feat: add network policies reference #425
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Can you move your content to another file and include it in the index (Cf #424) |
docs/source/reference/index.rst
Outdated
| +--------------------------+-----------------------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------+ | ||
| | Pod | Incoming | Outgoing | | ||
| +==========================+=========================================================================================================================================+=====================================================================================================================================+ | ||
| | orchestrator-server | backend-api-events, backend-worker-events, backend-scheduler, backend-scheduler-worker, backend-server, backend-builder, backend-worker | orchestrator-database | |
There was a problem hiding this comment.
Incoming also from internet, for other organisations. Basically it is opened to everything
There was a problem hiding this comment.
OK with prefacing that all these connections come from other organisations?
The idea is to give the option, if people deploying the network are using a more advanced network plugin, to know what connections exactly need to be allowed
docs/source/reference/index.rst
Outdated
| +==========================+=========================================================================================================================================+=====================================================================================================================================+ | ||
| | orchestrator-server | backend-api-events, backend-worker-events, backend-scheduler, backend-scheduler-worker, backend-server, backend-builder, backend-worker | orchestrator-database | | ||
| +--------------------------+-----------------------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------+ | ||
| | orchestrator-database | orchestrator-server | NONE | |
There was a problem hiding this comment.
Incoming: also orchestrator-migrations
docs/source/reference/index.rst
Outdated
Comment on lines
34
to
36
| | orchestrator-server | backend-api-events, backend-worker-events, backend-scheduler, backend-scheduler-worker, backend-server, backend-builder, backend-worker | orchestrator-database | | ||
| +--------------------------+-----------------------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------+ | ||
| | orchestrator-database | orchestrator-server | NONE | |
There was a problem hiding this comment.
All pods are given access to kube-dns on port 53, I don't know if it worth specifying
There was a problem hiding this comment.
are there cases where pods in kube are not given access to the DNS resolver?
maybe I can add a footnote to cover all cases?
docs/source/reference/index.rst
Outdated
Comment on lines
79
to
80
| It defines a set of roles (minimal network policies that block or allow a given connection) and relies on label selectors | ||
| to apply these roles to appropriate pods. |
There was a problem hiding this comment.
SIn some, we also uses IP ranges
SdgJlbl
force-pushed
the
feat/add-netpol-reference
branch
4 times, most recently
from
ac171a0 to
b79d5e6
Compare
Signed-off-by: SdgJlbl <[email protected]>
SdgJlbl
force-pushed
the
feat/add-netpol-reference
branch
from
b79d5e6 to
5cb702c
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fixes fl-1580