networkpolicy-gateway template not handling multiple istio hosts correctly
I believe this is a simple fix, I think we are simply missing a --- at the top of the loop in the templates/network/networkpolicy-gateway.yaml file
Currently this helm chart will break if you specify multiple istio hosts
Activity
{{- if and .Values.bigbang.networkPolicies.enabled .Values.bigbang.istio.enabled (dig "network" "policies" true .Values.package) (dig "istio" "hosts" false .Values.package) -}} {{- $pkg := include "resourceName" .Values.package.name -}} {{- /* Add default selector if it isn't there */ -}} {{- $defSel := (dict "selectors" (list (dict "matchLabels" (dict "app.kubernetes.io/name" $pkg)))) -}} {{- range $host := .Values.package.istio.hosts -}} {{- $host = merge $host $defSel -}} {{- range $i, $selector := $host.selectors }} --- apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: {{ include "resourceName" (printf "%s-gateway%s" $pkg (ternary "" (print "-%" $i) (eq 1 (len $host.selectors)))) }} labels: {{- include "commonLabels" $ | nindent 4 }} annotations: bigbang.dso.mil/description: Allows ingress traffic from any Istio ingress gateway to exposed ports spec: podSelector: {{- toYaml $selector | nindent 4 }} policyTypes: - Ingress ingress: - from: - namespaceSelector: matchLabels: app.kubernetes.io/name: istio-controlplane podSelector: matchLabels: istio: ingressgateway {{- include "exposedPorts" $host | nindent 4 -}} {{- end -}} {{- end -}} {{- end -}}-
Or perhaps it belong as the end, like some of the other charts in here. You would also have to remove the newline chomping on the `
{{- include "exposedPorts" $host | nindent 4 -}}lineEdited by Nicholas Wilburn 
YAML spec for reference: https://yaml.org/spec/1.2.2/#22-structures
Edited by Antonio Escaleraadded community-contribution kindbug priority3 teambigbang labels
assigned to @andrewshoell
created branch
16-networkpolicy-gateway-template-not-handling-multiple-istio-hosts-correctlyto address this issuementioned in merge request !19 (merged)
added statusdoing label
added statusreview label and removed statusdoing label
mentioned in merge request big-bang/bigbang!3613 (merged)
closed with merge request big-bang/bigbang!3613 (merged)
mentioned in commit big-bang/bigbang@21333de8
- Resolved by Andrew Shoell
Hey I don't think this is entirely fixed. I am still getting the same error as before. I believe its because the chomping of newlines is there on https://repo1.dso.mil/big-bang/product/packages/wrapper/-/blob/main/chart/templates/network/networkpolicy-gateway.yaml?ref_type=heads#L29
Example values which would trigger this:
package: name: test namespace: name: test istio: injection: "enabled" hosts: - names: - test domain: dev.test gateways: - public destination: service: web port: 8080 - names: - test-too domain: dev.test gateways: - public destination: service: server port: 8080 - Last reply by Andrew Shoell
added statusdoing label and removed statusreview label
created branch
16-networkpolicy-gateway-template-not-handling-multiple-istio-hosts-correctlyto address this issueadded teamTools & Automation label and removed teambigbang label
mentioned in merge request !20 (merged)
added statusreview label and removed statusdoing label
added wrapper label
added statusdoing label and removed statusreview label
added statusreview label and removed statusdoing label
changed iteration to Big Bang Iterations Jan 9, 2024 - Jan 22, 2024
changed milestone to %2.19.0
mentioned in merge request big-bang/bigbang!3664 (merged)
mentioned in commit big-bang/bigbang@09c7d826
closed with merge request big-bang/bigbang!3664 (merged)