New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[tempo] Add Network Policy capability #2922
base: main
Are you sure you want to change the base?
Conversation
Signed-off-by: Sheikh-Abubaker <sheikhabubaker761@gmail.com>
Signed-off-by: Sheikh-Abubaker <sheikhabubaker761@gmail.com>
Signed-off-by: Sheikh-Abubaker <sheikhabubaker761@gmail.com>
Signed-off-by: Sheikh-Abubaker <sheikhabubaker761@gmail.com>
charts/tempo/Chart.yaml
Outdated
@@ -2,7 +2,7 @@ apiVersion: v2 | |||
name: tempo | |||
description: Grafana Tempo Single Binary Mode | |||
type: application | |||
version: 1.7.1 | |||
version: 1.7.2 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think feature should bump to minor version:
version: 1.7.2 | |
version: 1.8.0 |
charts/tempo/values.yaml
Outdated
## | ||
## | ||
## | ||
## | ||
## |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you get rid of extra comment lines?
charts/tempo/values.yaml
Outdated
## | ||
## | ||
## | ||
## |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you get rid of extra comment lines?
Signed-off-by: Sheikh-Abubaker <sheikhabubaker761@gmail.com>
@zanhsieh please checkout I've done the required changes. |
Signed-off-by: Sheikh-Abubaker <sheikhabubaker761@gmail.com>
@zanhsieh I think I found some missing entries that should be in
|
@Sheikh-Abubaker |
Signed-off-by: Sheikh-Abubaker <sheikhabubaker761@gmail.com>
Hi, is there anything else pending for this ? Or just an additional review required ? Thanks a lot @Sheikh-Abubaker. |
@hkailantzis I've added this resource from referring to : https://github.com/grafana/helm-charts/blob/main/charts/grafana/templates/networkpolicy.yaml I have a doubt in this part of the code:
As for the grafana networkpolicy the port is defined as 53, which port should be assigned for tempo networkpolicy ? Please correct me if I am wrong but as per my understanding since it a general K8s resource then we should utilize the same port i.e 53 ? |
@Sheikh-Abubaker , I'm really not sure about this tbh. I suspect is something general on networking, like when blocking DNS resolution which runs on port 53. is related with Firewalls etc. ie: https://library.netapp.com/ecmdocs/ECMP1155586/html/GUID-D052D155-EF55-4D19-A70F-B9A8FA86A6D3.html#:~:text=The%20Domain%20Name%20System%20(DNS,name%20and%20IP%20address%20lookups. So, is basically if someone wishes to Block DNS resolution, then the template just says: if blockDNSResolution=true, then do NOT allow outgoing traffic via UDP port 53. So is an generic additional feature, I guess you could include it also here. |
@hkailantzis thanks for the additional info, I hope this gets merged after the awaited additional review. |
@hkailantzis can you please help me in testing the network policy, I'm facing some issues: Here are the insights from my system:
I've been trying to figure out this Connection refused error though I'm trying to connect using valid labels and namespace can you please look into this any suggestions would help! |
Tried again with different method this time
Trying connecting to my-tempo service from nginx pod without appropriate labes
Connecting to my-tempo service again from nginx pod but this time with appropriate labels
This PR is all set to be merged now. |
@hkailantzis I wanted to ask you one thing in values.yaml |
hi @Sheikh-Abubaker , I would suggest to set it true, as the main grafana chart is setting it. Thanks! Do you need still help with testing this PR ? |
alright 👍.
Thanks for asking but I've already tested it with another method and it works fine as expected, you can checkout the above updated comments where I tested it using nginx pod. As of now this PR is all set to be merged. |
Fixes #2890