Skip to content

cherry-picking NetworkPolicy fix, chart bump for FLPATH-2615#217

Merged
nickboldt merged 2 commits intoredhat-developer:release-1.7from
elai-shalev:backport-np-fix
Aug 13, 2025
Merged

cherry-picking NetworkPolicy fix, chart bump for FLPATH-2615#217
nickboldt merged 2 commits intoredhat-developer:release-1.7from
elai-shalev:backport-np-fix

Conversation

@elai-shalev
Copy link
Copy Markdown

@elai-shalev elai-shalev commented Aug 12, 2025
edited by sourcery-ai Bot
Loading

This PR will backport the fix intoduced on main through this PR.
The PR will fix a bug with a missing network policy in Orchestrator related configuration in the backstage chart.

This change is related to a bug captured here

And this PR will relate to this Jira issue.

Checklist

  • For each Chart updated, version bumped in the corresponding Chart.yaml according to Semantic Versioning.
  • For each Chart updated, variables are documented in the values.yaml and added to the corresponding README.md. The pre-commit utility can be used to generate the necessary content. Use pre-commit run -a to apply changes. The pre-commit Workflow will do this automatically for you if needed.
  • JSON Schema template updated and re-generated the raw schema via the pre-commit hook.
  • Tests pass using the Chart Testing tool and the ct lint command.
  • If you updated the orchestrator-infra chart, make sure the versions of the Knative CRDs are aligned with the versions of the CRDs installed by the OpenShift Serverless operators declared in the values.yaml file. See Installing Knative Eventing and Knative Serving CRDs for more details.

Summary by Sourcery

Backport the network policy fix into the Backstage Helm chart to restore proper orchestration namespace access and bump the chart version accordingly

Bug Fixes:

  • Rename the network policy to reflect infra-to-workflow namespace permissions
  • Add a namespaceSelector for openshift-serverless-logic to the network policy to allow required communication

Documentation:

  • Update the README version badge to 4.4.4

Chores:

  • Bump the Backstage chart version to 4.4.4

@sourcery-ai
Copy link
Copy Markdown

sourcery-ai Bot commented Aug 12, 2025
edited
Loading

Reviewer's guide (collapsed on small PRs)

Reviewer's Guide

Backports a missing network policy fix into the backstage Helm chart by renaming the policy and adding a namespace selector for the openshift-serverless-logic namespace, and updates chart metadata with a version bump to 4.4.4 and corresponding README badge update.

Class diagram for updated NetworkPolicy template

classDiagram
    class NetworkPolicy {
        +name: string
        +namespace: string
        +spec: Spec
    }
    class Spec {
        +podSelector: PodSelector
        +ingress: Ingress[]
    }
    class Ingress {
        +from: NamespaceSelector[]
    }
    class NamespaceSelector {
        +matchLabels: map
    }
    NetworkPolicy --> Spec
    Spec --> PodSelector
    Spec --> Ingress
    Ingress --> NamespaceSelector
    %% Updated: NamespaceSelector now includes matchLabels for "openshift-serverless-logic"
Loading

File-Level Changes

Change Details Files
Backport missing network policy entry with proper namespace selector and policy rename
  • Rename network policy resource name to allow-infra-ns-to-workflow-ns
  • Add namespaceSelector matching openshift-serverless-logic namespace
 charts/backstage/templates/network-policies.yaml
Bump chart version and update version badge
  • Increment version in Chart.yaml from 4.4.3 to 4.4.4
  • Update version badge in README.md to 4.4.4
 charts/backstage/Chart.yaml
charts/backstage/README.md
Tips and commands

Interacting with Sourcery

  • Trigger a new review: Comment @sourcery-ai review on the pull request.
  • Continue discussions: Reply directly to Sourcery's review comments.
  • Generate a GitHub issue from a review comment: Ask Sourcery to create an
    issue from a review comment by replying to it. You can also reply to a
    review comment with @sourcery-ai issue to create an issue from it.
  • Generate a pull request title: Write @sourcery-ai anywhere in the pull
    request title to generate a title at any time. You can also comment
    @sourcery-ai title on the pull request to (re-)generate the title at any time.
  • Generate a pull request summary: Write @sourcery-ai summary anywhere in
    the pull request body to generate a PR summary at any time exactly where you
    want it. You can also comment @sourcery-ai summary on the pull request to
    (re-)generate the summary at any time.
  • Generate reviewer's guide: Comment @sourcery-ai guide on the pull
    request to (re-)generate the reviewer's guide at any time.
  • Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
    pull request to resolve all Sourcery comments. Useful if you've already
    addressed all the comments and don't want to see them anymore.
  • Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
    request to dismiss all existing Sourcery reviews. Especially useful if you
    want to start fresh with a new review - don't forget to comment
    @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

  • Enable or disable review features such as the Sourcery-generated pull request
    summary, the reviewer's guide, and others.
  • Change the review language.
  • Add, remove or edit custom review instructions.
  • Adjust other review settings.

Getting Help

sourcery-ai[bot]
sourcery-ai Bot reviewed Aug 12, 2025
View reviewed changes
Copy link
Copy Markdown

@sourcery-ai sourcery-ai Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey @elai-shalev - I've reviewed your changes - here's some feedback:

  • Include explicit podSelector and policyTypes in the new NetworkPolicy template to maintain consistency with existing policies and prevent unintended scope.
  • Consider moving the openshift-serverless-logic namespace label into values.yaml so teams can customize the selector per environment without editing the template.
Prompt for AI Agents 
Please address the comments from this code review:
## Overall Comments
- Include explicit `podSelector` and `policyTypes` in the new NetworkPolicy template to maintain consistency with existing policies and prevent unintended scope.
- Consider moving the `openshift-serverless-logic` namespace label into `values.yaml` so teams can customize the selector per environment without editing the template.
Sourcery is free for open source - if you like our reviews please consider sharing them ✨
Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.

@jenniferubah
Copy link
Copy Markdown

jenniferubah commented Aug 12, 2025

@gazarenkov, please could you take a look?

@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud Bot commented Aug 13, 2025

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@nickboldt nickboldt added the lgtm label Aug 13, 2025
@nickboldt nickboldt merged commit 1b06a23 into redhat-developer:release-1.7 Aug 13, 2025
8 of 10 checks passed
@nickboldt nickboldt changed the title cherry-picking np fix, chart bump cherry-picking NetworkPolicy fix, chart bump for FLPATH-2615 Aug 13, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sourcery-ai sourcery-ai[bot] sourcery-ai[bot] left review comments

@gazarenkov gazarenkov gazarenkov approved these changes

@Fortune-Ndlovu Fortune-Ndlovu Awaiting requested review from Fortune-Ndlovu

@subhashkhileri subhashkhileri Awaiting requested review from subhashkhileri

Assignees

No one assigned

Labels

lgtm

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@elai-shalev @jenniferubah @gazarenkov @nickboldt