diff --git a/nachrichten-bayernid-proxy/src/main/helm/templates/network_policy.yaml b/nachrichten-bayernid-proxy/src/main/helm/templates/network_policy.yaml
index e0effc809597979a1cdb01c636f868c63574f617..95cd70f64a419cc1e585a2f977f48d45aae0eaee 100644
--- a/nachrichten-bayernid-proxy/src/main/helm/templates/network_policy.yaml
+++ b/nachrichten-bayernid-proxy/src/main/helm/templates/network_policy.yaml
@@ -44,6 +44,9 @@ spec:
component: vorgang-manager
{{- with (.Values.networkPolicy).additionalIngressConfig }}
{{ toYaml . | indent 2 }}
+{{- end }}
+{{- with (.Values.networkPolicy).additionalIngressConfigNamespace }}
+{{ toYaml . | indent 2 }}
{{- end }}
egress:
- to:
@@ -62,5 +65,8 @@ spec:
{{- with (.Values.networkPolicy).additionalEgressConfig }}
{{ toYaml . | indent 2 }}
{{- end }}
+{{- with (.Values.networkPolicy).additionalEgressConfigNamespace }}
+{{ toYaml . | indent 2 }}
+{{- end }}
{{- end }}
\ No newline at end of file
diff --git a/nachrichten-bayernid-proxy/src/test/helm/network_policy_test.yaml b/nachrichten-bayernid-proxy/src/test/helm/network_policy_test.yaml
index 7382ad0947be9db238ff1b5d7f9de08439716165..6942329e62a7ca2a0544cc56d6f3d6d76e9b2120 100644
--- a/nachrichten-bayernid-proxy/src/test/helm/network_policy_test.yaml
+++ b/nachrichten-bayernid-proxy/src/test/helm/network_policy_test.yaml
@@ -91,16 +91,15 @@ tests:
- port: 5353
protocol: TCP
- - it: add ingress rule by values
+ - it: should add additionalIngressConfig
set:
networkPolicy:
- ssoPublicIp: 51.89.117.53/32
- dnsServerNamespace: test-namespace-dns
+ dnsServerNamespace: test-dns-namespace
additionalIngressConfig:
- from:
- podSelector:
matchLabels:
- component: client2
+ additionalIngressConfig: yes
asserts:
- contains:
path: spec.ingress
@@ -108,41 +107,62 @@ tests:
from:
- podSelector:
matchLabels:
- component: client2
+ additionalIngressConfig: yes
- - it: add egress rules by values
+ - it: should add additionalEgressConfig
set:
- networkPolicy:
+ networkPolicy:
+ dnsServerNamespace: test-dns-namespace
additionalEgressConfig:
- - to:
- - ipBlock:
- cidr: 1.2.3.4/32
- to:
- podSelector:
matchLabels:
- component: ozg-testservice
- ports:
- - port: 12345
- protocol: TCP
-
- dnsServerNamespace: test-dns-namespace
+ additionalEgressConfig: yes
asserts:
- contains:
path: spec.egress
content:
to:
- - ipBlock:
- cidr: 1.2.3.4/32
+ - podSelector:
+ matchLabels:
+ additionalEgressConfig: yes
+
+
+ - it: should add additionalIngressConfigNamespace
+ set:
+ networkPolicy:
+ dnsServerNamespace: test-dns-namespace
+ additionalIngressConfigNamespace:
+ - from:
+ - podSelector:
+ matchLabels:
+ additionalIngressConfigNamespace: yes
+ asserts:
+ - contains:
+ path: spec.ingress
+ content:
+ from:
+ - podSelector:
+ matchLabels:
+ additionalIngressConfigNamespace: yes
+
+ - it: should add additionalEgressConfigNamespace
+ set:
+ networkPolicy:
+ dnsServerNamespace: test-dns-namespace
+ additionalEgressConfigNamespace:
+ - to:
+ - podSelector:
+ matchLabels:
+ additionalEgressConfigNamespace: yes
+ asserts:
- contains:
path: spec.egress
content:
