From 50362cba6be09ff0bd13fcefc3ff568a8658f140 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Franti=C5=A1ek=20Dvo=C5=99=C3=A1k?= <valtri@civ.zcu.cz>
Date: Fri, 8 Nov 2024 16:38:03 +0000
Subject: [PATCH] Fix connection from within notebooks to the notebooks public
 endpoint

The problem has been on clusters with public IP addresses on the nodes. The
added policy will explicitly allow connecting to cluster ingress service.

Needed for testing from within notebooks and for collaborative feature.
---
 cesnet-central/deployments/fullhub.yaml | 9 +++++++++
 common/deployments/hub-production.yaml  | 9 +++++++++
 common/deployments/hub-staging.yaml     | 9 +++++++++
 testing/deployments/hub.yaml            | 9 +++++++++
 4 files changed, 36 insertions(+)

diff --git a/cesnet-central/deployments/fullhub.yaml b/cesnet-central/deployments/fullhub.yaml
index d0df5cf..4b9b4dd 100644
--- a/cesnet-central/deployments/fullhub.yaml
+++ b/cesnet-central/deployments/fullhub.yaml
@@ -39,6 +39,15 @@ singleuser:
     limit: 2
     guarantee: .02
   defaultUrl: "/lab"
+  networkPolicy:
+    egress:
+      - to:
+        - namespaceSelector:
+            matchLabels:
+              kubernetes.io/metadata.name: kube-system
+          serviceSelector:
+            matchLabels:
+              k8s-app: cluster-ingress
   image:
     name: eginotebooks/single-user-eosc
     tag: "sha-dea4fa2"
diff --git a/common/deployments/hub-production.yaml b/common/deployments/hub-production.yaml
index 7cadc18..d4242f3 100644
--- a/common/deployments/hub-production.yaml
+++ b/common/deployments/hub-production.yaml
@@ -39,6 +39,15 @@ singleuser:
     limit: 2
     guarantee: .2
   defaultUrl: "/lab"
+  networkPolicy:
+    egress:
+      - to:
+        - namespaceSelector:
+            matchLabels:
+              kubernetes.io/metadata.name: kube-system
+          serviceSelector:
+            matchLabels:
+              k8s-app: cluster-ingress
   image:
     name: eginotebooks/single-user-eosc
     tag: "sha-dea4fa2"
diff --git a/common/deployments/hub-staging.yaml b/common/deployments/hub-staging.yaml
index 6ec841e..52f9740 100644
--- a/common/deployments/hub-staging.yaml
+++ b/common/deployments/hub-staging.yaml
@@ -39,6 +39,15 @@ singleuser:
     limit: 2
     guarantee: .2
   defaultUrl: "/lab"
+  networkPolicy:
+    egress:
+      - to:
+        - namespaceSelector:
+            matchLabels:
+              kubernetes.io/metadata.name: kube-system
+          serviceSelector:
+            matchLabels:
+              k8s-app: cluster-ingress
   image:
     name: eginotebooks/single-user-eosc
     tag: "sha-dea4fa2"
diff --git a/testing/deployments/hub.yaml b/testing/deployments/hub.yaml
index b208d2f..92601b2 100644
--- a/testing/deployments/hub.yaml
+++ b/testing/deployments/hub.yaml
@@ -40,6 +40,15 @@ singleuser:
     limit: 2
     guarantee: .2
   defaultUrl: "/lab"
+  networkPolicy:
+    egress:
+      - to:
+        - namespaceSelector:
+            matchLabels:
+              kubernetes.io/metadata.name: kube-system
+          serviceSelector:
+            matchLabels:
+              k8s-app: cluster-ingress
   image:
     name: eginotebooks/single-user-eosc
     tag: "sha-dea4fa2"
-- 
GitLab