Merge pull request #17 from codex-storage/allow-access-from-runner-namespace

Allow access from runner namespace
2023-06-01 08:17:04 +02:00 · 2023-06-01 08:17:04 +02:00 · 8f313720f0
parent 1d919544af 2f40412d51
commit 8f313720f0
1 changed files with 18 additions and 0 deletions
--- a/KubernetesWorkflow/K8sController.cs
+++ b/KubernetesWorkflow/K8sController.cs
@ -165,6 +165,19 @@ namespace KubernetesWorkflow
                                        PodSelector = new V1LabelSelector {}
                                    }
                                }
+                            },
+                            new V1NetworkPolicyIngressRule
+                            {
+                                FromProperty = new List<V1NetworkPolicyPeer>
+                                {
+                                    new V1NetworkPolicyPeer
+                                    {
+                                        NamespaceSelector = new V1LabelSelector
+                                        {
+                                            MatchLabels = GetRunnerNamespaceSelector()
+                                        }
+                                    }
+                                }
                            }
                        },
                        Egress = new List<V1NetworkPolicyEgressRule>
@ -310,6 +323,11 @@ namespace KubernetesWorkflow
            return new Dictionary<string, string> { { "codex-test-node", "dist-test-" + workflowNumberSource.WorkflowNumber } };
        }

+        private IDictionary<string, string> GetRunnerNamespaceSelector()
+        {
+            return new Dictionary<string, string> { { "kubernetes.io/metadata.name", "default" } };
+        }
+
        private V1ObjectMeta CreateDeploymentMetadata()
        {
            return new V1ObjectMeta