diff --git a/src/main/helm/templates/network_policy.yaml b/src/main/helm/templates/network_policy.yaml
index d5cea4894bc1add8a6d33239cb7d3fe2cd45d563..fb3ab3968eab6183274431f6247c7ddd099b84f5 100644
--- a/src/main/helm/templates/network_policy.yaml
+++ b/src/main/helm/templates/network_policy.yaml
@@ -49,7 +49,10 @@ spec:
- podSelector:
matchLabels:
component: alfa
-{{- with (.Values.networkPolicy).additionalIngressConfig }}
+{{- with (.Values.networkPolicy).additionalIngressConfigLocal }}
+{{ toYaml . | indent 2 }}
+{{- end }}
+{{- with (.Values.networkPolicy).additionalIngressConfigGlobal }}
{{ toYaml . | indent 2 }}
{{- end }}
egress:
@@ -77,7 +80,10 @@ spec:
protocol: UDP
- port: 5353
protocol: TCP
-{{- with (.Values.networkPolicy).additionalEgressConfig }}
+{{- with (.Values.networkPolicy).additionalEgressConfigLocal }}
+{{ toYaml . | indent 2 }}
+{{- end }}
+{{- with (.Values.networkPolicy).additionalEgressConfigGlobal }}
{{ toYaml . | indent 2 }}
{{- end }}
diff --git a/src/test/helm/network_policy_test.yaml b/src/test/helm/network_policy_test.yaml
index 28914dc3ded0ae7c2b93b4d90a0451e50d72f3af..1e098799bc505edb7fa400cfa8b6ec91ecb28e88 100644
--- a/src/test/helm/network_policy_test.yaml
+++ b/src/test/helm/network_policy_test.yaml
@@ -99,16 +99,16 @@ tests:
- port: 5353
protocol: TCP
- - it: add ingress rule by values
+ - it: should add additionalIngressConfigLocal
set:
networkPolicy:
ssoPublicIp: 51.89.117.53/32
dnsServerNamespace: test-namespace-dns
- additionalIngressConfig:
+ additionalIngressConfigLocal:
- from:
- podSelector:
matchLabels:
- component: client2
+ component: local-client
asserts:
- contains:
path: spec.ingress
@@ -116,14 +116,64 @@ tests:
from:
- podSelector:
matchLabels:
- component: client2
+ component: local-client
- - it: add egress rules by values
+ - it: should add additionalIngressConfigGlobal
+ set:
+ networkPolicy:
+ ssoPublicIp: 51.89.117.53/32
+ dnsServerNamespace: test-namespace-dns
+ additionalIngressConfigGlobal:
+ - from:
+ - podSelector:
+ matchLabels:
+ component: global-client
+ asserts:
+ - contains:
+ path: spec.ingress
+ content:
+ from:
+ - podSelector:
+ matchLabels:
+ component: global-client
+
+ - it: should add additionalIngressConfigGlobal and additionalIngressConfigLocal
+ set:
+ networkPolicy:
+ ssoPublicIp: 51.89.117.53/32
+ dnsServerNamespace: test-namespace-dns
+ additionalIngressConfigGlobal:
+ - from:
+ - podSelector:
+ matchLabels:
+ component: global-client
+ additionalIngressConfigLocal:
+ - from:
+ - podSelector:
+ matchLabels:
+ component: local-client
+ asserts:
+ - contains:
+ path: spec.ingress
+ content:
+ from:
+ - podSelector:
+ matchLabels:
+ component: global-client
+ - contains:
+ path: spec.ingress
+ content:
+ from:
+ - podSelector:
+ matchLabels:
+ component: local-client
+
+ - it: should add additionalEgressConfigLocal
set:
networkPolicy:
ssoPublicIp: 51.89.117.53/32
dnsServerNamespace: test-dns-namespace
- additionalEgressConfig:
+ additionalEgressConfigLocal:
- to:
- ipBlock:
cidr: 1.2.3.4/32
@@ -135,6 +185,50 @@ tests:
- ipBlock:
cidr: 1.2.3.4/32
+ - it: should add additionalEgressConfigGlobal
+ set:
+ networkPolicy:
+ ssoPublicIp: 51.89.117.53/32
+ dnsServerNamespace: test-dns-namespace
+ additionalEgressConfigGlobal:
+ - to:
+ - ipBlock:
+ cidr: 2.3.4.5/32
+ asserts:
+ - contains:
+ path: spec.egress
+ content:
+ to:
+ - ipBlock:
+ cidr: 2.3.4.5/32
+
+ - it: should add additionalEgressConfigLocal and additionalEgressConfigGlobal
+ set:
+ networkPolicy:
+ ssoPublicIp: 51.89.117.53/32
+ dnsServerNamespace: test-dns-namespace
+ additionalEgressConfigLocal:
+ - to:
+ - ipBlock:
+ cidr: 1.2.3.4/32
+ additionalEgressConfigGlobal:
+ - to:
+ - ipBlock:
+ cidr: 2.3.4.5/32
+ asserts:
+ - contains:
+ path: spec.egress
+ content:
+ to:
+ - ipBlock:
+ cidr: 1.2.3.4/32
+ - contains:
+ path: spec.egress
+ content:
+ to:
+ - ipBlock:
+ cidr: 2.3.4.5/32
+
- it: test network policy disabled
set:
networkPolicy: