#103 : Support delivery of additional network policies through the values yaml
General MR
Summary
Adds support to Authservice for custom network policies via values yaml.
This depends on big-bang/bigbang!4184 (merged) for a documentation reference
Relevant logs/screenshots
Given the following overrides:
addons:
authservice:
enabled: true
sourceType: "git"
git:
repo: https://repo1.dso.mil/big-bang/product/packages/authservice.git
path: chart
branch: 103_additional_network_policies
tag: null
values:
networkPolicies:
enabled: true
additionalPolicies:
- name: this-is-a-authservice-job-test
spec:
podSelector: {}
policyTypes:
- Egress
egress:
- to:
- ipBlock:
cidr: 172.20.0.0/12
- name: this-is-a-zwei-authservice-job-test-test
spec:
podSelector: {}
policyTypes:
- Ingress
ingress:
- from:
- ipBlock:
cidr: 172.20.0.0/12
We get additional custom network policies:
Every 2.0s: kubectl get NetworkPolicies -n authservice BPH-MAC21.local: Wed Apr 24 16:26:40 2024
NAME POD-SELECTOR AGE
this-is-a-authservice-job-test <none> 4m26s
this-is-a-zwei-authservice-job-test-test <none> 4m26s
allow-to-prometheus app.kubernetes.io/name=haproxy 7m34s
allow-to-istiod <none> 7m34s
allow-from-istio-ingressgateway app.kubernetes.io/name=haproxy 7m34s
allow-in-ns <none> 7m34s
allow-scraping <none> 7m34s
allow-tempo-egress <none> 7m34s
allow-from-custom-selector app.kubernetes.io/name=authservice 7m34s
allow-to-alertmanager app.kubernetes.io/name=haproxy 7m34s
egress-kube-dns <none> 7m34s
egress-to-sso app.kubernetes.io/name=authservice 7m34s
default-deny-all <none> 7
Linked Issue
Upgrade Notices
N/A
Edited by Andrew Kesterson