Daemonsets, jobs and deployments are applied before network-policies causing connection issues

Question

Daemonsets, jobs and deployments are applied before network-policies causing connection issues

ChristianFV opened this issue 3 years ago · 2 comments

Currently experiencing an issues where jobs are applied before the network policy causing the job to fail

ERROR   2021-11-24 16:36:37    Job/secrets-store-csi-driver-keep-crds created
ERROR   2021-11-24 16:36:43    Job/secrets-store-csi-driver-upgrade-crds created
ERROR   2021-11-24 16:36:58    NetworkPolicy/api-server-network-policy created

Answer 1 · 2021-11-28T21:23:43.000Z

@stefanprodan using kustomer I also noticed that daemonsets & jobs were being applied prior to networkpolicies which for the most part is completely fine, however, with the jobs due to how they fail and are structured in upstream helm charts and kustomizations causes issues and we need to delete / reapply them - would you be open to applying networkpolicies prior to jobs and perhaps other workloads to avoid a initialisation error on the workload where its network is blocked?

Answer 2 · 2021-12-03T16:00:59.000Z

The apply order is taken from kubectl https://github.com/kubernetes-sigs/cli-utils/blob/master/pkg/ordering/sort.go#L69

I'm Ok changing this if it happens in Kubernetes.