llama-stack-provider-trustyai-garak/lsd_remote/kfp-setup/kfp-networkpolicy.yaml at f0eab46731cc1788f0b85a9a4ddb13600c6827b0 · opendatahub-io/llama-stack-provider-trustyai-garak · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
## NetworkPolicy: allow KFP pipeline pods to reach the Llama Stack service.
##
## The Llama Stack operator creates its own NetworkPolicy
## (e.g. llamastack-garak-distribution-network-policy) that restricts
## ingress. Since K8s NetworkPolicies are additive, this extra policy
## opens port 8321 for same-namespace pods (KFP workflow pods, etc.).
##
## Verify the Llama Stack pod labels before applying:
##   oc get pods -n <namespace> --show-labels | grep llamastack
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: allow-kfp-to-llamastack
  namespace: tai-garak-lls # change this to your namespace
spec:
  podSelector:
    matchLabels:
      app: llama-stack # label set by the Llama Stack operator
  ingress:
  - from:
    - podSelector: {}
    ports:
    - protocol: TCP
      port: 8321
  policyTypes:
  - Ingress