Fix for Sonarqube Database Network Policy Logic
General MR
Summary
- Fixed template logic to determine when network policy for database-subnets should be deployed
Relevant logs/screenshots
Verified database-subnets network policy was not present by default.
Verified network policy was enabled by default when the following values are used:
addons:
sonarqube:
database:
host: blah.comkubectl get netpol -n sonarqube
NAME POD-SELECTOR AGE
allow-egress-from-sonarqube-to-code-repository app=sonarqube 4m55s
allow-egress-from-sonarqube-to-database-subnets app=sonarqube 29s
allow-egress-from-sonarqube-to-ns-tempo-pod-tempo-tcp-port-9411 app=sonarqube 4m55s
allow-egress-from-sonarqube-to-sonarsource-marketplace app=sonarqube 4m55s
allow-ingress-to-sonarqube-9000-from-ns-istio-gateway-pod-public-ingressgateway app=sonarqube 4m55s
allow-ingress-to-sonarqube-tcp-ports-8000-8001-9000-from-ns-monitoring-pod-prometheus app=sonarqube 4m55s
default-egress-allow-all-in-ns <none> 4m55s
default-egress-allow-istiod <none> 4m55s
default-egress-allow-kube-dns <none> 4m55s
default-egress-deny-all <none> 4m55s
default-ingress-allow-all-in-ns <none> 4m55s
default-ingress-allow-prometheus-to-istio-sidecar <none> 4m55s
default-ingress-deny-all <none> 4m55sLinked Issue
Upgrade Notices
N/A
Edited by Jimmy Bourque