diff --git a/src/main/helm/templates/network_policy.yaml b/src/main/helm/templates/network_policy.yaml
index 28fab29f9e443b50b32b87d68c9ffdedc0220d4d..1f3c97142e3282e62cc84628cffb0ce376b21ace 100644
--- a/src/main/helm/templates/network_policy.yaml
+++ b/src/main/helm/templates/network_policy.yaml
@@ -58,6 +58,21 @@ spec:
component: antragsraum-server
{{- end }}
+ - from:
+ - namespaceSelector:
+ matchLabels:
+ kubernetes.io/metadata.name: {{ (.Values.networkPolicy).zentralerEingangNamespace }}
+ podSelector:
+ matchExpressions:
+ - key: ozg-component
+ operator: In
+ values:
+ - eingangsadapter
+ - xta-adapter
+ ports:
+ - protocol: TCP
+ port: 9090
+
{{- with (.Values.networkPolicy).additionalIngressConfigLocal }}
{{ toYaml . | indent 2 }}
{{- end }}
diff --git a/src/main/helm/values.yaml b/src/main/helm/values.yaml
index 5182d0baab596a8abe3a67fcaa32c1f87e78b615..30fe6d16e7959cfd36ad808debca0000f7ea0419 100644
--- a/src/main/helm/values.yaml
+++ b/src/main/helm/values.yaml
@@ -58,7 +58,10 @@ vorgangmanagerName: vorgang-manager
usermanagerName: user-manager
zufiManager:
- address: dns://zufi.zufi-manager:9090
+ address: dns://zufi-manager.zufi:9090
elasticsearch:
certificateSecretName: elasticsearch-certificate
+
+networkPolicy:
+ zentralerEingangNamespace: zentraler-eingang
\ No newline at end of file
diff --git a/src/test/helm/deployment_zufimanager_address_env_test.yaml b/src/test/helm/deployment_zufimanager_address_env_test.yaml
index 4771f72d053c23395bf8a67afb2684241875cd71..8a16fc9df3dd161711d0a6803f2383106222cba8 100644
--- a/src/test/helm/deployment_zufimanager_address_env_test.yaml
+++ b/src/test/helm/deployment_zufimanager_address_env_test.yaml
@@ -39,4 +39,4 @@ tests:
path: spec.template.spec.containers[0].env
content:
name: ozgcloud_zufi-manager_address
- value: dns://zufi.zufi-manager:9090
+ value: dns://zufi-manager.zufi:9090
diff --git a/src/test/helm/network_policy_test.yaml b/src/test/helm/network_policy_test.yaml
index f63746306c5edeaa76f17028551c04243a137d31..4a10bb1398946fc48c6e90783a1c3af5fc592e6f 100644
--- a/src/test/helm/network_policy_test.yaml
+++ b/src/test/helm/network_policy_test.yaml
@@ -158,6 +158,53 @@ tests:
- failedTemplate:
errorMessage: ozgcloud.antragraum.namespace must be set if antragraum is enabled
+ - it: should add default ingress rule for zentraler-eingang
+ set:
+ networkPolicy:
+ dnsServerNamespace: test-dns-namespace
+ asserts:
+ - contains:
+ path: spec.ingress
+ content:
+ from:
+ - namespaceSelector:
+ matchLabels:
+ kubernetes.io/metadata.name: zentraler-eingang
+ podSelector:
+ matchExpressions:
+ - key: ozg-component
+ operator: In
+ values:
+ - eingangsadapter
+ - xta-adapter
+ ports:
+ - protocol: TCP
+ port: 9090
+
+ - it: should add ingress rule for zentraler-eingang
+ set:
+ networkPolicy:
+ dnsServerNamespace: test-dns-namespace
+ zentralerEingangNamespace: custom-namespace
+ asserts:
+ - contains:
+ path: spec.ingress
+ content:
+ from:
+ - namespaceSelector:
+ matchLabels:
+ kubernetes.io/metadata.name: custom-namespace
+ podSelector:
+ matchExpressions:
+ - key: ozg-component
+ operator: In
+ values:
+ - eingangsadapter
+ - xta-adapter
+ ports:
+ - protocol: TCP
+ port: 9090
+
- it: should add egress rule to elasticsearch
set: