From ba79d62ca77c6a79a583ca1a31e96762c02ca89d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Guilhem=20Barth=C3=A9s?= <guilhem.barthes@owkin.com>
Date: Wed, 29 May 2024 10:37:35 +0200
Subject: [PATCH] fix: networkpolicy allow gcp to ingress k8s pull (#916)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* fix: allow more resources to access to the local registry as it's necessary on cloud providers

Signed-off-by: Guilhem Barthés <guilhem.barthes@owkin.com>

* doc: bump chart version

Signed-off-by: Guilhem Barthés <guilhem.barthes@owkin.com>

* fix: PR number in changelog

Signed-off-by: Guilhem Barthés <guilhem.barthes@owkin.com>

---------

Signed-off-by: Guilhem Barthés <guilhem.barthes@owkin.com>
---
 charts/substra-backend/CHANGELOG.md                         | 6 ++++++
 charts/substra-backend/Chart.yaml                           | 2 +-
 .../substra-backend/templates/networkpolicy-registry.yaml   | 5 +++--
 3 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/charts/substra-backend/CHANGELOG.md b/charts/substra-backend/CHANGELOG.md
index cdad7e6df..db943b5bd 100644
--- a/charts/substra-backend/CHANGELOG.md
+++ b/charts/substra-backend/CHANGELOG.md
@@ -1,6 +1,12 @@
 # Changelog
 
 <!-- towncrier release notes start -->
+## [26.6.5] - 2024-05-29
+
+### Fixed
+
+- Open ingress for `docker-registry` when `containerRegistry.local` is `true` as it it is necessary on some infrastructure (#916)
+
 ## [26.6.4] - 2024-05-27
 
 ### Fixed
diff --git a/charts/substra-backend/Chart.yaml b/charts/substra-backend/Chart.yaml
index 8cbf3b458..4d0816fed 100644
--- a/charts/substra-backend/Chart.yaml
+++ b/charts/substra-backend/Chart.yaml
@@ -1,7 +1,7 @@
 apiVersion: v2
 name: substra-backend
 home: https://github.com/Substra
-version: 26.6.4
+version: 26.6.5
 appVersion: 0.45.0
 kubeVersion: ">= 1.19.0-0"
 description: Main package for Substra
diff --git a/charts/substra-backend/templates/networkpolicy-registry.yaml b/charts/substra-backend/templates/networkpolicy-registry.yaml
index 4b7b7abfc..611330b24 100644
--- a/charts/substra-backend/templates/networkpolicy-registry.yaml
+++ b/charts/substra-backend/templates/networkpolicy-registry.yaml
@@ -16,9 +16,10 @@ spec:
           app.kubernetes.io/part-of: {{ template "substra.name" . }}
           role-registry-client: 'true'
   # kaniko-function-xx send requests through the service, which changes the IP address calling the registry, preventing 
-  # to connect as the connection doesn't come directly from the pod
+  # to connect as the connection doesn't come directly from the pod. Cloud provider also uses IPs whiwh are not part
+  # of the cluster to pull images
     - ipBlock:
-        cidr: 10.0.0.0/8
+        cidr: 0.0.0.0/0
     ports:
     - protocol: TCP
       port: {{ .Values.containerRegistry.port }}