Created
October 28, 2025 22:44
-
-
Save tnm/8293697cd47b989fb665bb8df79cc8e8 to your computer and use it in GitHub Desktop.
Cased CD Enterprise - NetworkPolicy Fix v2 (Ingress-only, matching ArgoCD pattern)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Cased CD Enterprise - NetworkPolicy Fix v2 | |
| # This fixes DNS timeout by removing egress control (matching ArgoCD's pattern) | |
| set -e | |
| echo "=== The Problem ===" | |
| echo "ArgoCD NetworkPolicies only control Ingress, not Egress" | |
| echo "This means all ArgoCD pods have unrestricted egress (including DNS)" | |
| echo "Our first attempt tried to control egress with explicit allow rules" | |
| echo "But we were missing something - easier to match ArgoCD's pattern" | |
| echo "" | |
| echo "=== Step 1: Apply corrected NetworkPolicies ===" | |
| cat <<'EOF' | kubectl apply -f - | |
| --- | |
| apiVersion: networking.k8s.io/v1 | |
| kind: NetworkPolicy | |
| metadata: | |
| name: cased-cd-network-policy | |
| namespace: argocd | |
| spec: | |
| podSelector: | |
| matchLabels: | |
| app.kubernetes.io/instance: cased-cd | |
| app.kubernetes.io/name: cased-cd | |
| policyTypes: | |
| - Ingress | |
| ingress: | |
| - from: | |
| - namespaceSelector: {} | |
| ports: | |
| - protocol: TCP | |
| port: 8080 | |
| --- | |
| apiVersion: networking.k8s.io/v1 | |
| kind: NetworkPolicy | |
| metadata: | |
| name: cased-cd-enterprise-network-policy | |
| namespace: argocd | |
| spec: | |
| podSelector: | |
| matchLabels: | |
| app.kubernetes.io/name: cased-cd | |
| app.kubernetes.io/component: enterprise | |
| policyTypes: | |
| - Ingress | |
| ingress: | |
| - from: | |
| - podSelector: | |
| matchLabels: | |
| app.kubernetes.io/name: cased-cd | |
| app.kubernetes.io/instance: cased-cd | |
| ports: | |
| - protocol: TCP | |
| port: 8081 | |
| EOF | |
| echo "" | |
| echo "=== Step 2: Restart deployments ===" | |
| kubectl rollout restart deployment/cased-cd -n argocd | |
| kubectl rollout restart deployment/cased-cd-enterprise -n argocd | |
| echo "" | |
| echo "=== Step 3: Wait for rollout ===" | |
| kubectl rollout status deployment/cased-cd -n argocd --timeout=60s | |
| kubectl rollout status deployment/cased-cd-enterprise -n argocd --timeout=60s | |
| echo "" | |
| echo "=== Done! ===" | |
| echo "The NetworkPolicies now match ArgoCD's pattern:" | |
| echo "- Only control Ingress (who can connect to these pods)" | |
| echo "- Allow ALL Egress (pods can connect anywhere, including DNS)" | |
| echo "" | |
| echo "Try accessing Cased CD now - DNS should work!" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment