You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
As a customer
I want to know how to configure the Network Policies
so that the SDP is able to run properly.
The ingress and egress communication of pods can be restricted with Network Policies. It is useful to isolate pods and namespaces to improve security. However, some connections are required for the SDP to work correctly. These minimum requirements must be documented.
Additionally, documentation should also be added for product-specific network policies:
The Superset Operator connects to Superset Stacklets if a DruidConnection is added
The ZooKeeper Operator connects to ZooKeeper Stacklets to manage ZNodes
The NiFi Operator creates a Job that connects to the NiFi Stacklet to do something
The OPA bundle builder reads Kubernetes resources, but is inside the OPA DaemonSet
As a customer
I want to know how to configure the Network Policies
so that the SDP is able to run properly.
The ingress and egress communication of pods can be restricted with Network Policies. It is useful to isolate pods and namespaces to improve security. However, some connections are required for the SDP to work correctly. These minimum requirements must be documented.
Additionally, documentation should also be added for product-specific network policies:
We could also document that all operators need access to their managed product. (How would that work with jobs?). Needs to still be decided.
Documentation should be very specific, ideally we can provide skeleton NetworkPolicies.