diff --git a/src/main/helm/templates/deployment.yaml b/src/main/helm/templates/deployment.yaml
index c74ea4c6e5b148bbe74d2213fd90ee0c1b5942e9..a6bbdb7b1b6db70c992b6ae5728ea80454ccce18 100644
--- a/src/main/helm/templates/deployment.yaml
+++ b/src/main/helm/templates/deployment.yaml
@@ -137,7 +137,10 @@ spec:
- name: spring_ssl_bundle_pem_es-root-ca_truststore_certificate
value: "/bindings/ca-certificates/es-root-ca.pem"
{{- end }}
- {{- with (.Values.env).customList }}
+ {{- with (.Values.env).customVarsLocal }}
+{{ toYaml . | indent 10 }}
+ {{- end }}
+ {{- with (.Values.env).customVarsGlobal }}
{{ toYaml . | indent 10 }}
{{- end }}
- name: grpc_client_user-manager_address
diff --git a/src/main/helm/templates/network_policy.yaml b/src/main/helm/templates/network_policy.yaml
index 88ad059ed4898240276aa3f9a0dc05775705a87e..4e92477186bd11308c58de1cc1c5f05c3d6207f0 100644
--- a/src/main/helm/templates/network_policy.yaml
+++ b/src/main/helm/templates/network_policy.yaml
@@ -45,10 +45,10 @@ spec:
- podSelector:
matchLabels:
ozg-component: eingangsadapter
-{{- with (.Values.networkPolicy).additionalIngressConfig }}
+{{- with (.Values.networkPolicy).additionalIngressConfigLocal }}
{{ toYaml . | indent 2 }}
{{- end }}
-{{- with (.Values.networkPolicy).additionalIngressConfigNamespace }}
+{{- with (.Values.networkPolicy).additionalIngressConfigGlobal }}
{{ toYaml . | indent 2 }}
{{- end }}
egress:
@@ -101,10 +101,10 @@ spec:
protocol: UDP
- port: 5353
protocol: TCP
-{{- with (.Values.networkPolicy).additionalEgressConfig }}
+{{- with (.Values.networkPolicy).additionalEgressConfigLocal }}
{{ toYaml . | indent 2 }}
{{- end }}
-{{- with (.Values.networkPolicy).additionalEgressConfigNamespace }}
+{{- with (.Values.networkPolicy).additionalEgressConfigGlobal }}
{{ toYaml . | indent 2 }}
{{- end }}
diff --git a/src/test/helm/deployment_env_test.yaml b/src/test/helm/deployment_env_test.yaml
index f4306525a9696b7c8c57b8dfe940712c09ad516c..4676faaaad03058db7e1c784d14d6164522f64b0 100644
--- a/src/test/helm/deployment_env_test.yaml
+++ b/src/test/helm/deployment_env_test.yaml
@@ -30,9 +30,20 @@ set:
environment: dev
imagePullSecret: test-image-pull-secret
tests:
- - it: check customList
+ - it: check customList local
set:
- env.customList:
+ env.customVarsLocal:
+ - name: my_test_environment_name
+ value: "A test value"
+ asserts:
+ - contains:
+ path: spec.template.spec.containers[0].env
+ content:
+ name: my_test_environment_name
+ value: "A test value"
+ - it: check customList global
+ set:
+ env.customVarsGlobal:
- name: my_test_environment_name
value: "A test value"
asserts:
diff --git a/src/test/helm/network_policy_test.yaml b/src/test/helm/network_policy_test.yaml
index ac7df6574a59eae14b64a88872f8f37a182dfa89..1398e8ec8450bbb0967e626d18dd6771fea39c94 100644
--- a/src/test/helm/network_policy_test.yaml
+++ b/src/test/helm/network_policy_test.yaml
@@ -234,12 +234,12 @@ tests:
- failedTemplate:
errorMessage: ozgcloud.bayernid.proxy.namespace must be set if bayernid is enabled
- - it: add ingress rule by values
+ - it: add ingress rule local by values
set:
networkPolicy:
ssoPublicIp: 51.89.117.53/32
dnsServerNamespace: test-namespace-dns
- additionalIngressConfig:
+ additionalIngressConfigGlobal:
- from:
- podSelector:
matchLabels:
@@ -252,16 +252,16 @@ tests:
- podSelector:
matchLabels:
component: client2
-
- - it: should add additionalIngressConfig
+ - it: add ingress rule global by values
set:
networkPolicy:
+ ssoPublicIp: 51.89.117.53/32
dnsServerNamespace: test-namespace-dns
- additionalIngressConfig:
+ additionalIngressConfigLocal:
- from:
- podSelector:
matchLabels:
- additionalIngressConfig: yes
+ component: client2
asserts:
- contains:
path: spec.ingress
@@ -269,54 +269,53 @@ tests:
from:
- podSelector:
matchLabels:
- additionalIngressConfig: yes
+ component: client2
- - it: should add additionalEgressConfig
+ - it: add egress rules local by values
set:
networkPolicy:
- dnsServerNamespace: test-namespace-dns
- additionalEgressConfig:
+ additionalEgressConfigGlobal:
+ - to:
+ - ipBlock:
+ cidr: 1.2.3.4/32
- to:
- podSelector:
matchLabels:
- additionalEgressConfig: yes
+ component: ozg-testservice
+ ports:
+ - port: 12345
+ protocol: TCP
+
+ dnsServerNamespace: test-dns-namespace
asserts:
+ - contains:
+ path: spec.egress
+ content:
+ to:
+ - ipBlock:
+ cidr: 1.2.3.4/32
- contains:
path: spec.egress
content:
to:
- podSelector:
matchLabels:
- additionalEgressConfig: yes
-
-
- - it: should add additionalIngressConfigNamespace
- set:
- networkPolicy:
- dnsServerNamespace: test-namespace-dns
- additionalIngressConfigNamespace:
- - from:
- - podSelector:
- matchLabels:
- additionalIngressConfigNamespace: yes
- asserts:
- - contains:
- path: spec.ingress
- content:
- from:
- - podSelector:
- matchLabels:
- additionalIngressConfigNamespace: yes
-
- - it: should add additionalEgressConfigNamespace
+ component: ozg-testservice
+ ports:
+ - port: 12345
+ protocol: TCP
+ - it: add egress rules global by values
set:
networkPolicy:
dnsServerNamespace: test-dns-namespace
- additionalEgressConfigNamespace:
+ additionalEgressConfigLocal:
+ - to:
+ - ipBlock:
+ cidr: 1.2.3.4/32
- to:
- podSelector:
matchLabels:
- additionalEgressConfigNamespace: yes
+ additionalEgressConfig: yes
asserts:
- contains:
path: spec.egress
@@ -324,7 +323,7 @@ tests:
to:
- podSelector:
matchLabels:
- additionalEgressConfigNamespace: yes
+ additionalEgressConfig: yes
- it: test network policy disabled
set: