Merge branch 'np-2-electric-boogaloo' into 'main'

Optimizing Network Policy Templates

See merge request !7

CHANGELOG.md

 # Changelog
 
+## [29.1.0-bb.4]
+### Changed
+- kube-api network policy toggle
+- istio network policy stricter podSelector values
+
 ## [29.1.0-bb.3] - 2021-06-08
 ### Modified
 - Modified CI tests to use new library and infrastructure
@@ -8,7 +13,7 @@
 - Network policy for helm-tests to save artifacts
 
 ## [29.1.0-bb.2]
-# Added
-* default-deny-all network policy
-* istio network policy
-* monitoring network policy
+### Added
+- default-deny-all network policy
+- istio network policy
+- monitoring network policy

chart/Chart.yaml

 apiVersion: v2
 name: nexus-repository-manager
-version: 29.1.0-bb.3
+version: 29.1.0-bb.4
 appVersion: 3.29.0
 description: Sonatype Nexus Repository Manager - Universal Binary repository
 type: application

chart/templates/bigbang/networkpolicies/istio.yaml

-{{ if .Values.networkPolicies.enabled }}
+{{ if and .Values.networkPolicies.enabled .Values.istio.enabled }}
 apiVersion: networking.k8s.io/v1
 kind: NetworkPolicy
 metadata:
-  name: allow-to-istio-ingressgateway
+  name: allow-from-istio-ingressgateway
   namespace: {{ .Release.Namespace }}
 spec:
-  podSelector: {}
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: nexus-repository-manager
   policyTypes:
     - Ingress
   ingress:

chart/templates/bigbang/networkpolicies/kube-api-egress.yaml

+{{ if .Values.networkPolicies.enabled }}
 apiVersion: networking.k8s.io/v1
 kind: NetworkPolicy
 metadata:
@@ -16,4 +17,5 @@ spec:
     matchLabels:
       app.kubernetes.io/name: nexus-repository-manager
   policyTypes:
-  - Egress
\ No newline at end of file
+  - Egress
+{{- end }}