XML

Word

Printable

Type: Task
Resolution: Unresolved
Priority: Major
Fix Version/s: Logging 6.4.0
Affects Version/s: None
Component/s: Log Collection
Labels:
- groomed

Activity Type:
Product / Portfolio Work
Story Points:
3
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Ready:
False
Epic Link:
Network Policy for CLO
Color Status:
Not Selected
Docs QE Status:
NEW
QE Status:
NEW
Release Note Type:
Release Note Not Required
Intelligence Requested:
Market:

Sprint:
Logging - Sprint 277, Logging - Sprint 278

SFDC Cases Links:
SFDC Cases Open:
SFDC Cases Counter:

Summary

Modify the ClusterLogForwarder API
To "opt-in" to NetworkPolicy deployment
So that administrators control when NetworkPolicy is managed by the operator

Acceptance Criteria

Verify a unique NP is deployed for the collector when spec'd in the ClusterLogForwarder
Verify NP is removed when the field is removed from the collector spec
Verify NP restricts ingress/egress ports according to the spec'd ruleset

Notes

Discussion

Suggested API:

spec:
  collector:
    networkpolicy:
      ruleSet: (enum: AllowAll, RestrictIngressEgress)

AllowAll: Allow all ingress and egress
RestrictIngressEgress: 
   Restrict ingress to: metrics port, input receiver ports or default
   Restrict egress to: output ports or output type default port

links to

openshift/cluster-logging-operator#3129: LOG-7772: Enable 'opt-in' to Collector NetworkPolicy

Assignee:: Calvin Lee

Reporter:: Jeffrey Cantrill

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Created:: 2025/09/22 3:46 PM

Updated:: 2025/10/10 2:20 PM

Details

Description

Summary

Acceptance Criteria

Notes

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates