Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Test serverless with strict central network policies #1533

Merged
merged 16 commits into from
Apr 3, 2025

Conversation

kwiatekus
Copy link
Contributor

@kwiatekus kwiatekus commented Mar 21, 2025

Description

Reviewer should read this first

Changes proposed in this pull request:

  • apply extra fixture with strict network policies in integration tests
  • label operators with networking.kyma-project.io/to-apiserver: allowed
  • label webhook (legacy) with networking.kyma-project.io/from-seed: allowed

Related issue(s)
#1530

@kwiatekus
Copy link
Contributor Author

TODO: enable policy for jobs to push into serverless-docker-registry.kyma-system.svc.cluster.local:5000

Tests show that function build job fails with

error checking push permissions -- make sure you entered the correct tag name, and that you are authenticated correctly, and try again: checking push permission for "serverless-docker-registry.kyma-system.svc.cluster.local:5000/default-fn:eb2f4eeb161602519b3f5510c262c3372f6c8bcedabbcc40dcc72c92532fda77": creating push check transport for serverless-docker-registry.kyma-system.svc.cluster.local:5000 failed: Get "https://serverless-docker-registry.kyma-system.svc.cluster.local:5000/v2/": dial tcp 10.43.172.190:5000: connect: connection refused; Get "http://serverless-docker-registry.kyma-system.svc.cluster.local:5000/v2/": dial tcp 10.43.172.190:5000: connect: connection refused

@kwiatekus
Copy link
Contributor Author

Serverless needs an egress policy targeting the serverless controller enabling all egress traffic, so that serverless can fetch from git repositories.

@pPrecel pPrecel self-assigned this Apr 3, 2025
@kwiatekus kwiatekus enabled auto-merge (squash) April 3, 2025 08:52
@kwiatekus kwiatekus merged commit 6c3c065 into kyma-project:main Apr 3, 2025
24 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

2 participants