Skip to content

Commit f6726b7

Browse files
alimarediaalimaredia
authored
Merge pull request #60 from shruthis4/networkPolicy
Add NetworkPolicy for Spark Operator and update kustomization.yaml
2 parents 953bfc2 + 29790ee commit f6726b7

File tree

4 files changed

+54
-0
lines changed

4 files changed

+54
-0
lines changed

config/overlays/odh/kustomization.yaml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -13,6 +13,7 @@ namespace: opendatahub
1313
# 2. Import base configuration
1414
resources:
1515
- ../../default # Inherits everything from config/default/
16+
- networkpolicy.yaml
1617

1718
# 3. Delete the Namespace resource (ODH operator manages it)
1819
patches:

config/overlays/odh/networkpolicy.yaml

Lines changed: 26 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,26 @@
1+
apiVersion: networking.k8s.io/v1
2+
kind: NetworkPolicy
3+
metadata:
4+
name: spark-operator-allow-internal
5+
spec:
6+
# This targets the Spark Pods themselves
7+
podSelector:
8+
matchLabels:
9+
sparkoperator.k8s.io/launched-by-spark-operator: "true"
10+
policyTypes:
11+
- Ingress
12+
ingress:
13+
- ports:
14+
- port: 7078 # driver-rpc
15+
protocol: TCP
16+
- port: 7079 # blockmanager
17+
protocol: TCP
18+
- port: 4040 # spark-ui
19+
protocol: TCP
20+
from:
21+
# Allow traffic from ANY pod in the same namespace (matching Dashboard style)
22+
- podSelector: {}
23+
# OPTIONAL: Add OpenShift Ingress if you want the Spark UI accessible from outside
24+
- namespaceSelector:
25+
matchLabels:
26+
network.openshift.io/policy-group: ingress

config/overlays/rhoai/kustomization.yaml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -13,6 +13,7 @@ namespace: redhat-ods-applications
1313
# 2. Import base configuration
1414
resources:
1515
- ../../default # Inherits everything from config/default/
16+
- networkpolicy.yaml
1617

1718
# 3. Delete the Namespace resource (RHOAI operator manages it)
1819
patches:

config/overlays/rhoai/networkpolicy.yaml

Lines changed: 26 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,26 @@
1+
apiVersion: networking.k8s.io/v1
2+
kind: NetworkPolicy
3+
metadata:
4+
name: spark-operator-allow-internal
5+
spec:
6+
# This targets the Spark Pods themselves
7+
podSelector:
8+
matchLabels:
9+
sparkoperator.k8s.io/launched-by-spark-operator: "true"
10+
policyTypes:
11+
- Ingress
12+
ingress:
13+
- ports:
14+
- port: 7078 # driver-rpc
15+
protocol: TCP
16+
- port: 7079 # blockmanager
17+
protocol: TCP
18+
- port: 4040 # spark-ui
19+
protocol: TCP
20+
from:
21+
# Allow traffic from ANY pod in the same namespace (matching Dashboard style)
22+
- podSelector: {}
23+
# OPTIONAL: Add OpenShift Ingress if you want the Spark UI accessible from outside
24+
- namespaceSelector:
25+
matchLabels:
26+
network.openshift.io/policy-group: ingress

0 commit comments

Comments
 (0)