Skip to content

Commit

Permalink
Merge pull request #357 from vshn/netpol-cleanup
Browse files Browse the repository at this point in the history 
Clean up NetworkPolicies
  • Loading branch information
@zugao
zugao authored May 7, 2024
2 parents 12cac38 + be94923 commit e834651
Show file tree
Hide file tree
Showing 5 changed files with 1 addition and 199 deletions.
54 changes: 1 addition & 53 deletions component/component/vshn_postgres.jsonnet
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,56 +36,6 @@ local stackgresOperatorNs = kube.Namespace(params.stackgres.namespace) {
},
};


local networkPolicy = {
name: 'network-policy',
base: comp.KubeObject('networking.k8s.io/v1', 'NetworkPolicy') +
{
spec+: {
forProvider+: {
manifest+: {
metadata: {},
spec: {
policyTypes: [
'Ingress',
],
podSelector: {},
ingress: [
{
from: [
{
namespaceSelector: {
matchLabels: {
'kubernetes.io/metadata.name': '',
},
},
},
{
namespaceSelector: {
matchLabels: {
'kubernetes.io/metadata.name': params.slos.namespace,
},
},
},
],
},
],
},
},
},
},
},
patches: [
comp.ToCompositeFieldPath('status.conditions', 'status.networkPolicyConditions'),
comp.FromCompositeFieldPathWithTransformSuffix('metadata.name', 'metadata.name', 'network-policy'),
comp.FromCompositeFieldPathWithTransformPrefix('metadata.name', 'spec.forProvider.manifest.metadata.namespace', 'vshn-postgresql'),
comp.FromCompositeFieldPathWithTransformPrefix('metadata.name', 'spec.forProvider.manifest.metadata.name', 'allow-from-claim-namespace'),

comp.FromCompositeFieldPath('metadata.labels[crossplane.io/claim-namespace]', 'spec.forProvider.manifest.spec.ingress[0].from[0].namespaceSelector.matchLabels[kubernetes.io/metadata.name]'),
],
};


local stackgresNetworkPolicy = kube.NetworkPolicy('allow-stackgres-api') + {
metadata+: {
namespace: params.stackgres.namespace,
Expand Down Expand Up @@ -885,9 +835,7 @@ local composition(restore=false) =
xobjectBucket,
sgObjectStorage,
podMonitor,
] + if pgParams.enableNetworkPolicy == true then [
networkPolicy,
] else [],
],
},
},
{
Expand Down
21 changes: 0 additions & 21 deletions component/component/vshn_redis.jsonnet
View file
Original file line number Diff line number Diff line change
Expand Up @@ -303,26 +303,6 @@ local composition =
repository: 'bitnami/redis',
},
commonConfiguration: '',
networkPolicy: {
enabled: redisParams.enableNetworkPolicy,
allowExternal: false,
ingressNSMatchLabels: {
'kubernetes.io/metadata.name': '',
},
extraIngress: [
{
from: [
{
namespaceSelector: {
matchLabels: {
'kubernetes.io/metadata.name': params.slos.namespace,
},
},
},
],
},
],
},
master: {
persistence: {
size: '',
Expand Down Expand Up @@ -450,7 +430,6 @@ local composition =
comp.FromCompositeFieldPathWithTransformPrefix('metadata.name', 'spec.forProvider.namespace', 'vshn-redis'),
comp.FromCompositeFieldPathWithTransformPrefix('metadata.name', 'spec.forProvider.manifest.metadata.namespace', 'vshn-redis'),
comp.FromCompositeFieldPath('metadata.name', 'spec.forProvider.manifest.metadata.name'),
comp.FromCompositeFieldPath('metadata.labels[crossplane.io/claim-namespace]', 'spec.forProvider.values.networkPolicy.ingressNSMatchLabels[kubernetes.io/metadata.name]'),

