Skip to content

Kubernetes: fix global network policy #1227

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Oct 2, 2025
Merged

Kubernetes: fix global network policy #1227

merged 1 commit into from
Oct 2, 2025

Conversation

@YuryHrytsuk
Copy link
Collaborator

@YuryHrytsuk YuryHrytsuk commented Oct 2, 2025
edited
Loading

What do these changes do?

The values were wrong (destination key was missing). This led to global network policy that allows any egress

Related issue/s

Related PR/s

Checklist

  • I tested and it works

@YuryHrytsuk YuryHrytsuk added this to the Cheops milestone Oct 2, 2025
@YuryHrytsuk YuryHrytsuk self-assigned this Oct 2, 2025
@YuryHrytsuk YuryHrytsuk enabled auto-merge (squash) October 2, 2025 07:43
mrnicegyu11
mrnicegyu11 approved these changes Oct 2, 2025
View reviewed changes
Copy link
Member

@mrnicegyu11 mrnicegyu11 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ui
good find
... and scary silent "failure" ...

🥳

@YuryHrytsuk YuryHrytsuk merged commit 2d3adb1 into ITISFoundation:main Oct 2, 2025
3 checks passed
@YuryHrytsuk YuryHrytsuk deleted the kubernetes-fix-global-network-policy branch October 2, 2025 08:26
mrnicegyu11 added a commit that referenced this pull request Oct 6, 2025
@mrnicegyu11
Revert "Kubernetes: fix global network policy (#1227)"
86ecb97 
This reverts commit 2d3adb1.
@mrnicegyu11
Copy link
Member

mrnicegyu11 commented Oct 7, 2025

@YuryHrytsuk just FYI this had to be reverted in 86ecb97 as it caused the healthcheck of the resource-usage-tracker on aws-master to fail, and then RUT could not be reached, which lead to issues on billable simcore products :--)

@mrnicegyu11 mrnicegyu11 mentioned this pull request Oct 7, 2025
Closed
mrnicegyu11 pushed a commit to mrnicegyu11/osparc-ops-environments that referenced this pull request Oct 8, 2025
@YuryHrytsuk @mrnicegyu11
Kubernetes: fix global network policy (ITISFoundation#1227)
1e15c94
mrnicegyu11 added a commit to mrnicegyu11/osparc-ops-environments that referenced this pull request Oct 8, 2025
@mrnicegyu11
Revert "Kubernetes: fix global network policy (ITISFoundation#1227)"
c05f58c 
This reverts commit 2d3adb1.
mrnicegyu11 added a commit that referenced this pull request Oct 17, 2025
@mrnicegyu11 @YuryHrytsuk
⚗️ Add vector-dev logging aggregator /w loki, graylog via host ports (#…
a8cc860 
…1233)

* wip

* Add csi-s3 and have portainer use it

* Change request @Hrytsuk 1GB max portainer volume size

* Arch Linux Certificates Customization

* Fix pgsql exporter failure

* [Kubernetes] Introduce on-prem persistent Storage (Longhorn) 🎉  (#979)

* Introduce longhorn chart

* Further longhorn configuration

* Longhorn: further settings configuration

* Fix longhorn configuration bugs

Extra: introduce longhorn pv vales for portainer

* Add comment for deletion longhorn

* Further longhorn configuration

* Add README.md for Longhorn wit FAQ

* Update Longhorn readme

* Update readme

* Futher LH configuration

* Update LH's Readme

* Update Longhorn Readme

* Improve LH's Readme

* LH: Reduce reserved default disk space to 5%

Since we use a dedicated disk for LH, we can go ahead with 5%

* Use values to set Longhorn storage class

* Update LH's Readme

* LH Readme: add requirements reference

* PR Review: bring back portainer s3 pv

* LH: decrease portinaer volume size

* Experimental: Try to add tracing to simcore-traefik on master

* Fixes ITISFoundation/osparc-simcore#7363

* Arch Linux Certificates Customization - 2

* Revert: disable loki & vector-dev, oldschool graylog logging (#1223)

* wip

* Add csi-s3 and have portainer use it

* Change request @Hrytsuk 1GB max portainer volume size

* Arch Linux Certificates Customization

* Fix pgsql exporter failure

* [Kubernetes] Introduce on-prem persistent Storage (Longhorn) 🎉  (#979)

