Move networkpolicies out of /contrib into /common (kubeflow#2385)

contrib/networkpolicies/cache-server.yaml → common/networkpolicies/base/cache-server.yaml

@@ -1,5 +1,5 @@
-kind: NetworkPolicy
 apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
 metadata:
   name: cache-server
   namespace: kubeflow
@@ -18,4 +18,3 @@ spec:
           port: 8443
   policyTypes:
     - Ingress
-

contrib/networkpolicies/centraldashboard.yaml → common/networkpolicies/base/centraldashboard.yaml

@@ -1,5 +1,5 @@
-kind: NetworkPolicy
 apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
 metadata:
   name: centraldashboard
   namespace: kubeflow

contrib/networkpolicies/default-allow-same-namespace.yaml → common/networkpolicies/base/default-allow-same-namespace.yaml

@@ -1,5 +1,5 @@
-kind: NetworkPolicy
 apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
 metadata:
   name: default-allow-same-namespace
   namespace: kubeflow

contrib/networkpolicies/jupyter-web-app.yaml → common/networkpolicies/base/jupyter-web-app.yaml

@@ -1,5 +1,5 @@
-kind: NetworkPolicy
 apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
 metadata:
   name: jupyter-web-app
   namespace: kubeflow

contrib/networkpolicies/katib-controller.yaml → common/networkpolicies/base/katib-controller.yaml

@@ -1,5 +1,5 @@
-kind: NetworkPolicy
 apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
 metadata:
   name: katib-controller
   namespace: kubeflow
@@ -16,8 +16,8 @@ spec:
     - ports: # webhook
         - protocol: TCP
           port: 8443
-#    - ports: # metrics
-#        - protocol: TCP
-#          port: 8080
+  #    - ports: # metrics
+  #        - protocol: TCP
+  #          port: 8080
   policyTypes:
     - Ingress

contrib/networkpolicies/katib-db-manager.yaml → common/networkpolicies/base/katib-db-manager.yaml

@@ -1,5 +1,5 @@
-kind: NetworkPolicy
 apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
 metadata:
   name: katib-db-manager
   namespace: kubeflow

contrib/networkpolicies/katib-ui.yaml → common/networkpolicies/base/katib-ui.yaml

@@ -1,5 +1,5 @@
-kind: NetworkPolicy
 apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
 metadata:
   name: katib-ui
   namespace: kubeflow

contrib/networkpolicies/kserve-models-web-app.yaml → common/networkpolicies/base/kserve-models-web-app.yaml

@@ -1,5 +1,5 @@
-kind: NetworkPolicy
 apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
 metadata:
   name: kserve-models-web-app
   namespace: kubeflow

contrib/networkpolicies/kserve.yaml → common/networkpolicies/base/kserve.yaml

@@ -1,6 +1,5 @@
-
-kind: NetworkPolicy
 apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
 metadata:
   name: kserve
   namespace: kubeflow

contrib/networkpolicies/metadata-envoy.yaml → common/networkpolicies/base/metadata-envoy.yaml

@@ -1,5 +1,5 @@
-kind: NetworkPolicy
 apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
 metadata:
   name: metatada-envoy
   namespace: kubeflow
@@ -21,4 +21,3 @@ spec:
         - podSelector: {}
   policyTypes:
     - Ingress
-

contrib/networkpolicies/metadata-grpc-server.yaml → common/networkpolicies/base/metadata-grpc-server.yaml

@@ -1,5 +1,5 @@
-kind: NetworkPolicy
 apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
 metadata:
   name: metadata-grpc-server
   namespace: kubeflow
@@ -21,4 +21,3 @@ spec:
         - podSelector: {} # allow all pods from the same namespace
   policyTypes:
     - Ingress
-

contrib/networkpolicies/minio.yaml → common/networkpolicies/base/minio.yaml

@@ -1,5 +1,5 @@
-kind: NetworkPolicy
 apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
 metadata:
   name: minio
   namespace: kubeflow
@@ -9,7 +9,7 @@ spec:
       - key: app
         operator: In
         values:
-          - minio        # artifact storage
+          - minio # artifact storage
   ingress:
     - from:
         - namespaceSelector:

contrib/networkpolicies/ml-pipeline-ui.yaml → common/networkpolicies/base/ml-pipeline-ui.yaml

@@ -1,5 +1,5 @@
-kind: NetworkPolicy
 apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
 metadata:
   name: ml-pipeline-ui
   namespace: kubeflow

contrib/networkpolicies/ml-pipeline.yaml → common/networkpolicies/base/ml-pipeline.yaml

@@ -1,5 +1,5 @@
-kind: NetworkPolicy
 apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
 metadata:
   name: ml-pipeline
   namespace: kubeflow

contrib/networkpolicies/poddefaults.yaml → common/networkpolicies/base/poddefaults.yaml

@@ -1,5 +1,5 @@
-kind: NetworkPolicy
 apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
 metadata:
   name: poddefaults
   namespace: kubeflow
@@ -9,7 +9,7 @@ spec:
       - key: app
         operator: In
         values:
-          - poddefaults  # mutating webhook 
+          - poddefaults # mutating webhook
   # https://www.elastic.co/guide/en/cloud-on-k8s/1.1/k8s-webhook-network-policies.html
   # The kubernetes api server must reach the webhook
   ingress:

contrib/networkpolicies/seldon.yaml → common/networkpolicies/base/seldon.yaml

@@ -1,5 +1,5 @@
-kind: NetworkPolicy
 apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
 metadata:
   name: seldon
   namespace: kubeflow
@@ -18,4 +18,3 @@ spec:
           port: 4443
   policyTypes:
     - Ingress
-

contrib/networkpolicies/tensorboards-web-app.yaml → common/networkpolicies/base/tensorboards-web-app.yaml

@@ -1,5 +1,5 @@
-kind: NetworkPolicy
 apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
 metadata:
   name: tensorboards-web-app
   namespace: kubeflow

contrib/networkpolicies/volumes-web-app.yaml → common/networkpolicies/base/volumes-web-app.yaml

@@ -1,5 +1,5 @@
-kind: NetworkPolicy
 apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
 metadata:
   name: volumes-web-app
   namespace: kubeflow

example/kustomization.yaml

@@ -12,6 +12,7 @@ sortOptions:
     - MutatingWebhookConfiguration
     - ServiceAccount
     - PodSecurityPolicy
+    - NetworkPolicy
     - Role
     - ClusterRole
     - RoleBinding
@@ -49,6 +50,8 @@ resources:
 - ../common/istio-1-16/cluster-local-gateway/base
 # Kubeflow namespace
 - ../common/kubeflow-namespace/base
+# NetworkPolicies
+- ../common/networkpolicies/base
 # Kubeflow Roles
 - ../common/kubeflow-roles/base
 # Kubeflow Istio Resources