comp.FromCompositeFieldPathWithTransformMap('spec.parameters.size.plan', 'spec.forProvider.values.master.resources.requests.memory', std.mapWithKey(function(key, x) x.size.memory, redisPlans)),
comp.FromCompositeFieldPathWithTransformMap('spec.parameters.size.plan', 'spec.forProvider.values.master.resources.limits.memory', std.mapWithKey(function(key, x) x.size.memory, redisPlans)),
Expand Down
56 changes: 0 additions & 56 deletions component/tests/golden/vshn/appcat/appcat/21_composition_vshn_postgres.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -638,62 +638,6 @@ spec:
type: Format
type: string
type: FromCompositeFieldPath
- base:
apiVersion: kubernetes.crossplane.io/v1alpha1
kind: Object
metadata: {}
spec:
forProvider:
manifest:
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata: {}
spec:
ingress:
- from:
- namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: ''
- namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: appcat-slos
podSelector: {}
policyTypes:
- Ingress
providerConfigRef:
name: kubernetes
name: network-policy
patches:
- fromFieldPath: status.conditions
toFieldPath: status.networkPolicyConditions
type: ToCompositeFieldPath
- fromFieldPath: metadata.name
toFieldPath: metadata.name
transforms:
- string:
fmt: '%s-network-policy'
type: Format
type: string
type: FromCompositeFieldPath
- fromFieldPath: metadata.name
toFieldPath: spec.forProvider.manifest.metadata.namespace
transforms:
- string:
fmt: vshn-postgresql-%s
type: Format
type: string
type: FromCompositeFieldPath
- fromFieldPath: metadata.name
toFieldPath: spec.forProvider.manifest.metadata.name
transforms:
- string:
fmt: allow-from-claim-namespace-%s
type: Format
type: string
type: FromCompositeFieldPath
- fromFieldPath: metadata.labels[crossplane.io/claim-namespace]
toFieldPath: spec.forProvider.manifest.spec.ingress[0].from[0].namespaceSelector.matchLabels[kubernetes.io/metadata.name]
type: FromCompositeFieldPath
step: patch-and-transform
- functionRef:
name: function-appcat
Expand Down
56 changes: 0 additions & 56 deletions component/tests/golden/vshn/appcat/appcat/21_composition_vshn_postgresrestore.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -740,62 +740,6 @@ spec:
type: Format
type: string
type: FromCompositeFieldPath
- base:
apiVersion: kubernetes.crossplane.io/v1alpha1
kind: Object
metadata: {}
spec:
forProvider:
manifest:
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata: {}
spec:
ingress:
- from:
- namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: ''
- namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: appcat-slos
podSelector: {}
policyTypes:
- Ingress
providerConfigRef:
name: kubernetes
name: network-policy
patches:
- fromFieldPath: status.conditions
toFieldPath: status.networkPolicyConditions
type: ToCompositeFieldPath
- fromFieldPath: metadata.name
toFieldPath: metadata.name
transforms:
- string:
fmt: '%s-network-policy'
type: Format
type: string
type: FromCompositeFieldPath
- fromFieldPath: metadata.name
toFieldPath: spec.forProvider.manifest.metadata.namespace
transforms:
- string:
fmt: vshn-postgresql-%s
type: Format
type: string
type: FromCompositeFieldPath
- fromFieldPath: metadata.name
toFieldPath: spec.forProvider.manifest.metadata.name
transforms:
- string:
fmt: allow-from-claim-namespace-%s
type: Format
type: string
type: FromCompositeFieldPath
- fromFieldPath: metadata.labels[crossplane.io/claim-namespace]
toFieldPath: spec.forProvider.manifest.spec.ingress[0].from[0].namespaceSelector.matchLabels[kubernetes.io/metadata.name]
type: FromCompositeFieldPath
step: patch-and-transform
- functionRef:
name: function-appcat
Expand Down
13 changes: 0 additions & 13 deletions component/tests/golden/vshn/appcat/appcat/21_composition_vshn_redis.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -424,16 +424,6 @@ spec:
serviceMonitor:
enabled: true
namespace: ''
networkPolicy:
allowExternal: false
enabled: true
extraIngress:
- from:
- namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: appcat-slos
ingressNSMatchLabels:
kubernetes.io/metadata.name: ''
tls:
authClients: true
autoGenerated: false
Expand Down Expand Up @@ -468,9 +458,6 @@ spec:
- fromFieldPath: metadata.name
toFieldPath: spec.forProvider.manifest.metadata.name
type: FromCompositeFieldPath
- fromFieldPath: metadata.labels[crossplane.io/claim-namespace]
toFieldPath: spec.forProvider.values.networkPolicy.ingressNSMatchLabels[kubernetes.io/metadata.name]
type: FromCompositeFieldPath
- fromFieldPath: spec.parameters.size.plan
toFieldPath: spec.forProvider.values.master.resources.requests.memory
transforms:
Expand Down

0 comments on commit e834651

Please sign in to comment.