OZG-7573 add conditional egress for forwarding

f070bed0 · Felix Reichenbach · 9a611e0d · f070bed0 · f070bed0
Commit f070bed0 authored 3 weeks ago by Felix Reichenbach
--- a/src/main/helm/templates/network_policy.yaml
+++ b/src/main/helm/templates/network_policy.yaml
@@ -22,7 +22,7 @@
 # unter der Lizenz sind dem Lizenztext zu entnehmen.
 #

-{{- if not (.Values.networkPolicy).disabled }} 
+{{- if not (.Values.networkPolicy).disabled }}
 apiVersion: networking.k8s.io/v1
 kind: NetworkPolicy
 metadata:
@@ -39,10 +39,10 @@ spec:
  - ports:
    - port: 9090
    from:
-    - podSelector: 
+    - podSelector:
        matchLabels:
          component: alfa
-    - podSelector: 
+    - podSelector:
        matchLabels:
          ozg-component: eingangsadapter
    - podSelector:
@@ -50,7 +50,7 @@ spec:
          ozg-component: xta-adapter
 {{- if ((.Values.ozgcloud).aggregationManager).enabled }}
  - from:
-    - podSelector: 
+    - podSelector:
        matchLabels:
          component: aggregation-manager
    ports:
@@ -69,7 +69,7 @@ spec:
    - namespaceSelector:
        matchLabels:
          kubernetes.io/metadata.name: {{((.Values.ozgcloud).antragraum).antragraumProxyNamespace | default "antragraum-proxy"}}
-      podSelector: 
+      podSelector:
        matchLabels:
          component: antragraum-proxy
 {{- end }}
@@ -87,7 +87,7 @@ spec:
              - xta-adapter
    ports:
    - protocol: TCP
-      port: 9090 
+      port: 9090

 {{- with (.Values.networkPolicy).additionalIngressConfigLocal }}
 {{ toYaml . | indent 2 }}
@@ -114,7 +114,7 @@ spec:
      - port: 27017
        protocol: TCP
  - to:
-    - podSelector: 
+    - podSelector:
        matchLabels:
          component: user-manager
    ports:
@@ -122,7 +122,7 @@ spec:
        protocol: TCP
 {{- if ((.Values.ozgcloud).bayernid).enabled }}
  - to:
-    - podSelector: 
+    - podSelector:
        matchLabels:
          component: bayernid-proxy
      namespaceSelector:
@@ -130,14 +130,14 @@ spec:
          kubernetes.io/metadata.name: {{ required "ozgcloud.bayernid.proxy.namespace must be set if bayernid is enabled" (((.Values.ozgcloud).bayernid).proxy).namespace }}
    ports:
      - port: 9090
-        protocol: TCP 
+        protocol: TCP
 {{- end }}
 {{- if ((.Values.ozgcloud).antragraum).enabled }}
  - to:
      - namespaceSelector:
          matchLabels:
            kubernetes.io/metadata.name: {{((.Values.ozgcloud).infoManager).namespace | default "info-manager"}}
-        podSelector: 
+        podSelector:
          matchLabels:
            component: info-manager
 {{- end }}
@@ -146,13 +146,25 @@ spec:
    - namespaceSelector:
        matchLabels:
          kubernetes.io/metadata.name: {{ required "zufiManager.namespace must be set if zufiManager server is enabled" (.Values.zufiManager).namespace }}
-      podSelector: 
+      podSelector:
        matchLabels:
          component: zufi-server
    ports:
      - port: 9090
        protocol: TCP
 {{- end }}
+{{- if (.Values.forwarding).enabled }}
+  - to:
+    - namespaceSelector:
+        matchLabels:
+          kubernetes.io/metadata.name: {{ required "forwarding.namespace must be set if forwarding is enabled" (.Values.forwarding).namespace }}
+      podSelector:
+        matchLabels:
+          component: {{ required "forwarding.serviceName must be set if forwarding is enabled" (.Values.forwarding).serviceName }}
+    ports:
+      - port: 9090
+        protocol: TCP
+{{- end }}
 {{- if ((.Values.ozgcloud).muk).enabled }}
  - to:
    - podSelector:

--- a/src/test/helm/network_policy_test.yaml
+++ b/src/test/helm/network_policy_test.yaml