operator questions, not sure which network policy to allow or enable
173 views
Skip to first unread message
Yamazaki Richard
Aug 15, 2022, 3:52:41 PM8/15/22
to rabbitmq-users
HI
I'm using the operator in an unfamiliar environment and I'm a bit new to kubernetes.
Can someone give me some hints as to what network policy rule i need to allow for this to work and if so how to do it?
2022-08-15 19:45:45.767390+00:00 [warning] <0.315.0> Description: "Authenticity is not established by certificate path validation"
2022-08-15 19:45:45.767390+00:00 [warning] <0.315.0> Reason: "Option {verify, verify_peer} and cacertfile/cacerts is missing"
2022-08-15 19:45:45.767390+00:00 [warning] <0.315.0>
2022-08-15 19:45:48.019080+00:00 [error] <0.222.0> Failed to fetch a list of nodes from Kubernetes API: {failed_connect,[{to_address,{"kubernetes.default",443}},
2022-08-15 19:45:48.019080+00:00 [error] <0.222.0> {inet,[inet],timeout}]}
Yamazaki Richard
Aug 16, 2022, 11:14:59 AM8/16/22
to rabbitmq-users
Using permissive ingress and egress rules alleviated the issue, but now my settings are too open
Michal Kuratczyk
Aug 16, 2022, 12:12:21 PM8/16/22
to rabbitm...@googlegroups.com
Hi,
We have some sample policies here:
However, at first glance, they don't cover the connection path you mentioned in the first post (kubernetes.default:443). I guess you will need to add it as well (if so, please submit a PR to the example).
Best,
--
You received this message because you are subscribed to the Google Groups "rabbitmq-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rabbitmq-user...@googlegroups.com.
To view this discussion on the web, visit https://groups.google.com/d/msgid/rabbitmq-users/42c20b8d-2bf3-4685-8a2b-56f957de9099n%40googlegroups.com.
--
Michał
RabbitMQ teamReply all
Reply to author
Forward
0 new messages