Merge pull request #17 from gitops-bridge-dev/teams-netpols

[feat] unique network policy names
gitops-bridge-dev · Jul 28, 2024 · 1758b08 · 1758b08
2 parents 40daf29 + 27fa5f1
commit 1758b08
Show file tree

Hide file tree

Showing 7 changed files with 12 additions and 28 deletions.
diff --git a/charts/teams/Chart.yaml b/charts/teams/Chart.yaml
@@ -1,6 +1,6 @@
 apiVersion: v2
 name: team
 description: A Helm Chart to bootstrap a Namespace in a Multi-Tenancy setup
-version: 1.0.0
+version: 2.0.0
 type: application
 
diff --git a/charts/teams/templates/_helpers.tpl b/charts/teams/templates/_helpers.tpl
@@ -56,25 +56,3 @@ helm.sh/chart: {{ include "team.chart" . }}
 {{- end }}
 {{- end }}
 
-
-{{/*
-Create the name of the NetworkPolicy to deny all outgoing traffic
-*/}}
-{{- define "team.networkPolicy.egress.deny.all.name" }}
-{{- printf "%s-%s" ((include "team.fullname" .) | trunc 47 | trimSuffix "-") "egress-deny-all" }}
-{{- end }}
-
-{{/*
-Create the name of the NetworkPolicy to allow outgoing traffic to the Kubernetes DNS
-*/}}
-{{- define "team.networkPolicy.egress.allow.dns.name" }}
-{{- printf "%s-%s" ((include "team.fullname" .) | trunc 47 | trimSuffix "-") "egress-allow-dns" }}
-{{- end }}
-
-{{/*
-Create the name of the NetworkPolicy to deny all incoming traffic
-*/}}
-{{- define "team.networkPolicy.ingress.deny.all.name" }}
-{{- printf "%s-%s" ((include "team.fullname" .) | trunc 46 | trimSuffix "-") "ingress-deny-all" }}
-{{- end }}
-
diff --git a/charts/teams/templates/networkpolicy/egress/allow-dns.yaml b/charts/teams/templates/networkpolicy/egress/allow-dns.yaml
@@ -18,7 +18,7 @@ metadata:
     {{- toYaml . | nindent 4 }}
     {{- end }}
     {{- end }}
-  name: {{ include "team.networkPolicy.egress.allow.dns.name" $ | quote }}
+  name: {{ $.Values.networkPolicies.egress.allow.dns.name }}
   namespace: {{ $name }}
 spec:
   {{- if $.Values.networkPolicies.egress.allow.dns.podSelector }}

diff --git a/charts/teams/templates/networkpolicy/egress/deny-all.yaml b/charts/teams/templates/networkpolicy/egress/deny-all.yaml
@@ -1,4 +1,4 @@
-{{- if and (.Values.networkPolicies.enabled) (.Values.networkPolicies.egress.deny.all) }}
+{{- if and (.Values.networkPolicies.enabled) (.Values.networkPolicies.egress.deny.all.enabled) }}
 {{- range $name, $tenant := .Values.namespaces }}
 ---
 apiVersion: networking.k8s.io/v1
@@ -18,7 +18,7 @@ metadata:
     {{- toYaml . | nindent 4 }}
     {{- end }}
     {{- end }}
-  name: {{ include "team.networkPolicy.egress.deny.all.name" $ | quote }}
+  name: {{ $.Values.networkPolicies.egress.deny.all.name }}
   namespace: {{ $name }}
 spec:
   {{- if $.Values.networkPolicies.egress.deny.all.podSelector }}

diff --git a/charts/teams/templates/networkpolicy/ingress/deny-all.yaml b/charts/teams/templates/networkpolicy/ingress/deny-all.yaml
@@ -1,4 +1,4 @@
-{{- if and (.Values.networkPolicies.enabled) (.Values.networkPolicies.ingress.deny.all) }}
+{{- if and (.Values.networkPolicies.enabled) (.Values.networkPolicies.ingress.deny.all.enabled) }}
 {{- range $name, $tenant := .Values.namespaces }}
 ---
 apiVersion: networking.k8s.io/v1
@@ -18,7 +18,7 @@ metadata:
     {{- toYaml . | nindent 4 }}
     {{- end }}
     {{- end }}
-  name: {{ include "team.networkPolicy.ingress.deny.all.name" $ | quote }}
+  name: {{ $.Values.networkPolicies.ingress.deny.all.name }}
   namespace: {{ $name }}
 spec:
   {{- if $.Values.networkPolicies.ingress.deny.all.podSelector }}

diff --git a/charts/teams/values-test.yaml b/charts/teams/values-test.yaml
@@ -12,12 +12,14 @@ networkPolicies:
   egress:
     deny:
       all:
+        name: egress-deny-all
         # -- create a NetworkPolicy that denies all outgoing traffic
         enabled: true
         # -- define a PodSelector that should be used. Uses all Pods by default
         podSelector: {}
     allow:
       dns:
+        name: egress-allow-dns
         # -- create a NetworkPolicy that allows outgoing traffic to the Kubernetes DNS
         enabled: true
         # -- The namespace where the Kubneretes DNS is running
@@ -30,6 +32,7 @@ networkPolicies:
   ingress:
     deny:
       all:
+        name: ingress-deny-all
         # -- create a NetworkPolicy that denies all incoming traffic
         enabled: true
         # -- define a PodSelector that should be used. Uses all Pods by default

diff --git a/charts/teams/values.yaml b/charts/teams/values.yaml
@@ -8,12 +8,14 @@ networkPolicies:
   egress:
     deny:
       all:
+        name: egress-deny-all
         # -- create a NetworkPolicy that denies all outgoing traffic
         enabled: true
         # -- define a PodSelector that should be used. Uses all Pods by default
         podSelector: {}
     allow:
       dns:
+        name: egress-allow-dns
         # -- create a NetworkPolicy that allows outgoing traffic to the Kubernetes DNS
         enabled: true
         # -- The namespace where the Kubneretes DNS is running
@@ -26,6 +28,7 @@ networkPolicies:
   ingress:
     deny:
       all:
+        name: ingress-deny-all
         # -- create a NetworkPolicy that denies all incoming traffic
         enabled: true
         # -- define a PodSelector that should be used. Uses all Pods by default