Skip to content
Snippets Groups Projects
Commit e033a787 authored by OZGCloud's avatar OZGCloud
Browse files

OZG-3880 add outgoing network policies to user-manager

parent baa904aa
No related branches found
No related tags found
No related merge requests found
Show whitespace changes
Inline Side-by-side
src/main/helm/templates/network_policy.yaml
+ 10
4
View file @ e033a787
...@@ -46,8 +46,7 @@ spec: ...@@ -46,8 +46,7 @@ spec:
matchLabels: matchLabels:
ozg-component: eingangsadapter ozg-component: eingangsadapter
{{- with (.Values.networkPolicy).additionalIngressConfig }} {{- with (.Values.networkPolicy).additionalIngressConfig }}
- from: {{ toYaml . | indent 2 }}
{{ toYaml . | indent 8 }}
{{- end }} {{- end }}
egress: egress:
- to: - to:
...@@ -67,6 +66,13 @@ spec: ...@@ -67,6 +66,13 @@ spec:
ports: ports:
- port: 27017 - port: 27017
protocol: TCP protocol: TCP
- to:
- podSelector:
matchLabels:
component: user-manager
ports:
- port: 9090
protocol: TCP
- to: - to:
- namespaceSelector: - namespaceSelector:
matchLabels: matchLabels:
......
src/test/helm/network_policy_test.yaml
+ 22
20
View file @ e033a787
...@@ -35,6 +35,7 @@ tests: ...@@ -35,6 +35,7 @@ tests:
asserts: asserts:
- isAPIVersion: - isAPIVersion:
of: networking.k8s.io/v1 of: networking.k8s.io/v1
- it: should match kind - it: should match kind
set: set:
networkPolicy: networkPolicy:
...@@ -42,6 +43,7 @@ tests: ...@@ -42,6 +43,7 @@ tests:
asserts: asserts:
- isKind: - isKind:
of: NetworkPolicy of: NetworkPolicy
- it: validate metadata - it: validate metadata
set: set:
networkPolicy: networkPolicy:
...@@ -52,6 +54,7 @@ tests: ...@@ -52,6 +54,7 @@ tests:
value: value:
name: network-policy-vorgang-manager name: network-policy-vorgang-manager
namespace: by-helm-test namespace: by-helm-test
- it: validate spec - it: validate spec
set: set:
networkPolicy: networkPolicy:
...@@ -76,7 +79,6 @@ tests: ...@@ -76,7 +79,6 @@ tests:
- podSelector: - podSelector:
matchLabels: matchLabels:
ozg-component: eingangsadapter ozg-component: eingangsadapter
egress: egress:
- to: - to:
- namespaceSelector: - namespaceSelector:
...@@ -95,6 +97,13 @@ tests: ...@@ -95,6 +97,13 @@ tests:
ports: ports:
- port: 27017 - port: 27017
protocol: TCP protocol: TCP
- to:
- podSelector:
matchLabels:
component: user-manager
ports:
- port: 9090
protocol: TCP
- to: - to:
- namespaceSelector: - namespaceSelector:
matchLabels: matchLabels:
...@@ -112,25 +121,18 @@ tests: ...@@ -112,25 +121,18 @@ tests:
- it: add ingress rule by values - it: add ingress rule by values
set: set:
networkPolicy: networkPolicy:
ssoPublicIp: 51.89.117.53/32
dnsServerNamespace: test-namespace-dns
additionalIngressConfig: additionalIngressConfig:
- from:
- podSelector: - podSelector:
matchLabels: matchLabels:
component: client2 component: client2
dnsServerNamespace: test-dns-namespace
asserts: asserts:
- equal: - contains:
path: spec.ingress path: spec.ingress
value: content:
- ports:
- port: 9090
from: from:
- podSelector:
matchLabels:
component: alfa
- podSelector:
matchLabels:
ozg-component: eingangsadapter
- from:
- podSelector: - podSelector:
matchLabels: matchLabels:
component: client2 component: client2
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment

Impressum - Datenschutz - Barrierefreiheit