* Introduce longhorn chart

* Further longhorn configuration

* Longhorn: further settings configuration

* Fix longhorn configuration bugs

Extra: introduce longhorn pv vales for portainer

* Add comment for deletion longhorn

* Further longhorn configuration

* Add README.md for Longhorn wit FAQ

* Update Longhorn readme

* Update readme

* Futher LH configuration

* Update LH's Readme

* Update Longhorn Readme

* Improve LH's Readme

* LH: Reduce reserved default disk space to 5%

Since we use a dedicated disk for LH, we can go ahead with 5%

* Use values to set Longhorn storage class

* Update LH's Readme

* LH Readme: add requirements reference

* PR Review: bring back portainer s3 pv

* LH: decrease portinaer volume size

* Experimental: Try to add tracing to simcore-traefik on master

* Fixes ITISFoundation/osparc-simcore#7363

* Arch Linux Certificates Customization - 2

* Send docker logs directly to graylog

* revert arch linux customization

---------

Co-authored-by: Dustin Kaiser <[email protected]>
Co-authored-by: YH <[email protected]>

* Enable Chatbot for S4L products (#1221)

* wip

* Add csi-s3 and have portainer use it

* Change request @Hrytsuk 1GB max portainer volume size

* Arch Linux Certificates Customization

* Fix pgsql exporter failure

* [Kubernetes] Introduce on-prem persistent Storage (Longhorn) 🎉  (#979)

* Introduce longhorn chart

* Further longhorn configuration

* Longhorn: further settings configuration

* Fix longhorn configuration bugs

Extra: introduce longhorn pv vales for portainer

* Add comment for deletion longhorn

* Further longhorn configuration

* Add README.md for Longhorn wit FAQ

* Update Longhorn readme

* Update readme

* Futher LH configuration

* Update LH's Readme

* Update Longhorn Readme

* Improve LH's Readme

* LH: Reduce reserved default disk space to 5%

Since we use a dedicated disk for LH, we can go ahead with 5%

* Use values to set Longhorn storage class

* Update LH's Readme

* LH Readme: add requirements reference

* PR Review: bring back portainer s3 pv

* LH: decrease portinaer volume size

* Experimental: Try to add tracing to simcore-traefik on master

* Fixes ITISFoundation/osparc-simcore#7363

* Arch Linux Certificates Customization - 2

* Remove frontend vendor chatbot service

* wip

---------

Co-authored-by: Dustin Kaiser <[email protected]>
Co-authored-by: YH <[email protected]>

* Kubernetes: fix global network policy (#1227)

* Add authentication middleware to cahtbot vendor service

* Revert "Kubernetes: fix global network policy (#1227)"

This reverts commit 2d3adb1.

* Add ACME DNS Resolver for gitlabCD and k8s (#1217)

* wip

* Add csi-s3 and have portainer use it

* Change request @Hrytsuk 1GB max portainer volume size

* Arch Linux Certificates Customization

* Fix pgsql exporter failure

* [Kubernetes] Introduce on-prem persistent Storage (Longhorn) 🎉  (#979)

* Introduce longhorn chart

* Further longhorn configuration

* Longhorn: further settings configuration

* Fix longhorn configuration bugs

Extra: introduce longhorn pv vales for portainer

* Add comment for deletion longhorn

* Further longhorn configuration

* Add README.md for Longhorn wit FAQ

* Update Longhorn readme

* Update readme

* Futher LH configuration

* Update LH's Readme

* Update Longhorn Readme

* Improve LH's Readme

* LH: Reduce reserved default disk space to 5%

Since we use a dedicated disk for LH, we can go ahead with 5%

* Use values to set Longhorn storage class

* Update LH's Readme

* LH Readme: add requirements reference

* PR Review: bring back portainer s3 pv

* LH: decrease portinaer volume size

* Experimental: Try to add tracing to simcore-traefik on master

* Fixes ITISFoundation/osparc-simcore#7363

* Arch Linux Certificates Customization - 2

* wip

* wip

* this might work

* k8s wip

* wip

* wip

---------

Co-authored-by: Dustin Kaiser <[email protected]>
Co-authored-by: YH <[email protected]>

