Andrew Kesterson requested to merge 55_custom_network_policies into main Apr 16, 2024

General MR

Summary

Fixes #55 (closed). This MR adds support for custom network policies to the vault component.

Relevant logs/screenshots

Using this override

networkPolicies:
  enabled: true
addons:
  harbor:
    enabled: true
    sourceType: "git"
    git:
      repo: https://repo1.dso.mil/big-bang/product/packages/harbor.git
      path: "./chart"
      tag: null
      branch: "55_custom_network_policies"
    values:
      networkPolicies:
        additionalPolicies:
        - name: this-is-a-harbor-job-test-test
          spec:
            podSelector: {}
            policyTypes:
            - Egress
            egress:
            - to:
              - ipBlock:
                  cidr: 172.20.0.0/12
        - name: this-is-a-zwei-harbor-job-test-test
          spec:
            podSelector: {}
            policyTypes:
            - Ingress
            egress:
            - to:
              - ipBlock:
                  cidr: 172.20.0.0/12

... network policies are deployed:

$ kubectl get NetworkPolicies -n harbor | grep test
NAME                                  POD-SELECTOR                                  AGE
this-is-a-zwei-harbor-job-test-test   <none>                                        39s
this-is-a-harbor-job-test-test        <none>                                        39s

... and when network policies are disabled, they are not deployed:

# networkPolicies:
#   enabled: false
# ....
$ kubectl get NetworkPolicies -n harbor
No resources found in vault namespace.

Linked Issue

Harbor #55

Upgrade Notices

N/A

Admin message

Fixes #55 : Support additional network policies via values

General MR

Summary

Relevant logs/screenshots

Linked Issue

Upgrade Notices

Merge request reports