diff --git a/src/main/helm/zufi-server/templates/network_policy.yaml b/src/main/helm/zufi-server/templates/network_policy.yaml index 0ffb38ed8a598abf42c696463d7a721705514dd3..4e3584ed3537141ad45315c0b27bc6a9d345dc02 100644 --- a/src/main/helm/zufi-server/templates/network_policy.yaml +++ b/src/main/helm/zufi-server/templates/network_policy.yaml @@ -59,7 +59,13 @@ spec: podSelector: matchLabels: component: fachstellen-proxy - + - from: + - namespaceSelector: + matchLabels: + name: {{ (.Values.networkPolicy).monitoringNamespace | default "openshift-user-workload-monitoring" }} + ports: + - protocol: TCP + port: 8081 {{- with (.Values.networkPolicy).additionalIngressConfigLocal }} {{ toYaml . | indent 2 }} {{- end }} diff --git a/src/test/helm/zufi-server/network_policy_test.yaml b/src/test/helm/zufi-server/network_policy_test.yaml index 3b13187eb8d60d7a4864db1212928f03ce3fbd31..6a588b2548567836a3ebe0f556f0050f61fc4a45 100644 --- a/src/test/helm/zufi-server/network_policy_test.yaml +++ b/src/test/helm/zufi-server/network_policy_test.yaml @@ -112,15 +112,37 @@ tests: component: fachstellen-proxy ports: - port: 9090 + - from: + - namespaceSelector: + matchLabels: + name: openshift-user-workload-monitoring + ports: + - protocol: TCP + port: 8081 podSelector: matchLabels: component: zufi-server policyTypes: - Ingress - Egress - - + - it: should set monitoring namespace + set: + networkPolicy: + dnsServerNamespace: test-ns + fachstellenProxyNamespace: fachstellen-proxy + monitoringNamespace: test-monitoring + asserts: + - contains: + path: spec.ingress + content: + from: + - namespaceSelector: + matchLabels: + name: test-monitoring + ports: + - protocol: TCP + port: 8081 - it: add ingress rule by values local set: