Skip to content

Commit

Permalink
Move networkpolicies out of /contrib into /common (kubeflow#2385) (ku…
Browse files Browse the repository at this point in the history 
…beflow#2457)

* Move networkpolicies out of /contrib into /common (kubeflow#2385)

* extend OWNERS file

* disable seldon NP

* enable seldon NP

* add rawc0der as Reviewer

* Remove rawc0der reviewer

* remove the duplicate resource
  • Loading branch information
@rawc0der
rawc0der authored and Corey Ricketts committed Jul 18, 2024
1 parent 86c118b commit 9f8c18c
Show file tree
Hide file tree
Showing 24 changed files with 28 additions and 30 deletions.
1 change: 1 addition & 0 deletions contrib/networkpolicies/OWNERS → common/networkpolicies/OWNERS
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,3 +3,4 @@ approvers:
reviewers:
- juliusvonkohout
- kimwnasptd
- TobiasGoerke
0 contrib/networkpolicies/README.md → common/networkpolicies/README.md
View file
File renamed without changes.
3 changes: 1 addition & 2 deletions contrib/networkpolicies/cache-server.yaml → ...on/networkpolicies/base/cache-server.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
kind: NetworkPolicy
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: cache-server
namespace: kubeflow
Expand All @@ -18,4 +18,3 @@ spec:
port: 8443
policyTypes:
- Ingress

2 changes: 1 addition & 1 deletion ...rib/networkpolicies/centraldashboard.yaml → ...etworkpolicies/base/centraldashboard.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
kind: NetworkPolicy
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: centraldashboard
namespace: kubeflow
Expand Down
2 changes: 1 addition & 1 deletion ...olicies/default-allow-same-namespace.yaml → ...es/base/default-allow-same-namespace.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
kind: NetworkPolicy
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: default-allow-same-namespace
namespace: kubeflow
Expand Down
2 changes: 1 addition & 1 deletion contrib/networkpolicies/jupyter-web-app.yaml → ...networkpolicies/base/jupyter-web-app.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
kind: NetworkPolicy
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: jupyter-web-app
namespace: kubeflow
Expand Down
8 changes: 4 additions & 4 deletions ...rib/networkpolicies/katib-controller.yaml → ...etworkpolicies/base/katib-controller.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
kind: NetworkPolicy
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: katib-controller
namespace: kubeflow
Expand All @@ -16,8 +16,8 @@ spec:
- ports: # webhook
- protocol: TCP
port: 8443
# - ports: # metrics
# - protocol: TCP
# port: 8080
# - ports: # metrics
# - protocol: TCP
# port: 8080
policyTypes:
- Ingress
2 changes: 1 addition & 1 deletion ...rib/networkpolicies/katib-db-manager.yaml → ...etworkpolicies/base/katib-db-manager.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
kind: NetworkPolicy
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: katib-db-manager
namespace: kubeflow
Expand Down
2 changes: 1 addition & 1 deletion contrib/networkpolicies/katib-ui.yaml → common/networkpolicies/base/katib-ui.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
kind: NetworkPolicy
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: katib-ui
namespace: kubeflow
Expand Down
2 changes: 1 addition & 1 deletion ...etworkpolicies/kserve-models-web-app.yaml → ...kpolicies/base/kserve-models-web-app.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
kind: NetworkPolicy
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: kserve-models-web-app
namespace: kubeflow
Expand Down
3 changes: 1 addition & 2 deletions contrib/networkpolicies/kserve.yaml → common/networkpolicies/base/kserve.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,5 @@

kind: NetworkPolicy
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: kserve
namespace: kubeflow
Expand Down
2 changes: 1 addition & 1 deletion contrib/networkpolicies/kustomization.yaml → ...n/networkpolicies/base/kustomization.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ resources:
- metadata-envoy.yaml
- metadata-grpc-server.yaml
- minio.yaml
- ml-pipeline-ui.yaml
- ml-pipeline-ui.yaml
- ml-pipeline.yaml
- poddefaults.yaml
- pvcviewer-webhook.yaml
Expand Down
3 changes: 1 addition & 2 deletions contrib/networkpolicies/metadata-envoy.yaml → .../networkpolicies/base/metadata-envoy.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
kind: NetworkPolicy
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: metatada-envoy
namespace: kubeflow
Expand All @@ -21,4 +21,3 @@ spec:
- podSelector: {}
policyTypes:
- Ingress

