chart:network-policy"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Hi All!
I have created network policy yaml file and adjusted helpers.tpl file in order to stop gitea pods from communicating outside of gitea pods. What I have is really basic as I am not a pro with helm charts. Maybe there is another way of doing it better but this is what I have. What I did was to add below to _helpers.tpl file:
I have added this file to pull the unique label that Gitea creates on all pods. Then I created the networkpolicy.yaml file and used the above label under
matchLabels:
in the networkpolicy.yaml fileI have tested this with a new deployment and everything seemed working fine. However not sure if it will be a breaking change with existing deployments, I have not tested that.
Thanks for your already invested time to provide that PR. Not sure if you like to have a review since the PR is marked as WIP.
Referring to your comment: to prevent such a breaking change the use of NetworkPolicy would need to be configurable with default value
false
. That way it wouldn't change existing installs. There are a few examples in the chart to see how this can be achieved. See this example.WIP: Security: Implementing Network-Policy to Gitea Pods.to WIP: Implementing Network Policy@safaG Do you want to continue your work on this pull request? There would be two things to do:
CIDR
value.@justusbunsi can we close this PR and move to pull request 306? I have made the neccessary changes there and tested it on my local cluster.
Pull request closed