UNCLASSIFIED - NO CUI

Skip to content

#99: "Add custom network policies"

Andrew Kesterson requested to merge 99-add-custom-network-policies into main

General MR

Summary

Adds support to Fluentbit for custom network policies via values yaml.

This depends on big-bang/bigbang!4184 (merged) for a documentation reference

Relevant logs/screenshots

Given overrides like this

fluentbit:
  enabled: true
  sourceType: "git"
  git:
    repo: https://repo1.dso.mil/big-bang/product/packages/fluentbit.git
    path: "./chart"
    tag: null
    branch: "99-add-custom-network-policies"
  values:
    networkPolicies:
      enabled: true
      additionalPolicies:
      - name: this-is-a-fluentbit-operator-job-test-test
        spec:
          podSelector: {}
          policyTypes:
          - Egress
          egress:
          - to:
            - ipBlock:
                cidr: 172.20.0.0/12
      - name: this-is-a-zwei-fluentbit-operator-job-test-test
        spec:
          podSelector: {}
          policyTypes:
          - Ingress
          ingress:
          - from:
            - ipBlock:
                cidr: 172.20.0.0/12

We get network policies like this (new ones at the bottom):

$ kubectl get networkpolicies -n fluentbit
NAME                                              POD-SELECTOR                        AGE
allow-intra-namespace                             app.kubernetes.io/name=fluent-bit   15s
allow-dns-lookups                                 app.kubernetes.io/name=fluent-bit   15s
allow-loki-egress-fluentbit                       app.kubernetes.io/name=fluent-bit   15s
allow-to-istiod                                   app.kubernetes.io/name=fluent-bit   15s
allow-api-egress-fluentbit                        app.kubernetes.io/name=fluent-bit   15s
allow-fluentbit-sidecar-scraping                  app.kubernetes.io/name=fluent-bit   15s
allow-tempo-egress-fluentbit                      <none>                              15s
allow-prometheus                                  app.kubernetes.io/name=fluent-bit   15s

this-is-a-zwei-fluentbit-operator-job-test-test   <none>                              15s
this-is-a-fluentbit-operator-job-test-test        <none>                              15s

Linked Issue

Closes #99 (closed)

Upgrade Notices

N/A

Closes #99 (closed)

Edited by Jimmy Ungerman

Merge request reports

Loading