3 changes: 1 addition & 2 deletions ...networkpolicies/metadata-grpc-server.yaml → ...rkpolicies/base/metadata-grpc-server.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
kind: NetworkPolicy
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: metadata-grpc-server
namespace: kubeflow
Expand All @@ -21,4 +21,3 @@ spec:
- podSelector: {} # allow all pods from the same namespace
policyTypes:
- Ingress

4 changes: 2 additions & 2 deletions contrib/networkpolicies/minio.yaml → common/networkpolicies/base/minio.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
kind: NetworkPolicy
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: minio
namespace: kubeflow
Expand All @@ -9,7 +9,7 @@ spec:
- key: app
operator: In
values:
- minio # artifact storage
- minio # artifact storage
ingress:
- from:
- namespaceSelector:
Expand Down
2 changes: 1 addition & 1 deletion contrib/networkpolicies/ml-pipeline-ui.yaml → .../networkpolicies/base/ml-pipeline-ui.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
kind: NetworkPolicy
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: ml-pipeline-ui
namespace: kubeflow
Expand Down
2 changes: 1 addition & 1 deletion contrib/networkpolicies/ml-pipeline.yaml → common/networkpolicies/base/ml-pipeline.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
kind: NetworkPolicy
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: ml-pipeline
namespace: kubeflow
Expand Down
4 changes: 2 additions & 2 deletions contrib/networkpolicies/poddefaults.yaml → common/networkpolicies/base/poddefaults.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
kind: NetworkPolicy
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: poddefaults
namespace: kubeflow
Expand All @@ -9,7 +9,7 @@ spec:
- key: app
operator: In
values:
- poddefaults # mutating webhook
- poddefaults # mutating webhook
# https://www.elastic.co/guide/en/cloud-on-k8s/1.1/k8s-webhook-network-policies.html
# The kubernetes api server must reach the webhook
ingress:
Expand Down
0 ...ib/networkpolicies/pvcviewer-webhook.yaml → ...tworkpolicies/base/pvcviewer-webhook.yaml
View file
File renamed without changes.
3 changes: 1 addition & 2 deletions contrib/networkpolicies/seldon.yaml → common/networkpolicies/base/seldon.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
kind: NetworkPolicy
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: seldon
namespace: kubeflow
Expand All @@ -18,4 +18,3 @@ spec:
port: 4443
policyTypes:
- Ingress

2 changes: 1 addition & 1 deletion ...networkpolicies/tensorboards-web-app.yaml → ...rkpolicies/base/tensorboards-web-app.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
kind: NetworkPolicy
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: tensorboards-web-app
namespace: kubeflow
Expand Down
2 changes: 1 addition & 1 deletion contrib/networkpolicies/volumes-web-app.yaml → ...networkpolicies/base/volumes-web-app.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
kind: NetworkPolicy
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: volumes-web-app
namespace: kubeflow
Expand Down
1 change: 0 additions & 1 deletion contrib/networkpolicies/.gitkeep
View file

This file was deleted.

3 changes: 3 additions & 0 deletions example/kustomization.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ sortOptions:
- MutatingWebhookConfiguration
- ServiceAccount
- PodSecurityPolicy
- NetworkPolicy
- Role
- ClusterRole
- RoleBinding
Expand Down Expand Up @@ -49,6 +50,8 @@ resources:
- ../common/istio-1-17/cluster-local-gateway/base
# Kubeflow namespace
- ../common/kubeflow-namespace/base
# NetworkPolicies
- ../common/networkpolicies/base
# Kubeflow Roles
- ../common/kubeflow-roles/base
# Kubeflow Istio Resources
Expand Down

0 comments on commit 9f8c18c

Please sign in to comment.