From 5d934c38f841e8eb0d79728a592954a8262e7ed6 Mon Sep 17 00:00:00 2001
From: OZG-Cloud Team <noreply@ozg-sh.de>
Date: Fri, 6 Sep 2024 13:54:48 +0200
Subject: [PATCH] ozg-6647 add monitoring network policy
---
src/main/helm/templates/network_policy.yaml | 7 ++++++
src/test/helm/network_policy_test.yaml | 24 +++++++++++++++++++++
2 files changed, 31 insertions(+)
diff --git a/src/main/helm/templates/network_policy.yaml b/src/main/helm/templates/network_policy.yaml
index 1f2f9e15..21bc4f35 100644
--- a/src/main/helm/templates/network_policy.yaml
+++ b/src/main/helm/templates/network_policy.yaml
@@ -38,6 +38,13 @@ spec:
ingress:
- ports:
- port: 8080
+ - from:
+ - namespaceSelector:
+ matchLabels:
+ name: {{ (.Values.networkPolicy).monitoringNamespace | default "openshift-monitoring" }}
+ ports:
+ - protocol: TCP
+ port: 8081
egress:
- to:
- podSelector:
diff --git a/src/test/helm/network_policy_test.yaml b/src/test/helm/network_policy_test.yaml
index 9ef5c98f..2a2ee2c2 100644
--- a/src/test/helm/network_policy_test.yaml
+++ b/src/test/helm/network_policy_test.yaml
@@ -70,6 +70,13 @@ tests:
ingress:
- ports:
- port: 8080
+ - from:
+ - namespaceSelector:
+ matchLabels:
+ name: openshift-monitoring
+ ports:
+ - protocol: TCP
+ port: 8081
egress:
- to:
- podSelector:
@@ -92,6 +99,23 @@ tests:
- port: 5353
protocol: TCP
+ - it: should set monitoring namespace
+ set:
+ networkPolicy:
+ dnsServerNamespace: test-dns-namespace
+ monitoringNamespace: test-monitoring
+ asserts:
+ - contains:
+ path: spec.ingress
+ content:
+ from:
+ - namespaceSelector:
+ matchLabels:
+ name: test-monitoring
+ ports:
+ - protocol: TCP
+ port: 8081
+
- it: test network policy disabled
set:
networkPolicy:
--
GitLab