Uploaded image for project: 'FlightPath'
  1. FlightPath
  2. FLPATH-2246

[m5] Deploying workflows in separate namespace docs need additional steps

XMLWordPrintable

    • False
    • Hide

      None

      Show
      None
    • False

      Description of the problem: 
      **
      This is the rule we had for deploying workflows in separate namespaces in 1.4:

            - namespaceSelector:
                matchLabels:
                  # Allow any other namespace the has workflows deployed because this is where
                  # this namespace contains the sonataflow services
                  rhdh.redhat.com/workflow-namespace: "" 

      and in the go-based operator there is no mention of that rule:
      https://github.com/rhdhorchestrator/orchestrator-go-operator/blob/main/internal/controller/network_policy.go#L18-L22
      This causes the workflow deployment to fail due to the missing rule.

      To fix the issue, a new workflow was created in the sonataflow-infra namespace:

      kind: NetworkPolicy
      apiVersion: networking.k8s.io/v1
      metadata:
        name: allow-external-workflows-to-sonataflow-infra
        namespace: sonataflow-infra
      spec:
        podSelector: {}
        ingress:
          - from:
              - namespaceSelector:
                  matchLabels:
                    kubernetes.io/metadata.name: workflows
        policyTypes:
          - Ingress 

      How reproducible: 100%

      Actual results: 

      Expected results: Docs for 1.5 should be updated to either add another networkpolicy in sonataflow-infra namespace or update an existing one to point to the workflow's namespace

              jubah@redhat.com Jennifer Ubah
              yfirst Yona First
              Chad Crum Chad Crum
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: