From be949237c3581928dcfbe24b472ab1d1553e387a Mon Sep 17 00:00:00 2001 From: Gabriel Saratura Date: Thu, 2 May 2024 10:16:16 +0200 Subject: [PATCH] Clean up network policies in P&T --- component/component/vshn_postgres.jsonnet | 54 +----------------- component/component/vshn_redis.jsonnet | 21 ------- .../appcat/21_composition_vshn_postgres.yaml | 56 ------------------- .../21_composition_vshn_postgresrestore.yaml | 56 ------------------- .../appcat/21_composition_vshn_redis.yaml | 13 ----- 5 files changed, 1 insertion(+), 199 deletions(-) diff --git a/component/component/vshn_postgres.jsonnet b/component/component/vshn_postgres.jsonnet index 5a8044794..d690d3ba3 100644 --- a/component/component/vshn_postgres.jsonnet +++ b/component/component/vshn_postgres.jsonnet @@ -36,56 +36,6 @@ local stackgresOperatorNs = kube.Namespace(params.stackgres.namespace) { }, }; - -local networkPolicy = { - name: 'network-policy', - base: comp.KubeObject('networking.k8s.io/v1', 'NetworkPolicy') + - { - spec+: { - forProvider+: { - manifest+: { - metadata: {}, - spec: { - policyTypes: [ - 'Ingress', - ], - podSelector: {}, - ingress: [ - { - from: [ - { - namespaceSelector: { - matchLabels: { - 'kubernetes.io/metadata.name': '', - }, - }, - }, - { - namespaceSelector: { - matchLabels: { - 'kubernetes.io/metadata.name': params.slos.namespace, - }, - }, - }, - ], - }, - ], - }, - }, - }, - }, - }, - patches: [ - comp.ToCompositeFieldPath('status.conditions', 'status.networkPolicyConditions'), - comp.FromCompositeFieldPathWithTransformSuffix('metadata.name', 'metadata.name', 'network-policy'), - comp.FromCompositeFieldPathWithTransformPrefix('metadata.name', 'spec.forProvider.manifest.metadata.namespace', 'vshn-postgresql'), - comp.FromCompositeFieldPathWithTransformPrefix('metadata.name', 'spec.forProvider.manifest.metadata.name', 'allow-from-claim-namespace'), - - comp.FromCompositeFieldPath('metadata.labels[crossplane.io/claim-namespace]', 'spec.forProvider.manifest.spec.ingress[0].from[0].namespaceSelector.matchLabels[kubernetes.io/metadata.name]'), - ], -}; - - local stackgresNetworkPolicy = kube.NetworkPolicy('allow-stackgres-api') + { metadata+: { namespace: params.stackgres.namespace, @@ -885,9 +835,7 @@ local composition(restore=false) = xobjectBucket, sgObjectStorage, podMonitor, - ] + if pgParams.enableNetworkPolicy == true then [ - networkPolicy, - ] else [], + ], }, }, { diff --git a/component/component/vshn_redis.jsonnet b/component/component/vshn_redis.jsonnet index 64bc9d31a..2c38f38ea 100644 --- a/component/component/vshn_redis.jsonnet +++ b/component/component/vshn_redis.jsonnet @@ -303,26 +303,6 @@ local composition = repository: 'bitnami/redis', }, commonConfiguration: '', - networkPolicy: { - enabled: redisParams.enableNetworkPolicy, - allowExternal: false, - ingressNSMatchLabels: { - 'kubernetes.io/metadata.name': '', - }, - extraIngress: [ - { - from: [ - { - namespaceSelector: { - matchLabels: { - 'kubernetes.io/metadata.name': params.slos.namespace, - }, - }, - }, - ], - }, - ], - }, master: { persistence: { size: '', @@ -450,7 +430,6 @@ local composition = comp.FromCompositeFieldPathWithTransformPrefix('metadata.name', 'spec.forProvider.namespace', 'vshn-redis'), comp.FromCompositeFieldPathWithTransformPrefix('metadata.name', 'spec.forProvider.manifest.metadata.namespace', 'vshn-redis'), comp.FromCompositeFieldPath('metadata.name', 'spec.forProvider.manifest.metadata.name'), - comp.FromCompositeFieldPath('metadata.labels[crossplane.io/claim-namespace]', 'spec.forProvider.values.networkPolicy.ingressNSMatchLabels[kubernetes.io/metadata.name]'), comp.FromCompositeFieldPathWithTransformMap('spec.parameters.size.plan', 'spec.forProvider.values.master.resources.requests.memory', std.mapWithKey(function(key, x) x.size.memory, redisPlans)), comp.FromCompositeFieldPathWithTransformMap('spec.parameters.size.plan', 'spec.forProvider.values.master.resources.limits.memory', std.mapWithKey(function(key, x) x.size.memory, redisPlans)), diff --git a/component/tests/golden/vshn/appcat/appcat/21_composition_vshn_postgres.yaml b/component/tests/golden/vshn/appcat/appcat/21_composition_vshn_postgres.yaml index abacb996f..bc0244f28 100644 --- a/component/tests/golden/vshn/appcat/appcat/21_composition_vshn_postgres.yaml +++ b/component/tests/golden/vshn/appcat/appcat/21_composition_vshn_postgres.yaml @@ -638,62 +638,6 @@ spec: type: Format type: string type: FromCompositeFieldPath - - base: - apiVersion: kubernetes.crossplane.io/v1alpha1 - kind: Object - metadata: {} - spec: - forProvider: - manifest: - apiVersion: networking.k8s.io/v1 - kind: NetworkPolicy - metadata: {} - spec: - ingress: - - from: - - namespaceSelector: - matchLabels: - kubernetes.io/metadata.name: '' - - namespaceSelector: - matchLabels: - kubernetes.io/metadata.name: appcat-slos - podSelector: {} - policyTypes: - - Ingress - providerConfigRef: - name: kubernetes - name: network-policy - patches: - - fromFieldPath: status.conditions - toFieldPath: status.networkPolicyConditions - type: ToCompositeFieldPath - - fromFieldPath: metadata.name - toFieldPath: metadata.name - transforms: - - string: - fmt: '%s-network-policy' - type: Format - type: string - type: FromCompositeFieldPath - - fromFieldPath: metadata.name - toFieldPath: spec.forProvider.manifest.metadata.namespace - transforms: - - string: - fmt: vshn-postgresql-%s - type: Format - type: string - type: FromCompositeFieldPath - - fromFieldPath: metadata.name - toFieldPath: spec.forProvider.manifest.metadata.name - transforms: - - string: - fmt: allow-from-claim-namespace-%s - type: Format - type: string - type: FromCompositeFieldPath - - fromFieldPath: metadata.labels[crossplane.io/claim-namespace] - toFieldPath: spec.forProvider.manifest.spec.ingress[0].from[0].namespaceSelector.matchLabels[kubernetes.io/metadata.name] - type: FromCompositeFieldPath step: patch-and-transform - functionRef: name: function-appcat diff --git a/component/tests/golden/vshn/appcat/appcat/21_composition_vshn_postgresrestore.yaml b/component/tests/golden/vshn/appcat/appcat/21_composition_vshn_postgresrestore.yaml index 5b677b9a0..95b5d2889 100644 --- a/component/tests/golden/vshn/appcat/appcat/21_composition_vshn_postgresrestore.yaml +++ b/component/tests/golden/vshn/appcat/appcat/21_composition_vshn_postgresrestore.yaml @@ -740,62 +740,6 @@ spec: type: Format type: string type: FromCompositeFieldPath - - base: - apiVersion: kubernetes.crossplane.io/v1alpha1 - kind: Object - metadata: {} - spec: - forProvider: - manifest: - apiVersion: networking.k8s.io/v1 - kind: NetworkPolicy - metadata: {} - spec: - ingress: - - from: - - namespaceSelector: - matchLabels: - kubernetes.io/metadata.name: '' - - namespaceSelector: - matchLabels: - kubernetes.io/metadata.name: appcat-slos - podSelector: {} - policyTypes: - - Ingress - providerConfigRef: - name: kubernetes - name: network-policy - patches: - - fromFieldPath: status.conditions - toFieldPath: status.networkPolicyConditions - type: ToCompositeFieldPath - - fromFieldPath: metadata.name - toFieldPath: metadata.name - transforms: - - string: - fmt: '%s-network-policy' - type: Format - type: string - type: FromCompositeFieldPath - - fromFieldPath: metadata.name - toFieldPath: spec.forProvider.manifest.metadata.namespace - transforms: - - string: - fmt: vshn-postgresql-%s - type: Format - type: string - type: FromCompositeFieldPath - - fromFieldPath: metadata.name - toFieldPath: spec.forProvider.manifest.metadata.name - transforms: - - string: - fmt: allow-from-claim-namespace-%s - type: Format - type: string - type: FromCompositeFieldPath - - fromFieldPath: metadata.labels[crossplane.io/claim-namespace] - toFieldPath: spec.forProvider.manifest.spec.ingress[0].from[0].namespaceSelector.matchLabels[kubernetes.io/metadata.name] - type: FromCompositeFieldPath step: patch-and-transform - functionRef: name: function-appcat diff --git a/component/tests/golden/vshn/appcat/appcat/21_composition_vshn_redis.yaml b/component/tests/golden/vshn/appcat/appcat/21_composition_vshn_redis.yaml index 826a11c87..9daec9b07 100644 --- a/component/tests/golden/vshn/appcat/appcat/21_composition_vshn_redis.yaml +++ b/component/tests/golden/vshn/appcat/appcat/21_composition_vshn_redis.yaml @@ -424,16 +424,6 @@ spec: serviceMonitor: enabled: true namespace: '' - networkPolicy: - allowExternal: false - enabled: true - extraIngress: - - from: - - namespaceSelector: - matchLabels: - kubernetes.io/metadata.name: appcat-slos - ingressNSMatchLabels: - kubernetes.io/metadata.name: '' tls: authClients: true autoGenerated: false @@ -468,9 +458,6 @@ spec: - fromFieldPath: metadata.name toFieldPath: spec.forProvider.manifest.metadata.name type: FromCompositeFieldPath - - fromFieldPath: metadata.labels[crossplane.io/claim-namespace] - toFieldPath: spec.forProvider.values.networkPolicy.ingressNSMatchLabels[kubernetes.io/metadata.name] - type: FromCompositeFieldPath - fromFieldPath: spec.parameters.size.plan toFieldPath: spec.forProvider.values.master.resources.requests.memory transforms: