From 6c04161328fb1e48542bf511c624a1061b01d656 Mon Sep 17 00:00:00 2001
From: OZGCloud <ozgcloud@mgm-tp.com>
Date: Wed, 8 Nov 2023 13:34:03 +0100
Subject: [PATCH] OZG-4455 add egress network policy option
---
src/main/helm/templates/network_policy.yaml | 5 ++++
src/test/helm/network_policy_test.yaml | 32 +++++++++++++++++++++
2 files changed, 37 insertions(+)
diff --git a/src/main/helm/templates/network_policy.yaml b/src/main/helm/templates/network_policy.yaml
index 5cee33420..99ce5027f 100644
--- a/src/main/helm/templates/network_policy.yaml
+++ b/src/main/helm/templates/network_policy.yaml
@@ -89,4 +89,9 @@ spec:
- ipBlock:
cidr: {{ required "ozgcloud.bayernid.cidr muss angegeben sein" ((.Values.ozgcloud).bayernid).cidr }}
{{- end }}
+
+{{- with (.Values.networkPolicy).additionalEgressConfig }}
+{{ toYaml . | indent 2 }}
+{{- end }}
+
{{- end }}
\ No newline at end of file
diff --git a/src/test/helm/network_policy_test.yaml b/src/test/helm/network_policy_test.yaml
index ca1e231f2..408efa3a3 100644
--- a/src/test/helm/network_policy_test.yaml
+++ b/src/test/helm/network_policy_test.yaml
@@ -148,6 +148,38 @@ tests:
- ipBlock:
cidr: 2.3.4.5/1
+ - it: add egress rules by values
+ set:
+ networkPolicy:
+ additionalEgressConfig:
+ - to:
+ - ipBlock:
+ cidr: 1.1.1.1/32
+ - to:
+ - podSelector:
+ matchLabels:
+ component: ozg-mongodb
+ ports:
+ - port: 27017
+ protocol: TCP
+ asserts:
+ - contains:
+ path: spec.egress
+ content:
+ to:
+ - ipBlock:
+ cidr: 1.1.1.1/32
+ - contains:
+ path: spec.egress
+ content:
+ to:
+ - podSelector:
+ matchLabels:
+ component: ozg-mongodb
+ ports:
+ - port: 27017
+ protocol: TCP
+
- it: test network policy disabled
set:
networkPolicy:
--
GitLab