Skip to content

Comments

Add Network Policy to allow traffic from the HeLx infra (resty/nginx, ambassador, appstore-sockets) pods to the appstore pod#115

Merged
pj-linebaugh merged 4 commits intodevelopfrom
network-policy
May 8, 2025
Merged

Add Network Policy to allow traffic from the HeLx infra (resty/nginx, ambassador, appstore-sockets) pods to the appstore pod#115
pj-linebaugh merged 4 commits intodevelopfrom
network-policy

Conversation

@pj-linebaugh
Copy link
Contributor

There is already a network policy to allow traffic from the Ambassador pod(s) to the HeLx app pods. If the HeLx app pods need to communicate with other pods (gitea? grader-api?) then a network policy will need to be made to allow for that traffic. To get this to work I removed the line "- podSelector: {}" from the existing ingress.from section of the "default-namespace-isolation" networkpolicy that is added to all our namespaces. This was tested in my own namespace and I was able to create/delete HeLx app pods and see their status in the web UI. Traffic between the HeLx app pods was not allowed. This should also work for when there are multiple HeLx helm chart releases within the same namespace, but would allow for traffic between the infra pods in one release to communicate with the appstore pod in the other release.

…e. this will need tweeks in all helx charts if the helx parent chart is not used to deploy.
…s to communicate with appstore pod. Done a little differently so the release name is not used. This is a new feature to restrict helx app pod traffic.
@joshua-seals joshua-seals requested review from Hoid and ptlharit2 May 8, 2025 13:28
@pj-linebaugh pj-linebaugh merged commit d94ed16 into develop May 8, 2025
1 check passed
@pj-linebaugh pj-linebaugh deleted the network-policy branch May 8, 2025 15:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants