mirrors/pinniped
1
0
Fork 0
mirror of https://github.com/vmware-tanzu/pinniped.git synced 2026-01-06 21:47:45 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

explicitly define "podSelector" in NetworkPolicies

Browse Source 
because Kube API docs say it is not optional
This commit is contained in:
Ryan Richard
2024-10-10 11:45:16 -07:00
parent 4f661aaa69
commit 2aa30edb88
1 changed files with 5 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
hack/prepare-for-integration-tests.sh
View File

@@ -391,7 +391,7 @@ fi
# proxy server can reach them all, so the Supervisor and Concierge can reach them through the proxy.
#
if [[ "${FIREWALL_IDPS:-no}" == "yes" ]]; then
log_note "Setting up firewalls for the Supervisor and Concierge's outgoing TCP/UDP/SCTP network traffic..."
log_note "Setting up firewalls for the Supervisor and Concierge's outgoing TCP/UDP network traffic..."
cat <<EOF | kubectl apply --wait -f -
---
apiVersion: networking.k8s.io/v1
@@ -400,7 +400,8 @@ metadata:
name: supervisor-cannot-make-external-requests
namespace: ${supervisor_namespace}
spec:
# Having no podSelector will select all pods in the namespace.
# An empty podSelector matches all pods in this namespace.
podSelector: {}
policyTypes:
- Egress
# This is an allow list. Everything else disallowed.
@@ -433,7 +434,8 @@ metadata:
name: concierge-cannot-make-external-requests
namespace: ${concierge_namespace}
spec:
# Having no podSelector will select all pods in the namespace.
# An empty podSelector matches all pods in this namespace.
podSelector: {}
policyTypes:
- Egress
# This is an allow list. Everything else disallowed.