From 01fd6de1300c238e1ad4fd91bccca38c014f2746 Mon Sep 17 00:00:00 2001 From: Reto Lehmann Date: Mon, 5 Feb 2024 11:32:17 +0100 Subject: [PATCH] Drop extra network-policies as per https://github.com/openshift-knative/serverless-operator/pull/2470 --- .../artifacts/net-istio-netpolicies-mesh.yaml | 49 ------------------- .../release/download_release_artifacts.sh | 2 - .../extra/net-istio-netpolicies-mesh.yaml | 48 ------------------ 3 files changed, 99 deletions(-) delete mode 100644 openshift/release/artifacts/net-istio-netpolicies-mesh.yaml delete mode 100644 openshift/release/extra/net-istio-netpolicies-mesh.yaml diff --git a/openshift/release/artifacts/net-istio-netpolicies-mesh.yaml b/openshift/release/artifacts/net-istio-netpolicies-mesh.yaml deleted file mode 100644 index 60ae74d396..0000000000 --- a/openshift/release/artifacts/net-istio-netpolicies-mesh.yaml +++ /dev/null @@ -1,49 +0,0 @@ ---- -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: webhook - labels: - app: webhook - app.kubernetes.io/version: "release-v1.13" - networking.knative.dev/ingress-provider: istio -spec: - podSelector: - matchLabels: - app: webhook - ingress: - - {} ---- -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: net-istio-webhook - labels: - app: net-istio-webhook - app.kubernetes.io/version: "release-v1.13" - networking.knative.dev/ingress-provider: istio -spec: - podSelector: - matchLabels: - app: net-istio-webhook - ingress: - - {} ---- -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: allow-from-openshift-monitoring-ns - namespace: knative-serving - labels: - app.kubernetes.io/version: "release-v1.13" - networking.knative.dev/ingress-provider: istio -spec: - ingress: - - from: - - namespaceSelector: - matchLabels: - kubernetes.io/metadata.name: "openshift-monitoring" - podSelector: {} - policyTypes: - - Ingress ---- diff --git a/openshift/release/download_release_artifacts.sh b/openshift/release/download_release_artifacts.sh index 3cde7a013e..58bb02ba50 100755 --- a/openshift/release/download_release_artifacts.sh +++ b/openshift/release/download_release_artifacts.sh @@ -41,7 +41,6 @@ function resolve_file() { } readonly YAML_OUTPUT_DIR="openshift/release/artifacts/" -readonly NETWORK_POLICY_YAML=${YAML_OUTPUT_DIR}/net-istio-netpolicies-mesh.yaml readonly NET_ISTIO_YAML=${YAML_OUTPUT_DIR}/net-istio-core.yaml readonly patches_path="${SCRIPT_DIR}/../patches" @@ -54,4 +53,3 @@ git apply -R "${patches_path}"/* || true git apply "${patches_path}"/* resolve_resources "config/" "$NET_ISTIO_YAML" -resolve_resources "openshift/release/extra/" "$NETWORK_POLICY_YAML" diff --git a/openshift/release/extra/net-istio-netpolicies-mesh.yaml b/openshift/release/extra/net-istio-netpolicies-mesh.yaml deleted file mode 100644 index ceef9b420c..0000000000 --- a/openshift/release/extra/net-istio-netpolicies-mesh.yaml +++ /dev/null @@ -1,48 +0,0 @@ -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: webhook - labels: - app: webhook - app.kubernetes.io/version: devel - networking.knative.dev/ingress-provider: istio -spec: - podSelector: - matchLabels: - app: webhook - ingress: - - {} ---- -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: net-istio-webhook - labels: - app: net-istio-webhook - app.kubernetes.io/version: devel - networking.knative.dev/ingress-provider: istio -spec: - podSelector: - matchLabels: - app: net-istio-webhook - ingress: - - {} ---- -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: allow-from-openshift-monitoring-ns - namespace: knative-serving - labels: - app.kubernetes.io/version: devel - networking.knative.dev/ingress-provider: istio -spec: - ingress: - - from: - - namespaceSelector: - matchLabels: - kubernetes.io/metadata.name: "openshift-monitoring" - podSelector: {} - policyTypes: - - Ingress ----