From 1791b62e453846696dc28d65ce082998c6cd09d2 Mon Sep 17 00:00:00 2001
From: Mangirdas Judeikis <mangirdas@judeikis.lt>
Date: Tue, 23 Aug 2022 02:08:09 +0300
Subject: [PATCH] Add NetworkPolicy support (#8928)

* Add NetworkPolicy support

* add doc for np
---
 charts/ingress-nginx/README.md                |  1 +
 .../controller-wehbooks-networkpolicy.yaml    | 19 +++++++++++++++++++
 charts/ingress-nginx/values.yaml              |  1 +
 3 files changed, 21 insertions(+)
 create mode 100644 charts/ingress-nginx/templates/controller-wehbooks-networkpolicy.yaml

diff --git a/charts/ingress-nginx/README.md b/charts/ingress-nginx/README.md
index 212b4f324..d18b3d571 100644
--- a/charts/ingress-nginx/README.md
+++ b/charts/ingress-nginx/README.md
@@ -249,6 +249,7 @@ Kubernetes: `>=1.20.0-0`
 | controller.admissionWebhooks.key | string | `"/usr/local/certificates/key"` |  |
 | controller.admissionWebhooks.labels | object | `{}` | Labels to be added to admission webhooks |
 | controller.admissionWebhooks.namespaceSelector | object | `{}` |  |
+| controller.admissionWebhooks.networkPolicyEnabled | bool | `false` |  |
 | controller.admissionWebhooks.objectSelector | object | `{}` |  |
 | controller.admissionWebhooks.patch.enabled | bool | `true` |  |
 | controller.admissionWebhooks.patch.fsGroup | int | `2000` |  |
diff --git a/charts/ingress-nginx/templates/controller-wehbooks-networkpolicy.yaml b/charts/ingress-nginx/templates/controller-wehbooks-networkpolicy.yaml
new file mode 100644
index 000000000..f74c2fbf3
--- /dev/null
+++ b/charts/ingress-nginx/templates/controller-wehbooks-networkpolicy.yaml
@@ -0,0 +1,19 @@
+{{- if .Values.controller.admissionWebhooks.enabled }}
+{{- if .Values.controller.admissionWebhooks.networkPolicyEnabled }}
+
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ include "ingress-nginx.fullname" . }}-webhooks-allow
+  namespace: {{ .Release.Namespace }}
+spec:
+  ingress:
+  - {}
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "ingress-nginx.name" . }}
+  policyTypes:
+    - Ingress
+
+{{- end }}
+{{- end }}
diff --git a/charts/ingress-nginx/values.yaml b/charts/ingress-nginx/values.yaml
index fed3a5b05..76e3355fe 100644
--- a/charts/ingress-nginx/values.yaml
+++ b/charts/ingress-nginx/values.yaml
@@ -615,6 +615,7 @@ controller:
 
     # -- Use an existing PSP instead of creating one
     existingPsp: ""
+    networkPolicyEnabled: false
 
     service:
       annotations: {}