Allow configurable egress for server network policy (#389)

* Allow configurable egress

* Add test for networkpolicy egress in server

* Allow egress configuration

* Fix test

* Fix networkPolicy test

* Fix test

templates/server-network-policy.yaml

@@ -19,4 +19,8 @@ spec:
         protocol: TCP
       - port: 8201
         protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
 {{ end }}

test/unit/server-network-policy.bats

@@ -20,3 +20,16 @@ load _helpers
       yq 'length > 0' | tee /dev/stderr)
   [ "${actual}" = "true" ]
 }
+
+@test "server/network-policy: egress enabled by server.networkPolicy.egress" {
+  cd `chart_dir`
+  local actual=$(helm template \
+      --set 'server.networkPolicy.enabled=true' \
+      --set 'server.networkPolicy.egress[0].to[0].ipBlock.cidr=10.0.0.0/24' \
+      --set 'server.networkPolicy.egress[0].ports[0].protocol=TCP' \
+      --set 'server.networkPolicy.egress[0].ports[0].port=443' \
+      --show-only templates/server-network-policy.yaml  \
+      . | tee /dev/stderr |
+      yq -r '.spec.egress[0].to[0].ipBlock.cidr' | tee /dev/stderr)
+  [ "${actual}" = "10.0.0.0/24" ]
+}

values.yaml

@@ -342,6 +342,14 @@ server:
   # Enables network policy for server pods
   networkPolicy:
     enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
 
   # Priority class for server pods
   priorityClassName: ""