-
Bug
-
Resolution: Done
-
Major
-
None
-
1.5.0
-
False
-
-
False
-
-
Description of the problem:
**
This is the rule we had for deploying workflows in separate namespaces in 1.4:
- namespaceSelector: matchLabels: # Allow any other namespace the has workflows deployed because this is where # this namespace contains the sonataflow services rhdh.redhat.com/workflow-namespace: ""
and in the go-based operator there is no mention of that rule:
https://github.com/rhdhorchestrator/orchestrator-go-operator/blob/main/internal/controller/network_policy.go#L18-L22
This causes the workflow deployment to fail due to the missing rule.
To fix the issue, a new workflow was created in the sonataflow-infra namespace:
kind: NetworkPolicy apiVersion: networking.k8s.io/v1 metadata: name: allow-external-workflows-to-sonataflow-infra namespace: sonataflow-infra spec: podSelector: {} ingress: - from: - namespaceSelector: matchLabels: kubernetes.io/metadata.name: workflows policyTypes: - Ingress
How reproducible: 100%
Actual results:
Expected results: Docs for 1.5 should be updated to either add another networkpolicy in sonataflow-infra namespace or update an existing one to point to the workflow's namespace