From 1fb9cb21344aede464dfcee42ef7ecdfee9e2325 Mon Sep 17 00:00:00 2001
From: OZG-Cloud Team <noreply@ozg-sh.de>
Date: Thu, 29 Aug 2024 12:25:29 +0200
Subject: [PATCH] OZG-6254 OZG-6484 pvog routing add network policy for
vorgang-manager in other namespaces
---
src/main/helm/templates/network_policy.yaml | 8 ++++++
src/test/helm/network_policy_test.yaml | 26 +++++++++++++++++--
.../main/helm/templates/network_policy.yaml | 8 ++++++
.../src/test/helm/network_policy_test.yaml | 26 +++++++++++++++++--
4 files changed, 64 insertions(+), 4 deletions(-)
diff --git a/src/main/helm/templates/network_policy.yaml b/src/main/helm/templates/network_policy.yaml
index 3a204529..1f2f9e15 100644
--- a/src/main/helm/templates/network_policy.yaml
+++ b/src/main/helm/templates/network_policy.yaml
@@ -71,6 +71,14 @@ spec:
ports:
- port: 9090
protocol: TCP
+ - to:
+ - namespaceSelector: {}
+ podSelector:
+ matchLabels:
+ component: vorgang-manager
+ ports:
+ - port: 9090
+ protocol: TCP
{{- end }}
{{- end }}
\ No newline at end of file
diff --git a/src/test/helm/network_policy_test.yaml b/src/test/helm/network_policy_test.yaml
index 94e663a8..9ef5c98f 100644
--- a/src/test/helm/network_policy_test.yaml
+++ b/src/test/helm/network_policy_test.yaml
@@ -126,7 +126,7 @@ tests:
count: 1
- - it: should add zufi rule when zufi-routing is enabled
+ - it: should add zufi rules when zufi-routing is enabled
set:
networkPolicy:
dnsServerNamespace: test-dns-server-namespace
@@ -148,6 +148,17 @@ tests:
ports:
- port: 9090
protocol: TCP
+ - contains:
+ path: spec.egress
+ content:
+ to:
+ - namespaceSelector: {}
+ podSelector:
+ matchLabels:
+ component: vorgang-manager
+ ports:
+ - port: 9090
+ protocol: TCP
- it: should throw error when zufi is enabled but zufi namespace not set
set:
@@ -176,4 +187,15 @@ tests:
kubernetes.io/metadata.name: zufi-namespace
podSelector:
matchLabels:
- component: zufi-server
\ No newline at end of file
+ component: zufi-server
+ - notContains:
+ path: spec.egress
+ content:
+ to:
+ - namespaceSelector: {}
+ podSelector:
+ matchLabels:
+ component: vorgang-manager
+ ports:
+ - port: 9090
+ protocol: TCP
\ No newline at end of file
diff --git a/xta-adapter/src/main/helm/templates/network_policy.yaml b/xta-adapter/src/main/helm/templates/network_policy.yaml
index c1864c56..ff1ebff5 100644
--- a/xta-adapter/src/main/helm/templates/network_policy.yaml
+++ b/xta-adapter/src/main/helm/templates/network_policy.yaml
@@ -78,6 +78,14 @@ spec:
ports:
- port: 9090
protocol: TCP
+ - to:
+ - namespaceSelector: {}
+ podSelector:
+ matchLabels:
+ component: vorgang-manager
+ ports:
+ - port: 9090
+ protocol: TCP
{{- end }}
{{- with (.Values.networkPolicy).additionalEgressConfigLocal }}
diff --git a/xta-adapter/src/test/helm/network_policy_test.yaml b/xta-adapter/src/test/helm/network_policy_test.yaml
index 290ac0f7..863e8c70 100644
--- a/xta-adapter/src/test/helm/network_policy_test.yaml
+++ b/xta-adapter/src/test/helm/network_policy_test.yaml
@@ -164,7 +164,7 @@ tests:
- hasDocuments:
count: 1
- - it: should add zufi rule when zufi-routing is enabled
+ - it: should add zufi rules when zufi-routing is enabled
set:
networkPolicy:
dnsServerNamespace: test-dns-server-namespace
@@ -186,7 +186,18 @@ tests:
ports:
- port: 9090
protocol: TCP
-
+ - contains:
+ path: spec.egress
+ content:
+ to:
+ - namespaceSelector: {}
+ podSelector:
+ matchLabels:
+ component: vorgang-manager
+ ports:
+ - port: 9090
+ protocol: TCP
+
- it: should throw error when zufi is enabled but zufi namespace not set
set:
networkPolicy:
@@ -215,3 +226,14 @@ tests:
podSelector:
matchLabels:
component: zufi-server
+ - notContains:
+ path: spec.egress
+ content:
+ to:
+ - namespaceSelector: {}
+ podSelector:
+ matchLabels:
+ component: vorgang-manager
+ ports:
+ - port: 9090
+ protocol: TCP
--
GitLab