Skip to content

feat: add network policy to restrict access #175

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
tchughesiv merged 4 commits into from
Nov 25, 2025
Merged

feat: add network policy to restrict access #175

tchughesiv merged 4 commits into from
Nov 25, 2025

Conversation

@mhdawson
Copy link
Collaborator

@mhdawson mhdawson commented Nov 24, 2025

Refs: https://issues.redhat.com/browse/APPENG-4057

  • add network policy to restrict access. It should ensure that
    • no external access other than slack endpoints
    • no access from other namespaces EXCEPT the knative-eventing namespace from which some specific pods have access
    • within same namespace no restrictionso
  • Update Makefile to show the correct SLACK urls given restricted access
  • Update action deployment with kind to specify that kind is being used through --set requestManagement.networkPolicies.platform=kind so that tests will still be able to run by not using openshift specific config

@mhdawson
feat: add network policy to restrict access
d3764bb 
Refs: https://issues.redhat.com/browse/APPENG-4057

- add network policy to restrict access. It should ensure that
  - no external access other than slack endpoints
  - no access from other namespaces EXCEPT the knative-eventing
    namespace from which some specific pods have access
  - within same namespace no restrictionso
- Update Makefile to show the correct SLACK urls given
  restricted access
- Update action deployment with kind to specify that kind
  is being used through --set requestManagement.networkPolicies.platform=kind so
  that tests will still be able to run by not using openshift specific config

Signed-off-by: Michael Dawson <[email protected]>
tchughesiv
tchughesiv reviewed Nov 24, 2025
View reviewed changes
@mhdawson
squash: address review comments
4621af4 
Signed-off-by: Michael Dawson <[email protected]>
tchughesiv
tchughesiv requested changes Nov 24, 2025
View reviewed changes
@mhdawson
squash: address comments
65a0c52 
Signed-off-by: Michael Dawson <[email protected]>
fax4ever
fax4ever approved these changes Nov 25, 2025
View reviewed changes
Copy link
Contributor

@fax4ever fax4ever left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks @mhdawson

@mhdawson @tchughesiv
Update Makefile
00ee786 
Co-authored-by: Tommy Hughes IV <[email protected]>
@tchughesiv tchughesiv merged commit a94c219 into RHEcosystemAppEng:main Nov 25, 2025
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@fax4ever fax4ever fax4ever approved these changes

@tchughesiv tchughesiv tchughesiv approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@mhdawson @fax4ever @tchughesiv