From 27fa5f1fec42f80b0121b7b40c21ceb8ea157661 Mon Sep 17 00:00:00 2001 From: Carlos Santana Date: Sun, 28 Jul 2024 14:10:29 -0400 Subject: [PATCH] fix unique network policy names Signed-off-by: Carlos Santana --- charts/teams/Chart.yaml | 2 +- charts/teams/templates/_helpers.tpl | 22 ------------------- .../networkpolicy/egress/allow-dns.yaml | 2 +- .../networkpolicy/egress/deny-all.yaml | 4 ++-- .../networkpolicy/ingress/deny-all.yaml | 4 ++-- charts/teams/values-test.yaml | 3 +++ charts/teams/values.yaml | 3 +++ 7 files changed, 12 insertions(+), 28 deletions(-) diff --git a/charts/teams/Chart.yaml b/charts/teams/Chart.yaml index dcdb6d7..1ee9d54 100644 --- a/charts/teams/Chart.yaml +++ b/charts/teams/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: team description: A Helm Chart to bootstrap a Namespace in a Multi-Tenancy setup -version: 1.0.0 +version: 2.0.0 type: application diff --git a/charts/teams/templates/_helpers.tpl b/charts/teams/templates/_helpers.tpl index 2dc2271..91e8308 100644 --- a/charts/teams/templates/_helpers.tpl +++ b/charts/teams/templates/_helpers.tpl @@ -56,25 +56,3 @@ helm.sh/chart: {{ include "team.chart" . }} {{- end }} {{- end }} - -{{/* -Create the name of the NetworkPolicy to deny all outgoing traffic -*/}} -{{- define "team.networkPolicy.egress.deny.all.name" }} -{{- printf "%s-%s" ((include "team.fullname" .) | trunc 47 | trimSuffix "-") "egress-deny-all" }} -{{- end }} - -{{/* -Create the name of the NetworkPolicy to allow outgoing traffic to the Kubernetes DNS -*/}} -{{- define "team.networkPolicy.egress.allow.dns.name" }} -{{- printf "%s-%s" ((include "team.fullname" .) | trunc 47 | trimSuffix "-") "egress-allow-dns" }} -{{- end }} - -{{/* -Create the name of the NetworkPolicy to deny all incoming traffic -*/}} -{{- define "team.networkPolicy.ingress.deny.all.name" }} -{{- printf "%s-%s" ((include "team.fullname" .) | trunc 46 | trimSuffix "-") "ingress-deny-all" }} -{{- end }} - diff --git a/charts/teams/templates/networkpolicy/egress/allow-dns.yaml b/charts/teams/templates/networkpolicy/egress/allow-dns.yaml index ddddbed..9656110 100644 --- a/charts/teams/templates/networkpolicy/egress/allow-dns.yaml +++ b/charts/teams/templates/networkpolicy/egress/allow-dns.yaml @@ -18,7 +18,7 @@ metadata: {{- toYaml . | nindent 4 }} {{- end }} {{- end }} - name: {{ include "team.networkPolicy.egress.allow.dns.name" $ | quote }} + name: {{ $.Values.networkPolicies.egress.allow.dns.name }} namespace: {{ $name }} spec: {{- if $.Values.networkPolicies.egress.allow.dns.podSelector }} diff --git a/charts/teams/templates/networkpolicy/egress/deny-all.yaml b/charts/teams/templates/networkpolicy/egress/deny-all.yaml index 78e983b..676137d 100644 --- a/charts/teams/templates/networkpolicy/egress/deny-all.yaml +++ b/charts/teams/templates/networkpolicy/egress/deny-all.yaml @@ -1,4 +1,4 @@ -{{- if and (.Values.networkPolicies.enabled) (.Values.networkPolicies.egress.deny.all) }} +{{- if and (.Values.networkPolicies.enabled) (.Values.networkPolicies.egress.deny.all.enabled) }} {{- range $name, $tenant := .Values.namespaces }} --- apiVersion: networking.k8s.io/v1 @@ -18,7 +18,7 @@ metadata: {{- toYaml . | nindent 4 }} {{- end }} {{- end }} - name: {{ include "team.networkPolicy.egress.deny.all.name" $ | quote }} + name: {{ $.Values.networkPolicies.egress.deny.all.name }} namespace: {{ $name }} spec: {{- if $.Values.networkPolicies.egress.deny.all.podSelector }} diff --git a/charts/teams/templates/networkpolicy/ingress/deny-all.yaml b/charts/teams/templates/networkpolicy/ingress/deny-all.yaml index d647626..0df1416 100644 --- a/charts/teams/templates/networkpolicy/ingress/deny-all.yaml +++ b/charts/teams/templates/networkpolicy/ingress/deny-all.yaml @@ -1,4 +1,4 @@ -{{- if and (.Values.networkPolicies.enabled) (.Values.networkPolicies.ingress.deny.all) }} +{{- if and (.Values.networkPolicies.enabled) (.Values.networkPolicies.ingress.deny.all.enabled) }} {{- range $name, $tenant := .Values.namespaces }} --- apiVersion: networking.k8s.io/v1 @@ -18,7 +18,7 @@ metadata: {{- toYaml . | nindent 4 }} {{- end }} {{- end }} - name: {{ include "team.networkPolicy.ingress.deny.all.name" $ | quote }} + name: {{ $.Values.networkPolicies.ingress.deny.all.name }} namespace: {{ $name }} spec: {{- if $.Values.networkPolicies.ingress.deny.all.podSelector }} diff --git a/charts/teams/values-test.yaml b/charts/teams/values-test.yaml index 1fe59bb..542551c 100644 --- a/charts/teams/values-test.yaml +++ b/charts/teams/values-test.yaml @@ -12,12 +12,14 @@ networkPolicies: egress: deny: all: + name: egress-deny-all # -- create a NetworkPolicy that denies all outgoing traffic enabled: true # -- define a PodSelector that should be used. Uses all Pods by default podSelector: {} allow: dns: + name: egress-allow-dns # -- create a NetworkPolicy that allows outgoing traffic to the Kubernetes DNS enabled: true # -- The namespace where the Kubneretes DNS is running @@ -30,6 +32,7 @@ networkPolicies: ingress: deny: all: + name: ingress-deny-all # -- create a NetworkPolicy that denies all incoming traffic enabled: true # -- define a PodSelector that should be used. Uses all Pods by default diff --git a/charts/teams/values.yaml b/charts/teams/values.yaml index 38c67fd..aa64e5b 100644 --- a/charts/teams/values.yaml +++ b/charts/teams/values.yaml @@ -8,12 +8,14 @@ networkPolicies: egress: deny: all: + name: egress-deny-all # -- create a NetworkPolicy that denies all outgoing traffic enabled: true # -- define a PodSelector that should be used. Uses all Pods by default podSelector: {} allow: dns: + name: egress-allow-dns # -- create a NetworkPolicy that allows outgoing traffic to the Kubernetes DNS enabled: true # -- The namespace where the Kubneretes DNS is running @@ -26,6 +28,7 @@ networkPolicies: ingress: deny: all: + name: ingress-deny-all # -- create a NetworkPolicy that denies all incoming traffic enabled: true # -- define a PodSelector that should be used. Uses all Pods by default