michaelbreslin
commented
4 years ago @willholley @welshDoug comments on ^^ suggestion for the docs?
(still a lot more to add to docs on CouchDB story of course)
Closed libesz closed 4 years ago
michaelbreslin
commented
4 years ago @willholley @welshDoug comments on ^^ suggestion for the docs?
(still a lot more to add to docs on CouchDB story of course)
willholley
commented
4 years ago @michaelbreslin @libesz this was fixed with version 1.0.7 of the operator. There is still a NetworkPolicy deployed, but it targets only the CouchDB pods.
lbboe
commented
4 years ago Thanks everyone!
There is an undocumented network behavior, identified when troubleshooted customer problem after deploying CouchDB, based on this doc: https://cloud.ibm.com/docs/Cloudant?topic=Cloudant-deploy-couchdb-cluster When CouchDB is installed, it installs certain
NetworkPolicyobjects in the specified Kubernetes namespace. It basically locks down the entire ingress traffic except which targets CouchDB. Customer wanted to install database client application in the same namespace and so it couldn't be exposed due to the deny-allNetworkPolicy. This is anyway not recommended in production, but it is not mentioned in the documentation. I think it is worth to add.