From d74bbbc0dfb56586d1cbf40e13e10b2d5b3e48ae Mon Sep 17 00:00:00 2001
From: Bastian <bastian.heppener@mgm-tp.com>
Date: Mon, 24 Feb 2025 15:28:09 +0100
Subject: [PATCH] ozg-7200 add elster-transfer network policy
---
src/main/helm/templates/network_policy.yaml | 12 +++
src/main/helm/values.yaml | 9 ++-
src/test/helm/network_policy_test.yaml | 84 ++++++++++++++++++++-
3 files changed, 103 insertions(+), 2 deletions(-)
diff --git a/src/main/helm/templates/network_policy.yaml b/src/main/helm/templates/network_policy.yaml
index b49c28235..a36370868 100644
--- a/src/main/helm/templates/network_policy.yaml
+++ b/src/main/helm/templates/network_policy.yaml
@@ -143,6 +143,18 @@ spec:
ports:
- port: 9090
protocol: TCP
+{{- end }}
+{{- if ((.Values.ozgcloud).muk).enabled }}
+ - to:
+ - podSelector:
+ matchLabels:
+ app.kubernetes.io/name: {{ (((.Values.ozgcloud).muk).elsterTransfer).name }}
+ namespaceSelector:
+ matchLabels:
+ kubernetes.io/metadata.name: {{ required "ozgcloud.muk.elsterTransfer.namespace must be set if muk is enabled" (((.Values.ozgcloud).muk).elsterTransfer).namespace }}
+ ports:
+ - protocol: TCP
+ port: 8081
{{- end }}
- to:
- namespaceSelector:
diff --git a/src/main/helm/values.yaml b/src/main/helm/values.yaml
index 832dfa01e..6c44bc57d 100644
--- a/src/main/helm/values.yaml
+++ b/src/main/helm/values.yaml
@@ -61,4 +61,11 @@ elasticsearch:
certificateSecretName: elasticsearch-certificate
networkPolicy:
- zentralerEingangNamespace: zentraler-eingang
\ No newline at end of file
+ zentralerEingangNamespace: zentraler-eingang
+
+ozgcloud:
+ muk:
+ enabled: false
+ elsterTransfer:
+ name: elster-transfer
+ namespace:
\ No newline at end of file
diff --git a/src/test/helm/network_policy_test.yaml b/src/test/helm/network_policy_test.yaml
index 618dba796..822d03a39 100644
--- a/src/test/helm/network_policy_test.yaml
+++ b/src/test/helm/network_policy_test.yaml
@@ -649,4 +649,86 @@ tests:
dnsServerNamespace: test-dns-server-namespace
asserts:
- hasDocuments:
- count: 1
\ No newline at end of file
+ count: 1
+
+ - it: should require elster transfer namespace if muk is enabled
+ set:
+ networkPolicy:
+ dnsServerNamespace: test-dns-namespace
+ ozgcloud:
+ muk:
+ enabled: true
+ asserts:
+ - failedTemplate:
+ errorMessage: ozgcloud.muk.elsterTransfer.namespace must be set if muk is enabled
+
+ - it: should add egress rule to elster transfer if muk is enabled
+ set:
+ networkPolicy:
+ dnsServerNamespace: test-dns-namespace
+ ozgcloud:
+ muk:
+ enabled: true
+ elsterTransfer:
+ namespace: elster-transfer
+ asserts:
+ - contains:
+ path: spec.egress
+ content:
+ to:
+ - podSelector:
+ matchLabels:
+ app.kubernetes.io/name: elster-transfer
+ namespaceSelector:
+ matchLabels:
+ kubernetes.io/metadata.name: elster-transfer
+ ports:
+ - port: 8081
+ protocol: TCP
+
+ - it: should set elster transfer name
+ set:
+ networkPolicy:
+ dnsServerNamespace: test-dns-namespace
+ ozgcloud:
+ muk:
+ enabled: true
+ elsterTransfer:
+ namespace: elster-transfer
+ name: elster-transfer-test
+ asserts:
+ - contains:
+ path: spec.egress
+ content:
+ to:
+ - podSelector:
+ matchLabels:
+ app.kubernetes.io/name: elster-transfer-test
+ namespaceSelector:
+ matchLabels:
+ kubernetes.io/metadata.name: elster-transfer
+ ports:
+ - port: 8081
+ protocol: TCP
+
+ - it: should not add egress rule for elster-transfer if muk is disabled
+ set:
+ networkPolicy:
+ dnsServerNamespace: test-dns-namespace
+ ozgcloud:
+ muk:
+ enabled: false
+ elsterTransfer:
+ namespace: elster-transfer
+ asserts:
+ - notContains:
+ path: spec.egress
+ content:
+ to:
+ - podSelector:
+ matchLabels:
+ app.kubernetes.io/name: elster-transfer
+ namespaceSelector:
+ matchLabels:
+ kubernetes.io/metadata.name: elster-transfer
+ any: true
\ No newline at end of file
--
GitLab