Skip to content

make network policies necessary#2123

Merged
halamix2 merged 4 commits intokyma-project:mainfrom
halamix2:np-always
Dec 16, 2025
Merged

make network policies necessary#2123
halamix2 merged 4 commits intokyma-project:mainfrom
halamix2:np-always

Conversation

@halamix2
Copy link
Member

@halamix2 halamix2 commented Dec 12, 2025

Description

Changes proposed in this pull request:

  • make network policies necessary
  • remove enableNetworkPolicies flag

Related issue(s)

@halamix2 halamix2 requested review from a team as code owners December 12, 2025 12:30
@hyperspace-insights
Copy link
Contributor

hyperspace-insights bot commented Dec 12, 2025

Summary

The following content is AI-generated and provides a summary of the pull request:

Make Network Policies Mandatory for Serverless Module

Changes

This pull request enforces network policies for the Serverless module by making them always enabled and removing the user-configurable flag.

Key Modifications

  • API Changes:

    • components/operator/api/v1alpha1/serverless_types.go: Removed EnableNetworkPolicies field from ServerlessSpec and NetworkPoliciesEnabled field from ServerlessStatus
    • config/operator/base/crd/bases/operator.kyma-project.io_serverlesses.yaml: Updated CRD definitions to remove network policies configuration fields

  • Operator Logic:

    • components/operator/internal/state/controller_configuration.go: Modified state machine to skip network policies configuration step and proceed directly to resource application
    • components/operator/internal/state/network_policies.go: Removed (network policies configuration logic no longer needed)
    • components/operator/internal/state/network_policies_test.go: Removed (associated tests)
    • components/operator/internal/chart/flags.go: Removed WithEnableNetworkPolicies method from flags builder
    • components/operator/internal/chart/flags_test.go: Updated tests to remove network policies flag assertions

  • Helm Charts:

    • config/buildless-serverless/templates/network-policies.yaml: Removed conditional wrapper - network policies now always deployed
    • config/buildless-serverless/values.yaml: Removed networkPolicies.enabled configuration option
    • config/serverless/templates/network-policies.yaml: Removed conditional wrapper
    • config/serverless/values.yaml: Removed networkPolicies.enabled configuration option

  • UI Extensions:

    • config/operator/base/ui-extensions/serverless/details: Removed status.networkPoliciesEnabled display field
    • config/operator/base/ui-extensions/serverless/form: Removed spec.enableNetworkPolicies form field
    • config/operator/base/ui-extensions/serverless/translations: Removed translations for network policies fields

  • CI/CD:

    • .github/workflows/_integration-tests.yaml:
      • Removed duplicate integration test jobs (legacy-git-auth-integration-with-network-policies-test and git-auth-integration-with-network-policies-test)
      • Standardized quote style in workflow input descriptions
      • Cleaned up BTP integration test configuration

  • Documentation:

    • docs/user/00-20-configure-serverless.md: Removed section about enabling network policies since they are now always enabled

  • Sample Configurations:

    • config/samples/legacy-serverless-with-networkpolicies-enabled.yaml: Removed (no longer needed)
    • config/samples/serverless-with-networkpolicies-enabled.yaml: Removed (no longer needed)

  • Tests:

    • tests/operator/serverless/verify.go: Removed validation logic for network policies status field

  • CRD Updates:

    • config/serverless/config/crd/bases/serverless.kyma-project.io_functions.yaml: Added metadata to required fields list

GitHub Issues

  • #2068: Serverless internal network policies should be always enabled
  • 🔄 Regenerate and Update Summary
  • ✏️ Insert as PR Description (deletes this comment)
  • 🗑️ Delete comment
PR Bot Information

Version: 1.16.24

💌 Have ideas or want to contribute? Create an issue and share your thoughts with us!
📑 Check out the documentation for more information.

Made with ❤️ by Hyperspace.

@halamix2 halamix2 enabled auto-merge (squash) December 12, 2025 12:51
kwiatekus
kwiatekus requested changes Dec 15, 2025
View reviewed changes
Copy link
Contributor

@kwiatekus kwiatekus left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Additionally, please also make sure that the integration tests are executed on cluster where deny-all policy is apoplied in kyma-system

@anoipm anoipm assigned halamix2 and unassigned kwiatekus Dec 16, 2025
@halamix2 halamix2 disabled auto-merge December 16, 2025 09:08
@halamix2 halamix2 merged commit 6347100 into kyma-project:main Dec 16, 2025
26 of 28 checks passed
@halamix2 halamix2 deleted the np-always branch December 16, 2025 09:11
@halamix2 halamix2 mentioned this pull request Dec 16, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kwiatekus kwiatekus kwiatekus approved these changes

@mmitoraj mmitoraj mmitoraj approved these changes

Assignees

@halamix2 halamix2

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@halamix2 @kwiatekus @mmitoraj