You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
should launch the pod without access to the network.
Calrissian doesn't enforce this as it doesn't apply network policies (NetworkPolicy) that must exist in the cluster and defined for the namespace where the calrissian pods are executed
The text was updated successfully, but these errors were encountered:
The CWL requirement, defined since v1.1, is expressed as:
5.15 NetworkAccess
Indicate whether a process requires outgoing IPv4/IPv6 network access. Choice of IPv4 or IPv6 is implementation and site specific, correct tools must support both.
If networkAccess is false or not specified, tools must not assume network access, except for localhost (the loopback device).
If networkAccess is true, the tool must be able to make outgoing connections to network resources. Resources may be on a private subnet or the public Internet. However, implementations and sites may apply their own security policies to restrict what is accessible by the tool.
Enabling network access does not imply a publically routable IP address or the ability to accept inbound connections.
The approach for calrissian is to:
provide the definition of the pod labels for networkaccess: true
provide the definition of the pod labels for networkaccess: false
add the labels according to the CWL runtime context based on the requirement value set, default value or it absence (v1.0)
state that the calrissian users are responsible for defining the network policies and the correct pod labels
CWL foresees that setting:
should launch the pod without access to the network.
Calrissian doesn't enforce this as it doesn't apply network policies (NetworkPolicy) that must exist in the cluster and defined for the namespace where the calrissian pods are executed
The text was updated successfully, but these errors were encountered: