UNCLASSIFIED - NO CUI

Skip to content

Fixes #79 : Support additional custom network policies

Andrew Kesterson requested to merge 79_custom_network_policies into main

General MR

Summary

Fixes #79 (closed). This MR adds support for custom network policies to the vault component.

Relevant logs/screenshots

Using this override

networkPolicies:
  enabled: true
addons:
  vault:
    enabled: true
    sourceType: "git"
    git:
      repo: https://repo1.dso.mil/big-bang/product/packages/vault.git
      path: "./chart"
      tag: null
      branch: "79_custom_network_policies"
    values:
      networkPolicies:
        additionalPolicies:
        - name: this-is-a-vault-job-test-test
          spec:
            podSelector: {}
            policyTypes:
            - Egress
            egress:
            - to:
              - ipBlock:
                  cidr: 172.20.0.0/12
        - name: this-is-a-zwei-vault-job-test-test
          spec:
            podSelector: {}
            policyTypes:
            - Ingress
            egress:
            - to:
              - ipBlock:
                  cidr: 172.20.0.0/12

... network policies are deployed:

$ kubectl get NetworkPolicies -n vault | grep test
NAME                                 POD-SELECTOR                                  AGE
this-is-a-zwei-vault-job-test-test   <none>                                        13s
this-is-a-vault-job-test-test        <none>                                        13s

... and when network policies are disabled, they are not deployed:

# networkPolicies:
#   enabled: false
# ....
$ kubectl get NetworkPolicies -n vault
No resources found in vault namespace.

Linked Issue

79

Upgrade Notices

N/A

Edited by Andrew Kesterson

Merge request reports

Loading