UNCLASSIFIED - NO CUI

Skip to content

#95 : Add network policies via values file

Andrew Kesterson requested to merge 95_additional_network_policies into main

General MR

Summary

Adds support to cluster-auditor for custom network policies via values yaml.

This depends on big-bang/bigbang!4184 (merged) for a documentation reference

Relevant logs/screenshots

Given these overrides:

clusterAuditor:
  enabled: true
  git:
    repo: https://repo1.dso.mil/big-bang/product/packages/cluster-auditor.git
    tag: null
    path: chart
    branch: "95_additional_network_policies"
  values:
    networkPolicies:
      enabled: true
      additionalPolicies:
      - name: this-is-a-cluster-auditor-job-test-test
        spec:
          podSelector: {}
          policyTypes:
          - Egress
          egress:
          - to:
            - ipBlock:
                cidr: 172.20.0.0/12
      - name: this-is-a-zwei-cluster-auditor-job-test-test
        spec:
          podSelector: {}
          policyTypes:
          - Ingress
          ingress:
          - from:
            - ipBlock:
                cidr: 172.20.0.0/12

.. We get network policies (new ones at the bottom):

NAME                                           POD-SELECTOR                                                                                                                                                                                                                                                                                             AGE
egress-kube-api                                app.kubernetes.io/component=opa-exporter,app.kubernetes.io/instance=cluster-auditor-cluster-auditor,app.kubernetes.io/managed-by=Helm,app.kubernetes.io/name=cluster-auditor,app.kubernetes.io/part-of=cluster-auditor,app.kubernetes.io/version=1.5.0-bb.16,helm.sh/chart=cluster-auditor-1.5.0-bb.16   2m9s
allow-helm-test-ingress-ca                     app.kubernetes.io/component=opa-exporter,app.kubernetes.io/instance=cluster-auditor-cluster-auditor,app.kubernetes.io/managed-by=Helm,app.kubernetes.io/name=cluster-auditor,app.kubernetes.io/part-of=cluster-auditor,app.kubernetes.io/version=1.5.0-bb.16,helm.sh/chart=cluster-auditor-1.5.0-bb.16   2m9s
ingress-prometheus-metrics                     app.kubernetes.io/component=opa-exporter,app.kubernetes.io/instance=cluster-auditor-cluster-auditor,app.kubernetes.io/managed-by=Helm,app.kubernetes.io/name=cluster-auditor,app.kubernetes.io/part-of=cluster-auditor,app.kubernetes.io/version=1.5.0-bb.16,helm.sh/chart=cluster-auditor-1.5.0-bb.16   2m9s
egress-dns                                     <none>                                                                                                                                                                                                                                                                                                   2m9s
allow-helm-test-egress                         helm-test=enabled                                                                                                                                                                                                                                                                                        2m9s
allow-tempo-egress                             <none>                                                                                                                                                                                                                                                                                                   2m9s
ingress-egress-ns                              <none>                                                                                                                                                                                                                                                                                                   2m9s
this-is-a-zwei-cluster-auditor-job-test-test   <none>                                                                                                                                                                                                                                                                                                   2m9s
this-is-a-cluster-auditor-job-test-test        <none>                                                                                                                                                                                                                                                                                                   2m9s

Linked Issue

#95

Upgrade Notices

N/A

Merge request reports

UNCLASSIFIED - NO CUI