Merge pull request 'OZG-6354 zentraler eingang add network policy' (#439) from...

Merge pull request 'OZG-6354 zentraler eingang add network policy' (#439) from OZG-6354-pvog-based-routing-helm-chart into master

Reviewed-on: https://git.ozg-sh.de/ozgcloud-app/vorgang-manager/pulls/439


Reviewed-by: OZGCloud <ozgcloud@mgm-tp.com>

src/main/helm/templates/network_policy.yaml

@@ -58,6 +58,21 @@ spec:
           component: antragsraum-server
 {{- end }}
 
+  - from:
+    - namespaceSelector:
+        matchLabels:
+          kubernetes.io/metadata.name: {{ (.Values.networkPolicy).zentralerEingangNamespace }}
+      podSelector:
+        matchExpressions:
+          - key: ozg-component
+            operator: In
+            values:
+              - eingangsadapter
+              - xta-adapter
+    ports:
+    - protocol: TCP
+      port: 9090 
+
 {{- with (.Values.networkPolicy).additionalIngressConfigLocal }}
 {{ toYaml . | indent 2 }}
 {{- end }}

src/main/helm/values.yaml

@@ -58,7 +58,10 @@ vorgangmanagerName: vorgang-manager
 usermanagerName: user-manager
 
 zufiManager:
-  address: dns://zufi.zufi-manager:9090
+  address: dns://zufi-manager.zufi:9090
 
 elasticsearch:
     certificateSecretName: elasticsearch-certificate
+
+networkPolicy:
+  zentralerEingangNamespace: zentraler-eingang
\ No newline at end of file

src/test/helm/deployment_zufimanager_address_env_test.yaml

@@ -39,4 +39,4 @@ tests:
           path: spec.template.spec.containers[0].env
           content:
             name: ozgcloud_zufi-manager_address
-            value:  dns://zufi.zufi-manager:9090
+            value:  dns://zufi-manager.zufi:9090

src/test/helm/network_policy_test.yaml

@@ -158,6 +158,53 @@ tests:
       - failedTemplate:
           errorMessage: ozgcloud.antragraum.namespace must be set if antragraum is enabled
 
+  - it: should add default ingress rule for zentraler-eingang
+    set:
+      networkPolicy:
+        dnsServerNamespace: test-dns-namespace
+    asserts:
+    - contains:
+        path: spec.ingress
+        content:
+          from:
+          - namespaceSelector:
+              matchLabels:
+                kubernetes.io/metadata.name: zentraler-eingang
+            podSelector:
+              matchExpressions:
+                - key: ozg-component
+                  operator: In
+                  values:
+                    - eingangsadapter
+                    - xta-adapter
+          ports:
+          - protocol: TCP
+            port: 9090 
+
+  - it: should add ingress rule for zentraler-eingang
+    set:
+      networkPolicy:
+        dnsServerNamespace: test-dns-namespace
+        zentralerEingangNamespace: custom-namespace
+    asserts:
+    - contains:
+        path: spec.ingress
+        content:
+          from:
+          - namespaceSelector:
+              matchLabels:
+                kubernetes.io/metadata.name: custom-namespace
+            podSelector:
+              matchExpressions:
+                - key: ozg-component
+                  operator: In
+                  values:
+                    - eingangsadapter
+                    - xta-adapter
+          ports:
+          - protocol: TCP
+            port: 9090 
+
 
   - it: should add egress rule to elasticsearch
     set: