feat(netpols): configured network policies to accept BB umbrella helper
General MR
Summary
This MR configures Nexus to accept values from the istio namespace helper in BB umbrella. Work to add the appropriate templating logic to BB umbrella will happen as part of the BB MR spawned from merging this one.
Relevant logs/screenshots
Proof of success
With Operatorful(?) Istio:
With Operatorless Istio:
Now, I know what you're thinking:
But I promise they're not. I had to do a lot of things in umbrella to get operatorless on par:
diff --git c/chart/templates/nexus-repository-manager/helmrelease.yaml w/chart/templates/nexus-repository-manager/helmrelease.yaml
index 6e2bad4ea..1b1b61dad 100644
--- c/chart/templates/nexus-repository-manager/helmrelease.yaml
+++ w/chart/templates/nexus-repository-manager/helmrelease.yaml
@@ -58,15 +58,19 @@ spec:
kind: Secret
valuesKey: "overlays"
- {{ if or .Values.istio.enabled .Values.monitoring.enabled }}
+ {{ if or (include "istioEnabled" .) .Values.monitoring.enabled }}
dependsOn:
- {{- if .Values.istio.enabled }}
+ {{- if .Values.istio.enabled }}
- name: istio
namespace: {{ .Release.Namespace }}
- {{- end }}
- {{- if .Values.monitoring.enabled }}
+ {{- end }}
+ {{- if .Values.istioCore.enabled }}
+ - name: istio-core
+ namespace: {{ .Release.Namespace }}
+ {{- end }}
+ {{- if .Values.monitoring.enabled }}
- name: monitoring
namespace: {{ .Release.Namespace }}
- {{- end }}
+ {{- end }}
{{- end }}
{{- end }}
diff --git c/chart/templates/nexus-repository-manager/namespace.yaml w/chart/templates/nexus-repository-manager/namespace.yaml
index ffdb5ac5e..9095ca208 100644
--- c/chart/templates/nexus-repository-manager/namespace.yaml
+++ w/chart/templates/nexus-repository-manager/namespace.yaml
@@ -6,7 +6,7 @@ kind: Namespace
metadata:
name: nexus-repository-manager
labels:
- istio-injection: {{ ternary "enabled" "disabled" (and .Values.istio.enabled (eq (dig "istio" "injection" "enabled" $nexusValues) "enabled")) }}
+ istio-injection: {{ ternary "enabled" "disabled" (and (include "istioEnabled" .) (eq (dig "istio" "injection" "enabled" $nexusValues) "enabled")) }}
app.kubernetes.io/name: "nexus-repository-manager"
app.kubernetes.io/component: "developer-tools"
{{- include "commonLabels" . | nindent 4}}
diff --git c/chart/templates/nexus-repository-manager/values.yaml w/chart/templates/nexus-repository-manager/values.yaml
index a7fcd4e06..00ec2ace1 100644
--- c/chart/templates/nexus-repository-manager/values.yaml
+++ w/chart/templates/nexus-repository-manager/values.yaml
@@ -11,7 +11,7 @@
domain: {{ $domainName }}
hostname: nexus
istio:
- enabled: {{ .Values.istio.enabled }}
+ enabled: {{ include "istioEnabled" . }}
hardened:
enabled: {{ or
(dig "istio" "hardened" "enabled" false $nexusValues.values)
@@ -20,7 +20,7 @@ istio:
injection: {{ dig "istio" "injection" "enabled" $nexusValues }}
nexus:
gateways:
- - istio-system/{{ default "public" $nexusValues.ingress.gateway }}
+ - {{ include "istioGatewayNamespace" . }}/{{ default (include "istioPublicGateway" .) $nexusValues.ingress.gateway }}
openshift: {{ .Values.openshift }}
@@ -44,6 +44,8 @@ monitoring:
{{- end }}
networkPolicies:
+ istioNamespaceSelector:
+ {{ include "istioNamespaceSelector" . | nindent 4 }}
enabled: {{ .Values.networkPolicies.enabled }}
ingressLabels:
{{- $gateway := default "public" $nexusValues.ingress.gateway }}Linked Issue
Upgrade Notices
N/A
Edited by Zach Callahan