Skip to content
Snippets Groups Projects
Commit 1e0c92fe authored by OZGCloud's avatar OZGCloud
Browse files

Merge pull request 'OZG-6708 add antragsraum-proxy to netpol' (#448) from OZG-6708 into master

parents 16e88422 bbcdd541
Branches
Tags
No related merge requests found
......@@ -59,10 +59,10 @@ spec:
- from:
- namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: {{ required "ozgcloud.antragraum.namespace must be set if antragraum is enabled" ((.Values.ozgcloud).antragraum).namespace }}
kubernetes.io/metadata.name: {{((.Values.ozgcloud).antragraum).antragsraumProxyNamespace | default "antragsraum-proxy"}}
podSelector:
matchLabels:
component: antragsraum-server
component: antragsraum-proxy
{{- end }}
- from:
......@@ -127,7 +127,7 @@ spec:
- to:
- namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: {{ required "ozgcloud.antragraum.namespace must be set if antragraum is enabled" ((.Values.ozgcloud).antragraum).namespace }}
kubernetes.io/metadata.name: {{((.Values.ozgcloud).antragraum).namespace | default "antragraum"}}
podSelector:
matchLabels:
component: info-manager
......
......@@ -140,15 +140,33 @@ tests:
matchLabels:
name: test-monitoring
- it: should add ingress rule for antragraum-proxy if antragraum is enabled
set:
networkPolicy:
dnsServerNamespace: test-dns-namespace
ozgcloud:
antragraum:
enabled: true
asserts:
- contains:
path: spec.ingress
content:
from:
- namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: antragsraum-proxy
podSelector:
matchLabels:
component: antragsraum-proxy
- it: should add ingress rule for antragraum if antragraum is enabled
- it: should set ingress rule for antragraum-proxy if antragraum is enabled
set:
networkPolicy:
dnsServerNamespace: test-dns-namespace
ozgcloud:
antragraum:
enabled: true
namespace: antragraum02
antragsraumProxyNamespace: antragsraum-proxy
asserts:
- contains:
path: spec.ingress
......@@ -156,10 +174,10 @@ tests:
from:
- namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: antragraum02
kubernetes.io/metadata.name: antragsraum-proxy
podSelector:
matchLabels:
component: antragsraum-server
component: antragsraum-proxy
- it: should not add ingress rule for antragraum if antragraum is disabled
......@@ -176,21 +194,30 @@ tests:
from:
- namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: antragraum02
kubernetes.io/metadata.name: antragraum
podSelector:
matchLabels:
component: antragraum-server
- it: should throw error if antragraum is enabled but antragraum namespace is not set
- it: should not add ingress rule for antragraum-proxy if antragraum is disabled
set:
networkPolicy:
dnsServerNamespace: test-dns-namespace
ozgcloud:
antragraum:
enabled: true
enabled: false
asserts:
- failedTemplate:
errorMessage: ozgcloud.antragraum.namespace must be set if antragraum is enabled
- notContains:
path: spec.ingress
content:
from:
- namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: antragraum-proxy
podSelector:
matchLabels:
component: antragraum-proxy
any: true
- it: should add default ingress rule for zentraler-eingang
set:
......@@ -355,7 +382,6 @@ tests:
ozgcloud:
antragraum:
enabled: true
namespace: antragraum02
asserts:
- contains:
path: spec.egress
......@@ -363,7 +389,27 @@ tests:
to:
- namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: antragraum02
kubernetes.io/metadata.name: antragraum
podSelector:
matchLabels:
component: info-manager
- it: should set egress rule to info-manager if antragraum is enabled
set:
networkPolicy:
dnsServerNamespace: test-dns-namespace
ozgcloud:
antragraum:
enabled: true
namespace: antragraum2
asserts:
- contains:
path: spec.egress
content:
to:
- namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: antragraum2
podSelector:
matchLabels:
component: info-manager
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment