Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Define proper network policies #34

Open
3 tasks done
hcadavid opened this issue Nov 18, 2024 · 1 comment
Open
3 tasks done

Define proper network policies #34

hcadavid opened this issue Nov 18, 2024 · 1 comment
Assignees
@hcadavid

Comments

@hcadavid
Copy link
Collaborator

hcadavid commented Nov 18, 2024
edited
Loading

  • V6 algorithm for testing the network policies

Fine-tune Job PODs network policies so that:

  • The job PODs are able to resolve the NODE-PROXY FQDN (consider e.g., not blocking the DNS port)
  • The job pods can't reach any other external host
@hcadavid hcadavid mentioned this issue Nov 18, 2024
Merged
@hcadavid hcadavid self-assigned this Nov 18, 2024
@hcadavid hcadavid moved this to Todo in Sprints Nov 19, 2024
@hcadavid hcadavid added this to Sprints Nov 19, 2024
@hcadavid hcadavid moved this from In Progress to To Review in Sprints Jan 22, 2025
@hcadavid
Copy link
Collaborator Author

@frankcorneliusmartin and @CunliangGeng the changes to address this are now on the PoC: PRs #46 and #45, and #44

Something to consider: the new network policies defined for the Job PODs running the algorithms have one difference with the ones implemented on the docker-manager: they have an 'exception' rule that allows these PODs to use kubernetes' DNS service, as they need it to resolve the Node's FQDN.

@hcadavid hcadavid moved this from To Review to To Test in Sprints Jan 28, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@hcadavid hcadavid

Labels
None yet
Projects
Sprints
Status: To Test
Milestone
No milestone
Development

No branches or pull requests
1 participant
@hcadavid