OZG-6254 OZG-6484 pvog routing add network policy

779f715f · OZGCloud · 10452019 · 779f715f · 779f715f · 779f715f
Commit 779f715f authored 8 months ago by OZGCloud
--- a/src/main/helm/templates/network_policy.yaml
+++ b/src/main/helm/templates/network_policy.yaml
@@ -59,4 +59,15 @@ spec:
        protocol: UDP
      - port: 5353
        protocol: TCP
+
+{{- if eq (.Values.routing).routingStrategy "ZUFI" }}
+  - to:
+    - namespaceSelector:
+        matchLabels:
+          kubernetes.io/metadata.name: {{ required "routing.zufiManager.namespace must be set if antragraum is enabled" ((.Values.routing).zufiManager).namespace }}
+      podSelector: 
+        matchLabels:
+          component: zufi-server
+{{- end }}
+
 {{- end }} 
\ No newline at end of file
--- a/src/test/helm/network_policy_test.yaml
+++ b/src/test/helm/network_policy_test.yaml
@@ -123,4 +123,54 @@ tests:
        dnsServerNamespace: test-dns-server-namespace
    asserts:
      - hasDocuments:
-          count: 1
\ No newline at end of file
+          count: 1
+
+
+  - it: should add zufi rule when zufi-routing is enabled
+    set:
+      networkPolicy:
+        dnsServerNamespace: test-dns-server-namespace
+      routing:
+        routingStrategy: ZUFI
+        zufiManager: 
+          namespace: zufi-namespace
+    asserts:
+    - contains:
+        path: spec.egress
+        content:
+          to:
+          - namespaceSelector:
+              matchLabels:
+                kubernetes.io/metadata.name: zufi-namespace
+            podSelector: 
+              matchLabels:
+                component: zufi-server
+
+  - it: should throw error when zufi is enabled but zufi namespace not set
+    set:
+      networkPolicy:
+        dnsServerNamespace: test-dns-server-namespace
+      routing:
+        routingStrategy: ZUFI
+    asserts:
+    - failedTemplate:
+        errorMessage: routing.zufiManager.namespace must be set if antragraum is enabled
+
+  - it: should not add zufi rule when zufi-routing is disabled
+    set:
+      networkPolicy:
+        dnsServerNamespace: test-dns-server-namespace
+      routing:
+        zufiManager: 
+          namespace: zufi-namespace
+    asserts:
+    - notContains:
+        path: spec.egress
+        content:
+          to:
+          - namespaceSelector:
+              matchLabels:
+                kubernetes.io/metadata.name: zufi-namespace
+            podSelector: 
+              matchLabels:
+                component: zufi-server
\ No newline at end of file
--- a/xta-adapter/src/main/helm/templates/network_policy.yaml
+++ b/xta-adapter/src/main/helm/templates/network_policy.yaml
@@ -66,6 +66,17 @@ spec:
        protocol: TCP
      - port: 9000
        protocol: TCP
+
+{{- if eq (.Values.routing).routingStrategy "ZUFI" }}
+  - to:
+    - namespaceSelector:
+        matchLabels:
+          kubernetes.io/metadata.name: {{ required "routing.zufiManager.namespace must be set if antragraum is enabled" ((.Values.routing).zufiManager).namespace }}
+      podSelector: 
+        matchLabels:
+          component: zufi-server
+{{- end }}
+
 {{- with (.Values.networkPolicy).additionalEgressConfigLocal }}
 {{ toYaml . | indent 2 }}
 {{- end }}

--- a/xta-adapter/src/test/helm/network_policy_test.yaml
+++ b/xta-adapter/src/test/helm/network_policy_test.yaml
@@ -162,4 +162,53 @@ tests:
        dnsServerNamespace: test-dns-server-namespace
    asserts:
      - hasDocuments:
-          count: 1
\ No newline at end of file
+          count: 1
+
+  - it: should add zufi rule when zufi-routing is enabled
+    set:
+      networkPolicy:
+        dnsServerNamespace: test-dns-server-namespace
+      routing:
+        routingStrategy: ZUFI
+        zufiManager: 
+          namespace: zufi-namespace
+    asserts:
+    - contains:
+        path: spec.egress
+        content:
+          to:
+          - namespaceSelector:
+              matchLabels:
+                kubernetes.io/metadata.name: zufi-namespace
+            podSelector: 
+              matchLabels:
+                component: zufi-server
+
+  - it: should throw error when zufi is enabled but zufi namespace not set
+    set:
+      networkPolicy:
+        dnsServerNamespace: test-dns-server-namespace
+      routing:
+        routingStrategy: ZUFI
+    asserts:
+    - failedTemplate:
+        errorMessage: routing.zufiManager.namespace must be set if antragraum is enabled
+
+  - it: should not add zufi rule when zufi-routing is disabled
+    set:
+      networkPolicy:
+        dnsServerNamespace: test-dns-server-namespace
+      routing:
+        zufiManager: 
+          namespace: zufi-namespace
+    asserts:
+    - notContains:
+        path: spec.egress
+        content:
+          to:
+          - namespaceSelector:
+              matchLabels:
+                kubernetes.io/metadata.name: zufi-namespace
+            podSelector: 
+              matchLabels:
+                component: zufi-server