Skip to content

[Backport release-0.39] [tenant] Allow egress to parent ingress pods #1776

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
kvaps merged 1 commit into from
Dec 30, 2025
Merged

[Backport release-0.39] [tenant] Allow egress to parent ingress pods #1776

kvaps merged 1 commit into from
Dec 30, 2025

Conversation

@github-actions
Copy link

@github-actions github-actions bot commented Dec 30, 2025

Description

Backport of #1765 to release-0.39.

@lexfrei @claude @github-actions
fix(tenant): allow egress to parent ingress pods
d90a76b 
Nested Kubernetes clusters with exposeMethod: Proxied cannot reach their
own external domains because the clusterwide egress policy blocks traffic
to ingress pods in parent namespaces.

This breaks cert-manager HTTP-01 self-check and any scenario where pods
need to access services exposed through parent ingress.

Add egress rule allowing traffic to ingress pods (cozystack.io/service:
ingress) in parent namespaces, following the same pattern as existing
vminsert and etcd rules.

Co-Authored-By: Claude <noreply@anthropic.com>
Signed-off-by: Aleksei Sviridkin <f@lex.la>
(cherry picked from commit 4dfdbfe)
@github-actions github-actions bot mentioned this pull request Dec 30, 2025
Merged
@dosubot dosubot bot added the size:S This PR changes 10-29 lines, ignoring generated files. label Dec 30, 2025
@coderabbitai
Copy link
Contributor

coderabbitai bot commented Dec 30, 2025

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Comment @coderabbitai help to get the list of available commands and usage tips.

@kvaps kvaps merged commit 46d81c8 into release-0.39 Dec 30, 2025
4 checks passed
@kvaps kvaps deleted the backport-1765-to-release-0.39 branch December 30, 2025 11:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kvaps kvaps Awaiting requested review from kvaps kvaps is a code owner

@lllamnyp lllamnyp Awaiting requested review from lllamnyp lllamnyp is a code owner

@nbykov0 nbykov0 Awaiting requested review from nbykov0 nbykov0 is a code owner

Assignees

No one assigned

Labels

size:S This PR changes 10-29 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@kvaps @lexfrei