From dbe89cecbe01aa6253688f6fef251d099e66e68e Mon Sep 17 00:00:00 2001 From: ylu128 <151783629+ylu128@users.noreply.github.com> Date: Tue, 18 Nov 2025 06:28:59 +0800 Subject: [PATCH] Add networkpolicy for Zen components (#2687) * add network policy for zen components --------- Co-authored-by: yishi lyu --- ...en-egress-setup-multi-tenancy-tables-job.yaml | 16 ++++++++++++++++ .../egress/zen/zen-egress-zen-gitops.yaml | 16 ++++++++++++++++ ...ss-zen-metastore-monthly-backup-cron-job.yaml | 16 ++++++++++++++++ ...ess-zen-metastore-weekly-backup-cron-job.yaml | 16 ++++++++++++++++ .../ingress/zen/zen-access-to-zen-gitops.yaml | 16 ++++++++++++++++ 5 files changed, 80 insertions(+) create mode 100644 cp3-networkpolicy/egress/zen/zen-egress-setup-multi-tenancy-tables-job.yaml create mode 100644 cp3-networkpolicy/egress/zen/zen-egress-zen-gitops.yaml create mode 100644 cp3-networkpolicy/egress/zen/zen-egress-zen-metastore-monthly-backup-cron-job.yaml create mode 100644 cp3-networkpolicy/egress/zen/zen-egress-zen-metastore-weekly-backup-cron-job.yaml create mode 100644 cp3-networkpolicy/ingress/zen/zen-access-to-zen-gitops.yaml diff --git a/cp3-networkpolicy/egress/zen/zen-egress-setup-multi-tenancy-tables-job.yaml b/cp3-networkpolicy/egress/zen/zen-egress-setup-multi-tenancy-tables-job.yaml new file mode 100644 index 000000000..4e212dcc5 --- /dev/null +++ b/cp3-networkpolicy/egress/zen/zen-egress-setup-multi-tenancy-tables-job.yaml @@ -0,0 +1,16 @@ +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: egress-setup-multi-tenancy-tables-job + namespace: "zenNamespace" + labels: + component: cpfs3 + service: zen +spec: + podSelector: + matchLabels: + component: "setup-multi-tenancy-tables-job" + policyTypes: + - Egress + egress: + - {} \ No newline at end of file diff --git a/cp3-networkpolicy/egress/zen/zen-egress-zen-gitops.yaml b/cp3-networkpolicy/egress/zen/zen-egress-zen-gitops.yaml new file mode 100644 index 000000000..40dd46b2a --- /dev/null +++ b/cp3-networkpolicy/egress/zen/zen-egress-zen-gitops.yaml @@ -0,0 +1,16 @@ +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: egress-zen-gitops + namespace: "zenNamespace" + labels: + component: cpfs3 + service: zen +spec: + podSelector: + matchLabels: + component: "zen-gitops" + policyTypes: + - Egress + egress: + - {} \ No newline at end of file diff --git a/cp3-networkpolicy/egress/zen/zen-egress-zen-metastore-monthly-backup-cron-job.yaml b/cp3-networkpolicy/egress/zen/zen-egress-zen-metastore-monthly-backup-cron-job.yaml new file mode 100644 index 000000000..b626f0f1d --- /dev/null +++ b/cp3-networkpolicy/egress/zen/zen-egress-zen-metastore-monthly-backup-cron-job.yaml @@ -0,0 +1,16 @@ +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: egress-zen-metastore-monthly-backup-cron-job + namespace: "zenNamespace" + labels: + component: cpfs3 + service: zen +spec: + podSelector: + matchLabels: + component: "zen-metastore-monthly-backup-cron-job" + policyTypes: + - Egress + egress: + - {} diff --git a/cp3-networkpolicy/egress/zen/zen-egress-zen-metastore-weekly-backup-cron-job.yaml b/cp3-networkpolicy/egress/zen/zen-egress-zen-metastore-weekly-backup-cron-job.yaml new file mode 100644 index 000000000..7b2ddb9fa --- /dev/null +++ b/cp3-networkpolicy/egress/zen/zen-egress-zen-metastore-weekly-backup-cron-job.yaml @@ -0,0 +1,16 @@ +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: egress-zen-metastore-weekly-backup-cron-job + namespace: "zenNamespace" + labels: + component: cpfs3 + service: zen +spec: + podSelector: + matchLabels: + component: "zen-metastore-weekly-backup-cron-job" + policyTypes: + - Egress + egress: + - {} diff --git a/cp3-networkpolicy/ingress/zen/zen-access-to-zen-gitops.yaml b/cp3-networkpolicy/ingress/zen/zen-access-to-zen-gitops.yaml new file mode 100644 index 000000000..c6741cbfe --- /dev/null +++ b/cp3-networkpolicy/ingress/zen/zen-access-to-zen-gitops.yaml @@ -0,0 +1,16 @@ +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: access-to-zen-gitops + namespace: "zenNamespace" + labels: + component: cpfs3 + service: zen +spec: + podSelector: + matchLabels: + component: "zen-gitops" + policyTypes: + - Ingress + ingress: + - {}