UNCLASSIFIED - NO CUI

Skip to content

Fixes #26 : Support setting additional custom network policies through the values yaml

Andrew Kesterson requested to merge 26_additional_network_policies into main

General MR

Summary

Adds support to Renovate for custom network policies via values yaml.

Relevant logs/screenshots

With this yaml:

packages:
  renovate:
    enabled: true
    git:
      repo: https://repo1.dso.mil/big-bang/product/packages/renovate.git
      tag: null
      branch: 26_additional_network_policies
    values:
      redis:
        enabled: true
      renovate:
        configIsSecret: true
        config: |
          {
            "repositories": ["product/packages/harbor"],
            "platform": 'gitlab',
            "endpoint": 'https://repo1.dso.mil/api/v4',
            "token": "**********",
            "autodiscover": false,
            "hostRules": [{
              "hostType": "docker",
              "matchHost": "registry1.dso.mil",
              "username": "*******",
              "password": "*******"
            }]
          }
      networkPolicies:
        enabled: true
        additionalPolicies:
        - name: this-is-a-renovate-job-test-test
          spec:
            podSelector: {}
            policyTypes:
            - Egress
            egress:
            - to:
              - ipBlock:
                  cidr: 172.20.0.0/12
        - name: this-is-a-zwei-renovate-job-test-test
          spec:
            podSelector: {}
            policyTypes:
            - Ingress
            ingress:
            - from:
              - ipBlock:
                  cidr: 172.20.0.0/12
      istio:
        enabled: "{{ $.Values.istio.enabled }}"

... we get additional custom network policies:

Every 2.0s: kubectl get NetworkPolicies -n renovate                         BPH-MAC21.local: Wed Apr 24 13:36:35 2024

NAME                                    POD-SELECTOR   AGE
default-deny-ingress                    <none>         15m
allow-https                             <none>         15m
default-deny-egress                     <none>         15m
egress-dns                              <none>         15m
allow-istiod-egress-renovate            <none>         15m
allow-in-ns-renovate                    <none>         15m
this-is-a-renovate-job-test-test        <none>         5m39s
this-is-a-zwei-renovate-job-test-test   <none>         5m39s

Linked Issue

#26 (closed)

Upgrade Notices

N/A

Merge request reports

Loading