From 8da0c96dfb1c522b112d8bc4215020d4d43ea27b Mon Sep 17 00:00:00 2001
From: OZGCloud <ozgcloud@mgm-tp.com>
Date: Wed, 11 Sep 2024 15:32:44 +0200
Subject: [PATCH] ozg-6647 add monitoring network policy
---
src/main/helm/templates/network_policy.yaml | 7 ++++++
src/test/helm/network_policy_test.yaml | 25 +++++++++++++++++++++
2 files changed, 32 insertions(+)
diff --git a/src/main/helm/templates/network_policy.yaml b/src/main/helm/templates/network_policy.yaml
index fb3ab396..2f6b9334 100644
--- a/src/main/helm/templates/network_policy.yaml
+++ b/src/main/helm/templates/network_policy.yaml
@@ -49,6 +49,13 @@ spec:
- podSelector:
matchLabels:
component: alfa
+ - from:
+ - namespaceSelector:
+ matchLabels:
+ name: {{ (.Values.networkPolicy).monitoringNamespace | default "openshift-user-workload-monitoring" }}
+ ports:
+ - protocol: TCP
+ port: 9002
{{- with (.Values.networkPolicy).additionalIngressConfigLocal }}
{{ toYaml . | indent 2 }}
{{- end }}
diff --git a/src/test/helm/network_policy_test.yaml b/src/test/helm/network_policy_test.yaml
index fc9b32fd..9f0fb3de 100644
--- a/src/test/helm/network_policy_test.yaml
+++ b/src/test/helm/network_policy_test.yaml
@@ -86,6 +86,13 @@ tests:
- podSelector:
matchLabels:
component: alfa
+ - ports:
+ - port: 9002
+ protocol: TCP
+ from:
+ - namespaceSelector:
+ matchLabels:
+ name: openshift-user-workload-monitoring
egress:
- to:
- podSelector:
@@ -181,6 +188,24 @@ tests:
matchLabels:
component: local-client
+ - it: should set monitoring namespace for monitoring scraper ingress rule
+ set:
+ networkPolicy:
+ ssoPublicIp: 51.89.117.53/32
+ dnsServerNamespace: test-namespace-dns
+ monitoringNamespace: test-monitoring
+ asserts:
+ - contains:
+ path: spec.ingress
+ content:
+ ports:
+ - port: 9002
+ protocol: TCP
+ from:
+ - namespaceSelector:
+ matchLabels:
+ name: test-monitoring
+
- it: should add additionalEgressConfigLocal
set:
networkPolicy:
--
GitLab