From 335a121f8d60c0ff707631ee1889086e6c4208b5 Mon Sep 17 00:00:00 2001
From: Ryan Garcia <garcia.ryan@solute.us>
Date: Fri, 11 Jun 2021 14:24:23 +0000
Subject: [PATCH] Optimizing Network Policy Templates

---
 CHANGELOG.md                                        | 13 +++++++++----
 chart/Chart.yaml                                    |  2 +-
 chart/templates/bigbang/networkpolicies/istio.yaml  |  8 +++++---
 .../bigbang/networkpolicies/kube-api-egress.yaml    |  4 +++-
 4 files changed, 18 insertions(+), 9 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 1e04781..618a676 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,10 @@
 # Changelog
 
+## [29.1.0-bb.4]
+### Changed
+- kube-api network policy toggle
+- istio network policy stricter podSelector values
+
 ## [29.1.0-bb.3] - 2021-06-08
 ### Modified
 - Modified CI tests to use new library and infrastructure
@@ -8,7 +13,7 @@
 - Network policy for helm-tests to save artifacts
 
 ## [29.1.0-bb.2]
-# Added
-* default-deny-all network policy
-* istio network policy
-* monitoring network policy
+### Added
+- default-deny-all network policy
+- istio network policy
+- monitoring network policy
diff --git a/chart/Chart.yaml b/chart/Chart.yaml
index ed5e087..9e9aac2 100644
--- a/chart/Chart.yaml
+++ b/chart/Chart.yaml
@@ -1,6 +1,6 @@
 apiVersion: v2
 name: nexus-repository-manager
-version: 29.1.0-bb.3
+version: 29.1.0-bb.4
 appVersion: 3.29.0
 description: Sonatype Nexus Repository Manager - Universal Binary repository
 type: application
diff --git a/chart/templates/bigbang/networkpolicies/istio.yaml b/chart/templates/bigbang/networkpolicies/istio.yaml
index 5c6c341..bf47c59 100644
--- a/chart/templates/bigbang/networkpolicies/istio.yaml
+++ b/chart/templates/bigbang/networkpolicies/istio.yaml
@@ -1,11 +1,13 @@
-{{ if .Values.networkPolicies.enabled }}
+{{ if and .Values.networkPolicies.enabled .Values.istio.enabled }}
 apiVersion: networking.k8s.io/v1
 kind: NetworkPolicy
 metadata:
-  name: allow-to-istio-ingressgateway
+  name: allow-from-istio-ingressgateway
   namespace: {{ .Release.Namespace }}
 spec:
-  podSelector: {}
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: nexus-repository-manager
   policyTypes:
     - Ingress
   ingress:
diff --git a/chart/templates/bigbang/networkpolicies/kube-api-egress.yaml b/chart/templates/bigbang/networkpolicies/kube-api-egress.yaml
index 708f312..04ed264 100644
--- a/chart/templates/bigbang/networkpolicies/kube-api-egress.yaml
+++ b/chart/templates/bigbang/networkpolicies/kube-api-egress.yaml
@@ -1,3 +1,4 @@
+{{ if .Values.networkPolicies.enabled }}
 apiVersion: networking.k8s.io/v1
 kind: NetworkPolicy
 metadata:
@@ -16,4 +17,5 @@ spec:
     matchLabels:
       app.kubernetes.io/name: nexus-repository-manager
   policyTypes:
-  - Egress
\ No newline at end of file
+  - Egress
+{{- end }}
-- 
GitLab