bluejay/bluejay-infra
1
0
Fork 0
Code Issues Pull Requests 15 Actions Packages Projects Releases Wiki Activity

agent-zero: fix fc_dms netpol egress port (8080 = pod targetPort, not svc 80)

Browse Source 
NetworkPolicy matches the destination POD port. dms-web svc:80 -> containerPort
8080, so the egress must allow 8080 (the fc-chat rule already allows 80+8080,
which is why chat worked and dms timed out). Add 8080 to the fc-dms egress.
This commit is contained in:
Andrew Stoltz
2026-06-14 16:25:25 -05:00
parent e33fe81823
commit 2c12f35f75
1 changed files with 5 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
apps/agent-zero/agent-zero.yaml
View File

@@ -666,8 +666,9 @@ spec:
- port: 5300
protocol: TCP
# FlowerCore DMS Manager MCP (product-manager fan-out) — in-cluster
# dms-web on port 80. Every in-cluster MCP target needs an explicit
# egress allow (the policy denies private ranges by default).
# dms-web. NetworkPolicy matches the destination POD port: dms-web svc:80
# targets containerPort 8080, so the egress MUST allow 8080 (not the svc
# port 80) — same as the fc-chat rule. Allow both for parity.
- to:
- namespaceSelector:
matchLabels:
@@ -675,6 +676,8 @@ spec:
ports:
- port: 80
protocol: TCP
- port: 8080
protocol: TCP
# Allow internet (for kubectl image pull, etc)
- to:
- ipBlock: