Skip to content
Snippets Groups Projects
Commit bbcdd541 authored by OZGCloud's avatar OZGCloud
Browse files

OZG-6708 update netpol for antragraum

parent 734b1d34
Branches
Tags
No related merge requests found
Hide whitespace changes
Inline Side-by-side
src/main/helm/templates/network_policy.yaml
+ 2
2
View file @ bbcdd541
......@@ -59,7 +59,7 @@ spec:
- from:
- namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: {{ required "ozgcloud.antragraum.antragsraumProxyNamespace must be set if antragraum is enabled" ((.Values.ozgcloud).antragraum).antragsraumProxyNamespace }}
kubernetes.io/metadata.name: {{((.Values.ozgcloud).antragraum).antragsraumProxyNamespace | default "antragsraum-proxy"}}
podSelector:
matchLabels:
component: antragsraum-proxy
......@@ -127,7 +127,7 @@ spec:
- to:
- namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: {{ required "ozgcloud.antragraum.namespace must be set if antragraum is enabled" ((.Values.ozgcloud).antragraum).namespace }}
kubernetes.io/metadata.name: {{((.Values.ozgcloud).antragraum).namespace | default "antragraum"}}
podSelector:
matchLabels:
component: info-manager
......
src/test/helm/network_policy_test.yaml
+ 43
31
View file @ bbcdd541
......@@ -147,8 +147,6 @@ tests:
ozgcloud:
antragraum:
enabled: true
namespace: antragraum-proxy
antragsraumProxyNamespace: antragraum-proxy
asserts:
- contains:
path: spec.ingress
......@@ -156,7 +154,27 @@ tests:
from:
- namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: antragraum-proxy
kubernetes.io/metadata.name: antragsraum-proxy
podSelector:
matchLabels:
component: antragsraum-proxy
- it: should set ingress rule for antragraum-proxy if antragraum is enabled
set:
networkPolicy:
dnsServerNamespace: test-dns-namespace
ozgcloud:
antragraum:
enabled: true
antragsraumProxyNamespace: antragsraum-proxy
asserts:
- contains:
path: spec.ingress
content:
from:
- namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: antragsraum-proxy
podSelector:
matchLabels:
component: antragsraum-proxy
......@@ -176,7 +194,7 @@ tests:
from:
- namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: antragraum02
kubernetes.io/metadata.name: antragraum
podSelector:
matchLabels:
component: antragraum-server
......@@ -188,7 +206,6 @@ tests:
ozgcloud:
antragraum:
enabled: false
antragsraumProxyNamespace: antragraum-proxy
asserts:
- notContains:
path: spec.ingress
......@@ -202,29 +219,6 @@ tests:
component: antragraum-proxy
any: true
- it: should throw error if antragraum is enabled but antragraum namespace is not set
set:
networkPolicy:
dnsServerNamespace: test-dns-namespace
ozgcloud:
antragraum:
enabled: true
antragsraumProxyNamespace: antragraum-proxy
asserts:
- failedTemplate:
errorMessage: ozgcloud.antragraum.namespace must be set if antragraum is enabled
- it: should throw error if antragraum is enabled but antragsraumProxyNamespace is not set
set:
networkPolicy:
dnsServerNamespace: test-dns-namespace
ozgcloud:
antragraum:
enabled: true
namespace: antragraum2
asserts:
- failedTemplate:
errorMessage: ozgcloud.antragraum.antragsraumProxyNamespace must be set if antragraum is enabled
- it: should add default ingress rule for zentraler-eingang
set:
networkPolicy:
......@@ -388,8 +382,6 @@ tests:
ozgcloud:
antragraum:
enabled: true
namespace: antragraum02
antragsraumProxyNamespace: antragraum-proxy
asserts:
- contains:
path: spec.egress
......@@ -397,7 +389,27 @@ tests:
to:
- namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: antragraum02
kubernetes.io/metadata.name: antragraum
podSelector:
matchLabels:
component: info-manager
- it: should set egress rule to info-manager if antragraum is enabled
set:
networkPolicy:
dnsServerNamespace: test-dns-namespace
ozgcloud:
antragraum:
enabled: true
namespace: antragraum2
asserts:
- contains:
path: spec.egress
content:
to:
- namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: antragraum2
podSelector:
matchLabels:
component: info-manager
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment

Impressum - Datenschutz - Barrierefreiheit