@consideRatio , @manics - For higher stability and seamless networking between Jhub and Proxy pod, we also applied following Network Policy on our namespace.
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
creationTimestamp: "2021-02-25T01:30:52Z"
generation: 1
managedFields:
- apiVersion: networking.k8s.io/v1
fieldsType: FieldsV1
fieldsV1:
f:spec:
f:ingress: {}
f:policyTypes: {}
manager: agent
operation: Update
time: "2021-02-25T01:30:52Z"
name: allow-same-namespace
namespace: jupyter
resourceVersion: "9643752"
selfLink: /apis/networking.k8s.io/v1/namespaces/jupyter/networkpolicies/allow-same-namespace
uid: 7702a1b9-3e52-4f75-920d-2160cc1f93eb
spec:
ingress:
- from:
- podSelector: {}
podSelector: {}
policyTypes:
- Ingress
This network policy is to allow all pods within the same namespace to talk to each other seamlessly. As per my experience of running JupyterHub on AWS EKS and Azure AKS this is not required.
However, for On-Premise Kubernetes Clusters I would recommend to apply this network policy as well in the namespace where JupyterHub is running.