* Experimental: vectordev via host ports

* revert

* fix

* fixes

---------

Co-authored-by: Dustin Kaiser <[email protected]>
Co-authored-by: YH <[email protected]>
@YuryHrytsuk YuryHrytsuk mentioned this pull request Oct 20, 2025
Merged
1 task
mrnicegyu11 added a commit that referenced this pull request Oct 20, 2025
@mrnicegyu11 @YuryHrytsuk
⚗️ (re-)introduce vector-dev log aggregator (#1237)
e516559 
* wip

* Add csi-s3 and have portainer use it

* Change request @Hrytsuk 1GB max portainer volume size

* Arch Linux Certificates Customization

* Fix pgsql exporter failure

* [Kubernetes] Introduce on-prem persistent Storage (Longhorn) 🎉  (#979)

* Introduce longhorn chart

* Further longhorn configuration

* Longhorn: further settings configuration

* Fix longhorn configuration bugs

Extra: introduce longhorn pv vales for portainer

* Add comment for deletion longhorn

* Further longhorn configuration

* Add README.md for Longhorn wit FAQ

* Update Longhorn readme

* Update readme

* Futher LH configuration

* Update LH's Readme

* Update Longhorn Readme

* Improve LH's Readme

* LH: Reduce reserved default disk space to 5%

Since we use a dedicated disk for LH, we can go ahead with 5%

* Use values to set Longhorn storage class

* Update LH's Readme

* LH Readme: add requirements reference

* PR Review: bring back portainer s3 pv

* LH: decrease portinaer volume size

* Experimental: Try to add tracing to simcore-traefik on master

* Fixes ITISFoundation/osparc-simcore#7363

* Arch Linux Certificates Customization - 2

* Revert: disable loki & vector-dev, oldschool graylog logging (#1223)

* wip

* Add csi-s3 and have portainer use it

* Change request @Hrytsuk 1GB max portainer volume size

* Arch Linux Certificates Customization

* Fix pgsql exporter failure

* [Kubernetes] Introduce on-prem persistent Storage (Longhorn) 🎉  (#979)

* Introduce longhorn chart

* Further longhorn configuration

* Longhorn: further settings configuration

* Fix longhorn configuration bugs

Extra: introduce longhorn pv vales for portainer

* Add comment for deletion longhorn

* Further longhorn configuration

* Add README.md for Longhorn wit FAQ

* Update Longhorn readme

* Update readme

* Futher LH configuration

* Update LH's Readme

* Update Longhorn Readme

* Improve LH's Readme

* LH: Reduce reserved default disk space to 5%

Since we use a dedicated disk for LH, we can go ahead with 5%

* Use values to set Longhorn storage class

* Update LH's Readme

* LH Readme: add requirements reference

* PR Review: bring back portainer s3 pv

* LH: decrease portinaer volume size

* Experimental: Try to add tracing to simcore-traefik on master

* Fixes ITISFoundation/osparc-simcore#7363

* Arch Linux Certificates Customization - 2

* Send docker logs directly to graylog

* revert arch linux customization

---------

Co-authored-by: Dustin Kaiser <[email protected]>
Co-authored-by: YH <[email protected]>

* Enable Chatbot for S4L products (#1221)

* wip

* Add csi-s3 and have portainer use it

* Change request @Hrytsuk 1GB max portainer volume size

* Arch Linux Certificates Customization

* Fix pgsql exporter failure

* [Kubernetes] Introduce on-prem persistent Storage (Longhorn) 🎉  (#979)

* Introduce longhorn chart

* Further longhorn configuration

* Longhorn: further settings configuration

* Fix longhorn configuration bugs

Extra: introduce longhorn pv vales for portainer

* Add comment for deletion longhorn

* Further longhorn configuration

* Add README.md for Longhorn wit FAQ

* Update Longhorn readme

* Update readme

* Futher LH configuration

* Update LH's Readme

* Update Longhorn Readme

* Improve LH's Readme

* LH: Reduce reserved default disk space to 5%

Since we use a dedicated disk for LH, we can go ahead with 5%

* Use values to set Longhorn storage class

* Update LH's Readme

* LH Readme: add requirements reference

* PR Review: bring back portainer s3 pv

* LH: decrease portinaer volume size

* Experimental: Try to add tracing to simcore-traefik on master

* Fixes ITISFoundation/osparc-simcore#7363

* Arch Linux Certificates Customization - 2

* Remove frontend vendor chatbot service

* wip

---------

Co-authored-by: Dustin Kaiser <[email protected]>
Co-authored-by: YH <[email protected]>

* Kubernetes: fix global network policy (#1227)

* Add authentication middleware to cahtbot vendor service

* Revert "Kubernetes: fix global network policy (#1227)"

This reverts commit 2d3adb1.

