Merge pull request 'ozg-5100 additional global and local networpolicies' (#40)...

Merge pull request 'ozg-5100 additional global and local networpolicies' (#40) from ozg-5100-additional-networkpolicies into master

Reviewed-on: https://git.ozg-sh.de/ozgcloud-app/administration/pulls/40


Reviewed-by: OZGCloud <ozgcloud@mgm-tp.com>

src/main/helm/templates/network_policy.yaml

@@ -14,7 +14,10 @@ spec:
   ingress:
   - ports:
     - port: 8080
-{{- with (.Values.networkPolicy).additionalIngressConfig }}
+{{- with (.Values.networkPolicy).additionalIngressConfigLocal }}
+{{ toYaml . | indent 2 }}
+{{- end }}
+{{- with (.Values.networkPolicy).additionalIngressConfigGlobal }}
 {{ toYaml . | indent 2 }}
 {{- end }}
   egress:
@@ -42,8 +45,11 @@ spec:
           protocol: UDP
         - port: 5353
           protocol: TCP
-{{- with (.Values.networkPolicy).additionalEgressConfig }}
-{{ toYaml . | indent 2 }}
+{{- with (.Values.networkPolicy).additionalEgressConfigLocal }}
+{{ toYaml . | indent 4 }}
+{{- end }}
+{{- with (.Values.networkPolicy).additionalEgressConfigGlobal }}
+{{ toYaml . | indent 4 }}
 {{- end }}
 
 {{- end }}
\ No newline at end of file

src/test/helm/network_policy_test.yaml

@@ -91,24 +91,76 @@ tests:
                     protocol: UDP
                   - port: 5353
                     protocol: TCP
-  - it: add ingress rule by values
+
+  - it: add ingress rule by values local
     set:
       networkPolicy:
         ssoPublicIp: 51.89.117.53/32
         dnsServerNamespace: test-namespace-dns
-        additionalIngressConfig:
-          - from:
-              - podSelector:
-                  matchLabels:
-                    component: client2
+        additionalIngressConfigLocal:
+        - from:
+          - podSelector: 
+              matchLabels:
+                component: client2
     asserts:
       - contains:
           path: spec.ingress
           content:
             from:
-              - podSelector:
-                  matchLabels:
-                    component: client2
+            - podSelector: 
+                matchLabels:
+                  component: client2
+  - it: add ingress rule by values global
+    set:
+      networkPolicy:
+        ssoPublicIp: 51.89.117.53/32
+        dnsServerNamespace: test-namespace-dns
+        additionalIngressConfigGlobal:
+        - from:
+          - podSelector: 
+              matchLabels:
+                component: client2
+    asserts:
+      - contains:
+          path: spec.ingress
+          content:
+            from:
+            - podSelector: 
+                matchLabels:
+                  component: client2
+
+  - it: add egress rules by values local
+    set:
+      networkPolicy:
+        ssoPublicIp: 51.89.117.53/32
+        dnsServerNamespace: test-dns-namespace
+        additionalEgressConfigLocal:
+        - to:
+          - ipBlock:
+              cidr: 1.2.3.4/32
+    asserts:
+    - contains:
+        path: spec.egress
+        content:
+          to:
+          - ipBlock:
+              cidr: 1.2.3.4/32
+  - it: add egress rules by values Global
+    set:
+      networkPolicy:
+        ssoPublicIp: 51.89.117.53/32
+        dnsServerNamespace: test-dns-namespace
+        additionalEgressConfigGlobal:
+        - to:
+          - ipBlock:
+              cidr: 1.2.3.4/32
+    asserts:
+    - contains:
+        path: spec.egress
+        content:
+          to:
+          - ipBlock:
+              cidr: 1.2.3.4/32
 
   - it: test network policy disabled
     set: