From f8e6aab4eec89a5c1c7afe2023a6660103740b20 Mon Sep 17 00:00:00 2001 From: Volodymyr Stoiko Date: Wed, 16 Dec 2020 19:30:24 +0200 Subject: [PATCH] Allow configurable egress for server network policy (#389) * Allow configurable egress * Add test for networkpolicy egress in server * Allow egress configuration * Fix test * Fix networkPolicy test * Fix test --- templates/server-network-policy.yaml | 4 ++++ test/unit/server-network-policy.bats | 13 +++++++++++++ values.yaml | 8 ++++++++ 3 files changed, 25 insertions(+) diff --git a/templates/server-network-policy.yaml b/templates/server-network-policy.yaml index 1061a5b..5f4c21a 100644 --- a/templates/server-network-policy.yaml +++ b/templates/server-network-policy.yaml @@ -19,4 +19,8 @@ spec: protocol: TCP - port: 8201 protocol: TCP + {{- if .Values.server.networkPolicy.egress }} + egress: + {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }} + {{ end }} {{ end }} diff --git a/test/unit/server-network-policy.bats b/test/unit/server-network-policy.bats index 07ca2b6..1364321 100755 --- a/test/unit/server-network-policy.bats +++ b/test/unit/server-network-policy.bats @@ -20,3 +20,16 @@ load _helpers yq 'length > 0' | tee /dev/stderr) [ "${actual}" = "true" ] } + +@test "server/network-policy: egress enabled by server.networkPolicy.egress" { + cd `chart_dir` + local actual=$(helm template \ + --set 'server.networkPolicy.enabled=true' \ + --set 'server.networkPolicy.egress[0].to[0].ipBlock.cidr=10.0.0.0/24' \ + --set 'server.networkPolicy.egress[0].ports[0].protocol=TCP' \ + --set 'server.networkPolicy.egress[0].ports[0].port=443' \ + --show-only templates/server-network-policy.yaml \ + . | tee /dev/stderr | + yq -r '.spec.egress[0].to[0].ipBlock.cidr' | tee /dev/stderr) + [ "${actual}" = "10.0.0.0/24" ] +} diff --git a/values.yaml b/values.yaml index f95b995..10b89b2 100644 --- a/values.yaml +++ b/values.yaml @@ -342,6 +342,14 @@ server: # Enables network policy for server pods networkPolicy: enabled: false + egress: [] + # egress: + # - to: + # - ipBlock: + # cidr: 10.0.0.0/24 + # ports: + # - protocol: TCP + # port: 443 # Priority class for server pods priorityClassName: ""