* Add ACME DNS Resolver for gitlabCD and k8s (#1217)

* wip

* Add csi-s3 and have portainer use it

* Change request @Hrytsuk 1GB max portainer volume size

* Arch Linux Certificates Customization

* Fix pgsql exporter failure

* [Kubernetes] Introduce on-prem persistent Storage (Longhorn) 🎉  (#979)

* Introduce longhorn chart

* Further longhorn configuration

* Longhorn: further settings configuration

* Fix longhorn configuration bugs

Extra: introduce longhorn pv vales for portainer

* Add comment for deletion longhorn

* Further longhorn configuration

* Add README.md for Longhorn wit FAQ

* Update Longhorn readme

* Update readme

* Futher LH configuration

* Update LH's Readme

* Update Longhorn Readme

* Improve LH's Readme

* LH: Reduce reserved default disk space to 5%

Since we use a dedicated disk for LH, we can go ahead with 5%

* Use values to set Longhorn storage class

* Update LH's Readme

* LH Readme: add requirements reference

* PR Review: bring back portainer s3 pv

* LH: decrease portinaer volume size

* Experimental: Try to add tracing to simcore-traefik on master

* Fixes ITISFoundation/osparc-simcore#7363

* Arch Linux Certificates Customization - 2

* wip

* wip

* this might work

* k8s wip

* wip

* wip

---------

Co-authored-by: Dustin Kaiser <[email protected]>
Co-authored-by: YH <[email protected]>

* Experimental: vectordev via host ports

* revert

* fix

* fixes

* fix: commincate from vector to sinks via tcp and host ports

* Fix: UDP vector ingestion should run as ingress port

---------

Co-authored-by: Dustin Kaiser <[email protected]>
Co-authored-by: YH <[email protected]>
mrnicegyu11 added a commit that referenced this pull request Nov 4, 2025
@mrnicegyu11 @YuryHrytsuk
🐛 Fix: graylog dashboard processing (#1250)
a815501 
* wip

* Add csi-s3 and have portainer use it

* Change request @Hrytsuk 1GB max portainer volume size

* Arch Linux Certificates Customization

* Fix pgsql exporter failure

* [Kubernetes] Introduce on-prem persistent Storage (Longhorn) 🎉  (#979)

* Introduce longhorn chart

* Further longhorn configuration

* Longhorn: further settings configuration

* Fix longhorn configuration bugs

Extra: introduce longhorn pv vales for portainer

* Add comment for deletion longhorn

* Further longhorn configuration

* Add README.md for Longhorn wit FAQ

* Update Longhorn readme

* Update readme

* Futher LH configuration

* Update LH's Readme

* Update Longhorn Readme

* Improve LH's Readme

* LH: Reduce reserved default disk space to 5%

Since we use a dedicated disk for LH, we can go ahead with 5%

* Use values to set Longhorn storage class

* Update LH's Readme

* LH Readme: add requirements reference

* PR Review: bring back portainer s3 pv

* LH: decrease portinaer volume size

* Experimental: Try to add tracing to simcore-traefik on master

* Fixes ITISFoundation/osparc-simcore#7363

* Arch Linux Certificates Customization - 2

* Revert: disable loki & vector-dev, oldschool graylog logging (#1223)

* wip

* Add csi-s3 and have portainer use it

* Change request @Hrytsuk 1GB max portainer volume size

* Arch Linux Certificates Customization

* Fix pgsql exporter failure

* [Kubernetes] Introduce on-prem persistent Storage (Longhorn) 🎉  (#979)

* Introduce longhorn chart

* Further longhorn configuration

* Longhorn: further settings configuration

* Fix longhorn configuration bugs

Extra: introduce longhorn pv vales for portainer

* Add comment for deletion longhorn

* Further longhorn configuration

* Add README.md for Longhorn wit FAQ

* Update Longhorn readme

* Update readme

* Futher LH configuration

* Update LH's Readme

* Update Longhorn Readme

* Improve LH's Readme

* LH: Reduce reserved default disk space to 5%

Since we use a dedicated disk for LH, we can go ahead with 5%

* Use values to set Longhorn storage class

* Update LH's Readme

* LH Readme: add requirements reference

* PR Review: bring back portainer s3 pv

* LH: decrease portinaer volume size

* Experimental: Try to add tracing to simcore-traefik on master

* Fixes ITISFoundation/osparc-simcore#7363

* Arch Linux Certificates Customization - 2

* Send docker logs directly to graylog

* revert arch linux customization

---------

Co-authored-by: Dustin Kaiser <[email protected]>
Co-authored-by: YH <[email protected]>

* Enable Chatbot for S4L products (#1221)

* wip

* Add csi-s3 and have portainer use it

* Change request @Hrytsuk 1GB max portainer volume size

* Arch Linux Certificates Customization

* Fix pgsql exporter failure

* [Kubernetes] Introduce on-prem persistent Storage (Longhorn) 🎉  (#979)

* Introduce longhorn chart

* Further longhorn configuration

* Longhorn: further settings configuration

* Fix longhorn configuration bugs

Extra: introduce longhorn pv vales for portainer

* Add comment for deletion longhorn

* Further longhorn configuration

* Add README.md for Longhorn wit FAQ

* Update Longhorn readme

* Update readme

* Futher LH configuration

* Update LH's Readme

* Update Longhorn Readme

* Improve LH's Readme

* LH: Reduce reserved default disk space to 5%

Since we use a dedicated disk for LH, we can go ahead with 5%

* Use values to set Longhorn storage class

* Update LH's Readme

* LH Readme: add requirements reference

* PR Review: bring back portainer s3 pv

* LH: decrease portinaer volume size

* Experimental: Try to add tracing to simcore-traefik on master

* Fixes ITISFoundation/osparc-simcore#7363

* Arch Linux Certificates Customization - 2

* Remove frontend vendor chatbot service

* wip

---------

Co-authored-by: Dustin Kaiser <[email protected]>
Co-authored-by: YH <[email protected]>

* Kubernetes: fix global network policy (#1227)

* Add authentication middleware to cahtbot vendor service

* Revert "Kubernetes: fix global network policy (#1227)"

This reverts commit 2d3adb1.

* Add ACME DNS Resolver for gitlabCD and k8s (#1217)

* wip

* Add csi-s3 and have portainer use it

* Change request @Hrytsuk 1GB max portainer volume size

* Arch Linux Certificates Customization

* Fix pgsql exporter failure

* [Kubernetes] Introduce on-prem persistent Storage (Longhorn) 🎉  (#979)

* Introduce longhorn chart

* Further longhorn configuration

* Longhorn: further settings configuration

* Fix longhorn configuration bugs

Extra: introduce longhorn pv vales for portainer

* Add comment for deletion longhorn

* Further longhorn configuration

* Add README.md for Longhorn wit FAQ

* Update Longhorn readme

* Update readme

* Futher LH configuration

* Update LH's Readme

* Update Longhorn Readme

* Improve LH's Readme

* LH: Reduce reserved default disk space to 5%

Since we use a dedicated disk for LH, we can go ahead with 5%

* Use values to set Longhorn storage class

* Update LH's Readme

* LH Readme: add requirements reference

* PR Review: bring back portainer s3 pv

* LH: decrease portinaer volume size

* Experimental: Try to add tracing to simcore-traefik on master

* Fixes ITISFoundation/osparc-simcore#7363

* Arch Linux Certificates Customization - 2

* wip

* wip

* this might work

* k8s wip

* wip

* wip

---------

Co-authored-by: Dustin Kaiser <[email protected]>
Co-authored-by: YH <[email protected]>

* Fix #1245

* fix

* linting

---------

Co-authored-by: Dustin Kaiser <[email protected]>
Co-authored-by: YH <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mrnicegyu11 mrnicegyu11 mrnicegyu11 approved these changes

Assignees

@YuryHrytsuk YuryHrytsuk

Labels

SECURITY

Projects

None yet

Milestone

Cheops

Development

Successfully merging this pull request may close these issues.

Kubernetes: global network policy allows any egress

2 participants

@YuryHrytsuk @mrnicegyu11