Page MenuHomePhabricator
Create Task
Maniphest T264076

envoy service proxy: Add networkpolicy egress rule for enabled listeners
Closed, DuplicatePublic
Actions

Description

Currently, when adding a listener to discovery.listeners, a corresponding egress networkpolicy needs to be added as well (to allow traffic to the listener).

We should add some helm code to automatically include the needed egress rules for enabled listeners, so no extra configuration (and no specific knowledge of IPs and ports) is needed.

See https://gerrit.wikimedia.org/r/c/operations/deployment-charts/+/630769 for an example.

Related Objects

Event Timeline

JMeybohm created this task.Sep 29 2020, 9:21 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptSep 29 2020, 9:21 AM
JMeybohm triaged this task as Medium priority.Sep 29 2020, 9:21 AM
JMeybohm closed this task as a duplicate of T253058: DRY kafka broker declaration in helmfiles.Aug 30 2021, 9:23 AM
JMeybohm added a comment.Aug 30 2021, 9:28 AM

While not exactly a duplicate, this has been implemented as part of T253058 already.

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL