[grafana] Add manualEgress option for network policies #3913
+17
−8
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
felixb-denic
requested review from
Xtigyro,
jkroepke,
maorfr and
torstenwalter
as code owners
|
|
Signed-off-by: Felix Breidenstein <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Hey,
the current options one has regarding ingress and egress for Grafana in the helm chart is not really flexible, and didn't fit our needs. In the current state of the chart, when providing multiple ports and targets, everything gets rendered into a single rule which is more open than you need.
We wanted something like #3287 but for the egress rules. The problem was that as soon as you set
egress.enabled, a rule gets rendered which given the default values, opens up all ports.I tried to find a way to give the chart more flexibility but without breaking the chart for everyone else. With the new
manuelEgressoption, the user gets maximum flexibility if needed, but only if the new key is set.Something like that would probably also be great on the ingress side, but here it's even harder to implement, given the structure of the template and the values, without breaking the chart and requiring a major version bump. But if you are open for a rework of this part of the chart, I'm happy to help.
Best,
Felix