Skip to content
Snippets Groups Projects
Commit 4a5bcbf1 authored by OZGCloud's avatar OZGCloud
Browse files

OZG-6708 add antragsraum-proxy to netpol

parent 5c8919b0
Branches
Tags
No related merge requests found
Show whitespace changes
Inline Side-by-side
src/main/helm/templates/network_policy.yaml
+ 7
0
View file @ 4a5bcbf1
...@@ -63,6 +63,13 @@ spec: ...@@ -63,6 +63,13 @@ spec:
podSelector: podSelector:
matchLabels: matchLabels:
component: antragsraum-server component: antragsraum-server
- from:
- namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: {{ required "ozgcloud.antragraum.antragsraumProxyNamespace must be set if antragraum is enabled" ((.Values.ozgcloud).antragraum).antragsraumProxyNamespace }}
podSelector:
matchLabels:
component: antragsraum-proxy
{{- end }} {{- end }}
- from: - from:
......
src/test/helm/network_policy_test.yaml
+ 53
0
View file @ 4a5bcbf1
...@@ -149,6 +149,7 @@ tests: ...@@ -149,6 +149,7 @@ tests:
antragraum: antragraum:
enabled: true enabled: true
namespace: antragraum02 namespace: antragraum02
antragsraumProxyNamespace: antragraum-proxy
asserts: asserts:
- contains: - contains:
path: spec.ingress path: spec.ingress
...@@ -160,6 +161,26 @@ tests: ...@@ -160,6 +161,26 @@ tests:
podSelector: podSelector:
matchLabels: matchLabels:
component: antragsraum-server component: antragsraum-server
- it: should add ingress rule for antragraum-proxy if antragraum is enabled
set:
networkPolicy:
dnsServerNamespace: test-dns-namespace
ozgcloud:
antragraum:
enabled: true
namespace: antragraum-proxy
antragsraumProxyNamespace: antragraum-proxy
asserts:
- contains:
path: spec.ingress
content:
from:
- namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: antragraum-proxy
podSelector:
matchLabels:
component: antragsraum-proxy
- it: should not add ingress rule for antragraum if antragraum is disabled - it: should not add ingress rule for antragraum if antragraum is disabled
...@@ -181,6 +202,25 @@ tests: ...@@ -181,6 +202,25 @@ tests:
matchLabels: matchLabels:
component: antragraum-server component: antragraum-server
- it: should not add ingress rule for antragraum-proxy if antragraum is disabled
set:
networkPolicy:
dnsServerNamespace: test-dns-namespace
ozgcloud:
antragraum:
enabled: false
asserts:
- notContains:
path: spec.ingress
content:
from:
- namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: antragraum-proxy
podSelector:
matchLabels:
component: antragraum-proxy
- it: should throw error if antragraum is enabled but antragraum namespace is not set - it: should throw error if antragraum is enabled but antragraum namespace is not set
set: set:
networkPolicy: networkPolicy:
...@@ -188,9 +228,21 @@ tests: ...@@ -188,9 +228,21 @@ tests:
ozgcloud: ozgcloud:
antragraum: antragraum:
enabled: true enabled: true
antragsraumProxyNamespace: antragraum-proxy
asserts: asserts:
- failedTemplate: - failedTemplate:
errorMessage: ozgcloud.antragraum.namespace must be set if antragraum is enabled errorMessage: ozgcloud.antragraum.namespace must be set if antragraum is enabled
- it: should throw error if antragraum is enabled but antragsraumProxyNamespace is not set
set:
networkPolicy:
dnsServerNamespace: test-dns-namespace
ozgcloud:
antragraum:
enabled: true
namespace: antragraum2
asserts:
- failedTemplate:
errorMessage: ozgcloud.antragraum.antragsraumProxyNamespace must be set if antragraum is enabled
- it: should add default ingress rule for zentraler-eingang - it: should add default ingress rule for zentraler-eingang
set: set:
...@@ -356,6 +408,7 @@ tests: ...@@ -356,6 +408,7 @@ tests:
antragraum: antragraum:
enabled: true enabled: true
namespace: antragraum02 namespace: antragraum02
antragsraumProxyNamespace: antragraum-proxy
asserts: asserts:
- contains: - contains:
path: spec.egress path: spec.egress
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment

Impressum - Datenschutz - Barrierefreiheit