From bfc2300c3d0cd35aa16324b35d865b7a0a6f4bbb Mon Sep 17 00:00:00 2001
From: Jmnote <opcore@gmail.com>
Date: Thu, 30 Nov 2023 06:39:51 +0900
Subject: [PATCH] [charts] add
 controller.admissionWebhooks.networkPolicyEnabled (#10650)

* add controller.admissionWebhooks.networkPolicyEnabled

Signed-off-by: Jmnote <opcore@gmail.com>

* .Values.controller.admissionWebhooks.patch.networkPolicy.enabled

---------

Signed-off-by: Jmnote <opcore@gmail.com>
---
 charts/ingress-nginx/README.md                                | 1 +
 .../templates/admission-webhooks/job-patch/networkpolicy.yaml | 2 +-
 charts/ingress-nginx/values.yaml                              | 4 ++++
 3 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/charts/ingress-nginx/README.md b/charts/ingress-nginx/README.md
index 4a0cb94a2..e2777fbe2 100644
--- a/charts/ingress-nginx/README.md
+++ b/charts/ingress-nginx/README.md
@@ -259,6 +259,7 @@ As of version `1.26.0` of this chart, by simply not providing any clusterIP valu
 | controller.admissionWebhooks.patch.image.registry | string | `"registry.k8s.io"` |  |
 | controller.admissionWebhooks.patch.image.tag | string | `"v20231011-8b53cabe0"` |  |
 | controller.admissionWebhooks.patch.labels | object | `{}` | Labels to be added to patch job resources |
+| controller.admissionWebhooks.patch.networkPolicy.enabled | bool | `false` | Enable 'networkPolicy' or not |
 | controller.admissionWebhooks.patch.nodeSelector."kubernetes.io/os" | string | `"linux"` |  |
 | controller.admissionWebhooks.patch.podAnnotations | object | `{}` |  |
 | controller.admissionWebhooks.patch.priorityClassName | string | `""` | Provide a priority class name to the webhook patching job # |
diff --git a/charts/ingress-nginx/templates/admission-webhooks/job-patch/networkpolicy.yaml b/charts/ingress-nginx/templates/admission-webhooks/job-patch/networkpolicy.yaml
index 142e56aeb..a8f38df96 100644
--- a/charts/ingress-nginx/templates/admission-webhooks/job-patch/networkpolicy.yaml
+++ b/charts/ingress-nginx/templates/admission-webhooks/job-patch/networkpolicy.yaml
@@ -1,4 +1,4 @@
-{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled (not .Values.controller.admissionWebhooks.certManager.enabled) -}}
+{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled .Values.controller.admissionWebhooks.patch.networkPolicy.enabled (not .Values.controller.admissionWebhooks.certManager.enabled) -}}
 apiVersion: networking.k8s.io/v1
 kind: NetworkPolicy
 metadata:
diff --git a/charts/ingress-nginx/values.yaml b/charts/ingress-nginx/values.yaml
index cb50b9d07..0842a70bf 100644
--- a/charts/ingress-nginx/values.yaml
+++ b/charts/ingress-nginx/values.yaml
@@ -708,6 +708,10 @@ controller:
       ##
       priorityClassName: ""
       podAnnotations: {}
+      # NetworkPolicy for webhook patch
+      networkPolicy:
+        # -- Enable 'networkPolicy' or not
+        enabled: false
       nodeSelector:
         kubernetes.io/os: linux
       tolerations: []