ray-project
diff --git a/‎helm-chart/kuberay-operator/README.md‎
Lines changed: 2 additions & 0 deletions b/‎helm-chart/kuberay-operator/README.md‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎helm-chart/kuberay-operator/templates/_helpers.tpl‎
Lines changed: 13 additions & 1 deletion b/‎helm-chart/kuberay-operator/templates/_helpers.tpl‎
Lines changed: 13 additions & 1 deletion
diff --git a/‎helm-chart/kuberay-operator/values.yaml‎
Lines changed: 2 additions & 0 deletions b/‎helm-chart/kuberay-operator/values.yaml‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎ray-operator/config/manager/manager.yaml‎
Lines changed: 5 additions & 0 deletions b/‎ray-operator/config/manager/manager.yaml‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎ray-operator/config/rbac/role.yaml‎
Lines changed: 13 additions & 1 deletion b/‎ray-operator/config/rbac/role.yaml‎
Lines changed: 13 additions & 1 deletion
@@ -165,6 +165,8 @@ spec:
 | featureGates[0].enabled | bool | `true` |  |
 | featureGates[1].name | string | `"RayJobDeletionPolicy"` |  |
 | featureGates[1].enabled | bool | `false` |  |
+| featureGates[2].name | string | `"RayClusterNetworkPolicy"` |  |
+| featureGates[2].enabled | bool | `false` |  |
 | metrics.enabled | bool | `true` | Whether KubeRay operator should emit control plane metrics. |
 | metrics.serviceMonitor.enabled | bool | `false` | Enable a prometheus ServiceMonitor |
 | metrics.serviceMonitor.interval | string | `"30s"` | Prometheus ServiceMonitor interval |
 
@@ -211,7 +211,6 @@ rules:
   - update
 - apiGroups:
   - extensions
-  - networking.k8s.io
   resources:
   - ingresses
   verbs:
@@ -230,6 +229,19 @@ rules:
   - get
   - list
   - watch
+- apiGroups:
+  - networking.k8s.io
+  resources:
+  - ingresses
+  - networkpolicies
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
 - apiGroups:
   - ray.io
   resources:
 
@@ -88,6 +88,8 @@ featureGates:
   enabled: true
 - name: RayJobDeletionPolicy
   enabled: false
+- name: RayClusterNetworkPolicy
+  enabled: false
 
 # Configurations for KubeRay operator metrics.
 metrics:
 
@@ -80,4 +80,9 @@ spec:
           # environment variable is not set, requeue after the default value (300).
           # - name: RAYCLUSTER_DEFAULT_REQUEUE_SECONDS_ENV
           #   value: "300"
+          # Required for NetworkPolicy feature when operator is NOT deployed in 'ray-system' namespace
+          # - name: POD_NAMESPACE
+          #   valueFrom:
+          #     fieldRef:
+          #       fieldPath: metadata.namespace
       terminationGracePeriodSeconds: 10
@@ -96,7 +96,6 @@ rules:
   - update
 - apiGroups:
   - extensions
-  - networking.k8s.io
   resources:
   - ingresses
   verbs:
@@ -115,6 +114,19 @@ rules:
   - get
   - list
   - watch
+- apiGroups:
+  - networking.k8s.io
+  resources:
+  - ingresses
+  - networkpolicies
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
 - apiGroups:
   - ray.io
   resources: