From b2eee0481339b624f2c32dd048b02406e4660dcb Mon Sep 17 00:00:00 2001
From: OZGCloud <ozgcloud@mgm-tp.com>
Date: Wed, 4 Sep 2024 16:37:52 +0200
Subject: [PATCH] ozg-6647 add monitoring network policy

---
 src/main/helm/templates/network_policy.yaml |  7 ++++++
 src/test/helm/network_policy_test.yaml      | 26 ++++++++++++++++++++-
 2 files changed, 32 insertions(+), 1 deletion(-)

diff --git a/src/main/helm/templates/network_policy.yaml b/src/main/helm/templates/network_policy.yaml
index ee37649c47..17127e21b8 100644
--- a/src/main/helm/templates/network_policy.yaml
+++ b/src/main/helm/templates/network_policy.yaml
@@ -14,6 +14,13 @@ spec:
   ingress:
   - ports:
     - port: 8080
+  - from:
+    - namespaceSelector:
+        matchLabels:
+          name: {{ (.Values.networkPolicy).monitoringNamespace | default "openshift-monitoring" }}
+    ports:
+    - protocol: TCP
+      port: 8081
 {{- with (.Values.networkPolicy).additionalIngressConfigLocal }}
 {{ toYaml . | indent 2 }}
 {{- end }}
diff --git a/src/test/helm/network_policy_test.yaml b/src/test/helm/network_policy_test.yaml
index b1b35ecddd..8b2bc1f625 100644
--- a/src/test/helm/network_policy_test.yaml
+++ b/src/test/helm/network_policy_test.yaml
@@ -76,6 +76,13 @@ tests:
             ingress:
             - ports:
               - port: 8080
+            - from:
+              - namespaceSelector:
+                  matchLabels:
+                    name: openshift-monitoring
+              ports:
+                - port: 8081
+                  protocol: TCP
             egress:
             - to:
               - podSelector:
@@ -259,4 +266,21 @@ tests:
           collaborationEnabled: true
     asserts:
       - failedTemplate:
-          errorMessage: zufiManager.namespace must be set if zufiManager server is enabled
\ No newline at end of file
+          errorMessage: zufiManager.namespace must be set if zufiManager server is enabled
+  - it: should set monitoring namesapce
+    set:
+      networkPolicy:
+        ssoPublicIp: 1.1.1.1
+        dnsServerNamespace: test-dns-server-namespace
+        monitoringNamespace: test-monitoring
+    asserts:
+      - contains:
+          path: spec.ingress
+          content:
+            from:
+              - namespaceSelector:
+                  matchLabels:
+                    name: test-monitoring
+            ports:
+              - protocol: TCP
+                port: 8081
\ No newline at end of file
-- 
GitLab