-
Notifications
You must be signed in to change notification settings - Fork 993
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support networkpolicy #552
Conversation
/assign @k82cn |
I will add test later if this is feasible. |
LGTM overall |
Hey @hzxuzhonghu, TravisBuddy Request Identifier: f30d7ad0-1026-11ea-a65a-5f455ab5a299 |
/lgtm |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: hzxuzhonghu, k82cn The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
@@ -97,6 +98,11 @@ func (sp *servicePlugin) OnJobAdd(job *batch.Job) error { | |||
return err | |||
} | |||
|
|||
// TODO: maybe add a flag |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@hzxuzhonghu can you pls add flag for this?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@dalfos Yeah, anyway i want to know your use case.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@hzxuzhonghu I already implemented it through calicoctl I want to avoid conflicts
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
hmm... let's add a flag to this plugin :)
Hi @hzxuzhonghu and @k82cn should I open issue for discussed flag? |
That's ok to me, please go ahead to open an issue/pr for that :) |
This is for the sake of the security, added networkpolicy to allow access from only groups of pods belong to the same job and prevent access from external.
Note: networkpolicy depends on CNI plugin, only takes effect when cni supports it.