Skip to content

Commit

Permalink
add workaround for cilium networkpolicies
Browse files Browse the repository at this point in the history
  • Loading branch information
@Aplet123
Aplet123 committed Feb 5, 2025
1 parent 28aaaa5 commit 4b65a42
Showing 1 changed file with 8 additions and 3 deletions.
11 changes: 8 additions & 3 deletions backend/instancer/backend.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -785,8 +785,8 @@ def start(self) -> None:
ing,
)

pol_interns = kclient.V1NetworkPolicy(
metadata=kclient.V1ObjectMeta(name="interns", labels=common_labels),
pol_intrans = kclient.V1NetworkPolicy(
metadata=kclient.V1ObjectMeta(name="intrans", labels=common_labels),
spec=kclient.V1NetworkPolicySpec(
pod_selector=kclient.V1LabelSelector(),
policy_types=["Ingress", "Egress"],
Expand Down Expand Up @@ -844,6 +844,11 @@ def start(self) -> None:
_from=[
kclient.V1NetworkPolicyPeer(
ip_block=kclient.V1IPBlock(cidr="0.0.0.0/0")
),
# according to cilium, pods don't have IPs!
# https://github.com/cilium/cilium/issues/31961
kclient.V1NetworkPolicyPeer(
namespace_selector=kclient.V1LabelSelector()
)
]
)
Expand Down Expand Up @@ -880,7 +885,7 @@ def start(self) -> None:
print(
f"[*] Making network policies under namespace {self.namespace}..."
)
napi.create_namespaced_network_policy(self.namespace, pol_interns)
napi.create_namespaced_network_policy(self.namespace, pol_intrans)
napi.create_namespaced_network_policy(self.namespace, pol_ingress)
napi.create_namespaced_network_policy(self.namespace, pol_egress)
except LockException:
Expand Down

0 comments on commit 4b65a42

Please sign in to comment.