to:
- podSelector:
matchLabels:
- component: ozg-testservice
- ports:
- - port: 12345
- protocol: TCP
+ additionalEgressConfigNamespace: yes
- it: test network policy disabled
set:
diff --git a/src/main/helm/templates/network_policy.yaml b/src/main/helm/templates/network_policy.yaml
index fb20373df7e5cf5c1045657b25fb3df4057f48cc..88ad059ed4898240276aa3f9a0dc05775705a87e 100644
--- a/src/main/helm/templates/network_policy.yaml
+++ b/src/main/helm/templates/network_policy.yaml
@@ -47,6 +47,9 @@ spec:
ozg-component: eingangsadapter
{{- with (.Values.networkPolicy).additionalIngressConfig }}
{{ toYaml . | indent 2 }}
+{{- end }}
+{{- with (.Values.networkPolicy).additionalIngressConfigNamespace }}
+{{ toYaml . | indent 2 }}
{{- end }}
egress:
- to:
@@ -101,5 +104,8 @@ spec:
{{- with (.Values.networkPolicy).additionalEgressConfig }}
{{ toYaml . | indent 2 }}
{{- end }}
+{{- with (.Values.networkPolicy).additionalEgressConfigNamespace }}
+{{ toYaml . | indent 2 }}
+{{- end }}
{{- end }}
\ No newline at end of file
diff --git a/src/test/helm/network_policy_test.yaml b/src/test/helm/network_policy_test.yaml
index 16661a34b0b43473c82029e7496f2867220dd785..ac7df6574a59eae14b64a88872f8f37a182dfa89 100644
--- a/src/test/helm/network_policy_test.yaml
+++ b/src/test/helm/network_policy_test.yaml
@@ -253,39 +253,78 @@ tests:
matchLabels:
component: client2
- - it: add egress rules by values
+ - it: should add additionalIngressConfig
set:
networkPolicy:
+ dnsServerNamespace: test-namespace-dns
+ additionalIngressConfig:
+ - from:
+ - podSelector:
+ matchLabels:
+ additionalIngressConfig: yes
+ asserts:
+ - contains:
+ path: spec.ingress
+ content:
+ from:
+ - podSelector:
+ matchLabels:
+ additionalIngressConfig: yes
+
+ - it: should add additionalEgressConfig
+ set:
+ networkPolicy:
+ dnsServerNamespace: test-namespace-dns
additionalEgressConfig:
- - to:
- - ipBlock:
- cidr: 1.2.3.4/32
- to:
- podSelector:
matchLabels:
- component: ozg-testservice
- ports:
- - port: 12345
- protocol: TCP
-
- dnsServerNamespace: test-dns-namespace
+ additionalEgressConfig: yes
asserts:
- contains:
path: spec.egress
content:
to:
- - ipBlock:
- cidr: 1.2.3.4/32
+ - podSelector:
+ matchLabels:
+ additionalEgressConfig: yes
+
+
+ - it: should add additionalIngressConfigNamespace
+ set:
+ networkPolicy:
+ dnsServerNamespace: test-namespace-dns
+ additionalIngressConfigNamespace:
+ - from:
+ - podSelector:
+ matchLabels:
+ additionalIngressConfigNamespace: yes
+ asserts:
+ - contains:
+ path: spec.ingress
+ content:
+ from:
+ - podSelector:
+ matchLabels:
+ additionalIngressConfigNamespace: yes
+
+ - it: should add additionalEgressConfigNamespace
+ set:
+ networkPolicy:
+ dnsServerNamespace: test-dns-namespace
+ additionalEgressConfigNamespace:
+ - to:
+ - podSelector:
+ matchLabels:
+ additionalEgressConfigNamespace: yes
+ asserts:
- contains:
path: spec.egress
content:
to:
- podSelector:
matchLabels:
- component: ozg-testservice
- ports:
- - port: 12345
- protocol: TCP
+ additionalEgressConfigNamespace: yes
- it: test network policy disabled
set: