From a7e8fc158b1f8776b84e8be0fbf354e5c0caa3cc Mon Sep 17 00:00:00 2001
From: OZGCloud <ozgcloud@mgm-tp.com>
Date: Thu, 29 Aug 2024 12:54:05 +0200
Subject: [PATCH] OZG-6354 zentraler eingang add network policy

---
 src/main/helm/templates/network_policy.yaml |  8 +++++
 src/main/helm/values.yaml                   |  4 +++
 src/test/helm/network_policy_test.yaml      | 35 +++++++++++++++++++++
 3 files changed, 47 insertions(+)

diff --git a/src/main/helm/templates/network_policy.yaml b/src/main/helm/templates/network_policy.yaml
index 28fab29f9..fdb87891f 100644
--- a/src/main/helm/templates/network_policy.yaml
+++ b/src/main/helm/templates/network_policy.yaml
@@ -58,6 +58,14 @@ spec:
           component: antragsraum-server
 {{- end }}
 
+  - from:
+    - namespaceSelector:
+        matchLabels:
+          kubernetes.io/metadata.name: {{ (.Values.ozgcloud).zentralerEingang.namespace }}
+    ports:
+    - protocol: TCP
+      port: 9090 
+
 {{- with (.Values.networkPolicy).additionalIngressConfigLocal }}
 {{ toYaml . | indent 2 }}
 {{- end }}
diff --git a/src/main/helm/values.yaml b/src/main/helm/values.yaml
index 5182d0baa..6a52c559f 100644
--- a/src/main/helm/values.yaml
+++ b/src/main/helm/values.yaml
@@ -62,3 +62,7 @@ zufiManager:
 
 elasticsearch:
     certificateSecretName: elasticsearch-certificate
+
+ozgcloud:
+  zentralerEingang:
+    namespace: zentraler-eingang
\ No newline at end of file
diff --git a/src/test/helm/network_policy_test.yaml b/src/test/helm/network_policy_test.yaml
index f63746306..1399b46b1 100644
--- a/src/test/helm/network_policy_test.yaml
+++ b/src/test/helm/network_policy_test.yaml
@@ -158,6 +158,41 @@ tests:
       - failedTemplate:
           errorMessage: ozgcloud.antragraum.namespace must be set if antragraum is enabled
 
+  - it: should add default ingress rule for zentraler-eingang
+    set:
+      networkPolicy:
+        dnsServerNamespace: test-dns-namespace
+    asserts:
+    - contains:
+        path: spec.ingress
+        content:
+          from:
+          - namespaceSelector:
+              matchLabels:
+                kubernetes.io/metadata.name: zentraler-eingang
+          ports:
+          - protocol: TCP
+            port: 9090 
+
+  - it: should add ingress rule for zentraler-eingang
+    set:
+      networkPolicy:
+        dnsServerNamespace: test-dns-namespace
+      ozgcloud:
+        zentralerEingang:
+          namespace: custom-namespace
+    asserts:
+    - contains:
+        path: spec.ingress
+        content:
+          from:
+          - namespaceSelector:
+              matchLabels:
+                kubernetes.io/metadata.name: custom-namespace
+          ports:
+          - protocol: TCP
+            port: 9090 
+
 
   - it: should add egress rule to elasticsearch
     set:
-- 
GitLab