From 66ea34c702583e3af2508867d9c1a06a3c6ba12f Mon Sep 17 00:00:00 2001 From: Volodymyr Stoiko Date: Wed, 16 Sep 2020 09:40:56 +0300 Subject: [PATCH] Allow explicit network policy enablement (#381) * Disable default network policy * Make network policy configurable by explicit flag only --- templates/server-network-policy.yaml | 2 +- test/unit/server-network-policy.bats | 8 ++++---- values.yaml | 4 ++++ 3 files changed, 9 insertions(+), 5 deletions(-) diff --git a/templates/server-network-policy.yaml b/templates/server-network-policy.yaml index 0879d5b..1061a5b 100644 --- a/templates/server-network-policy.yaml +++ b/templates/server-network-policy.yaml @@ -1,4 +1,4 @@ -{{- if .Values.global.openshift }} +{{- if eq (.Values.server.networkPolicy.enabled | toString) "true" }} apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: diff --git a/test/unit/server-network-policy.bats b/test/unit/server-network-policy.bats index 0df89fc..07ca2b6 100755 --- a/test/unit/server-network-policy.bats +++ b/test/unit/server-network-policy.bats @@ -2,7 +2,7 @@ load _helpers -@test "server/network-policy: OpenShift - disabled by default" { +@test "server/network-policy: disabled by default" { cd `chart_dir` local actual=$( (helm template \ --show-only templates/server-network-policy.yaml \ @@ -11,12 +11,12 @@ load _helpers [ "${actual}" = "false" ] } -@test "server/network-policy: OpenShift - enabled if OpenShift" { +@test "server/network-policy: enabled by server.networkPolicy.enabled" { cd `chart_dir` local actual=$( (helm template \ - --set 'global.openshift=true' \ + --set 'server.networkPolicy.enabled=true' \ --show-only templates/server-network-policy.yaml \ . || echo "---") | tee /dev/stderr | yq 'length > 0' | tee /dev/stderr) [ "${actual}" = "true" ] -} \ No newline at end of file +} diff --git a/values.yaml b/values.yaml index a53ef21..a957052 100644 --- a/values.yaml +++ b/values.yaml @@ -318,6 +318,10 @@ server: # beta.kubernetes.io/arch: amd64 nodeSelector: null + # Enables network policy for server pods + networkPolicy: + enabled: false + # Priority class for server pods priorityClassName: ""