From b2eee0481339b624f2c32dd048b02406e4660dcb Mon Sep 17 00:00:00 2001 From: OZGCloud <ozgcloud@mgm-tp.com> Date: Wed, 4 Sep 2024 16:37:52 +0200 Subject: [PATCH] ozg-6647 add monitoring network policy --- src/main/helm/templates/network_policy.yaml | 7 ++++++ src/test/helm/network_policy_test.yaml | 26 ++++++++++++++++++++- 2 files changed, 32 insertions(+), 1 deletion(-) diff --git a/src/main/helm/templates/network_policy.yaml b/src/main/helm/templates/network_policy.yaml index ee37649c47..17127e21b8 100644 --- a/src/main/helm/templates/network_policy.yaml +++ b/src/main/helm/templates/network_policy.yaml @@ -14,6 +14,13 @@ spec: ingress: - ports: - port: 8080 + - from: + - namespaceSelector: + matchLabels: + name: {{ (.Values.networkPolicy).monitoringNamespace | default "openshift-monitoring" }} + ports: + - protocol: TCP + port: 8081 {{- with (.Values.networkPolicy).additionalIngressConfigLocal }} {{ toYaml . | indent 2 }} {{- end }} diff --git a/src/test/helm/network_policy_test.yaml b/src/test/helm/network_policy_test.yaml index b1b35ecddd..8b2bc1f625 100644 --- a/src/test/helm/network_policy_test.yaml +++ b/src/test/helm/network_policy_test.yaml @@ -76,6 +76,13 @@ tests: ingress: - ports: - port: 8080 + - from: + - namespaceSelector: + matchLabels: + name: openshift-monitoring + ports: + - port: 8081 + protocol: TCP egress: - to: - podSelector: @@ -259,4 +266,21 @@ tests: collaborationEnabled: true asserts: - failedTemplate: - errorMessage: zufiManager.namespace must be set if zufiManager server is enabled \ No newline at end of file + errorMessage: zufiManager.namespace must be set if zufiManager server is enabled + - it: should set monitoring namesapce + set: + networkPolicy: + ssoPublicIp: 1.1.1.1 + dnsServerNamespace: test-dns-server-namespace + monitoringNamespace: test-monitoring + asserts: + - contains: + path: spec.ingress + content: + from: + - namespaceSelector: + matchLabels: + name: test-monitoring + ports: + - protocol: TCP + port: 8081 \ No newline at end of file -- GitLab