From 8d548afb7793a77fb4ff2c27121c1a6d1daf350f Mon Sep 17 00:00:00 2001
From: Micah Nagel <micah.nagel@parsons.com>
Date: Wed, 9 Jun 2021 12:10:09 -0600
Subject: [PATCH] wow

---
 CHANGELOG.md                                     |  7 +++++++
 chart/Chart.yaml                                 |  2 +-
 .../{ingress-allow-ns.yml => allow-in-ns.yml}    | 16 ++++++++++------
 .../ingress-istio-ingressgateway.yml             |  4 +++-
 4 files changed, 21 insertions(+), 8 deletions(-)
 rename chart/templates/networkpolicies/{ingress-allow-ns.yml => allow-in-ns.yml} (51%)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index e75fa64..e1a8dd5 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,6 +4,13 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 
 ---
 
+## [0.0.6-bb.0] - 2021-06-09
+
+### Fixed
+
+- Bug with istio network policy, allow egress in ns
+
+
 ## [0.0.5-bb.0] - 2021-06-02
 
 ### Changed
diff --git a/chart/Chart.yaml b/chart/Chart.yaml
index f09518e..c04bc6a 100644
--- a/chart/Chart.yaml
+++ b/chart/Chart.yaml
@@ -1,6 +1,6 @@
 apiVersion: v2
 name: twistlock
-version: 0.0.5-bb.0
+version: 0.0.6-bb.0
 appVersion: 21.04.412
 dependencies:
   - name: gluon
diff --git a/chart/templates/networkpolicies/ingress-allow-ns.yml b/chart/templates/networkpolicies/allow-in-ns.yml
similarity index 51%
rename from chart/templates/networkpolicies/ingress-allow-ns.yml
rename to chart/templates/networkpolicies/allow-in-ns.yml
index 6e8a95a..97a841c 100644
--- a/chart/templates/networkpolicies/ingress-allow-ns.yml
+++ b/chart/templates/networkpolicies/allow-in-ns.yml
@@ -2,13 +2,17 @@
 apiVersion: networking.k8s.io/v1
 kind: NetworkPolicy
 metadata:
-  name: ingress-allow-ns
-  namespace: "{{ .Release.Namespace }}"
+  name: allow-in-ns
+  namespace: {{ .Release.Namespace }}
 spec:
-  ingress:
-    - from:
-      - podSelector: {} # all pods in namespace
-  podSelector: {} # all pods
+  podSelector: {}
   policyTypes:
     - Ingress
+    - Egress
+  ingress:
+    - from:
+        - podSelector: {}
+  egress:
+    - to:
+        - podSelector: {}
 {{- end }}
diff --git a/chart/templates/networkpolicies/ingress-istio-ingressgateway.yml b/chart/templates/networkpolicies/ingress-istio-ingressgateway.yml
index 29b55a7..7760fe3 100644
--- a/chart/templates/networkpolicies/ingress-istio-ingressgateway.yml
+++ b/chart/templates/networkpolicies/ingress-istio-ingressgateway.yml
@@ -7,7 +7,7 @@ metadata:
 spec:
   podSelector:
     matchLabels:
-      app: twistlock-console
+      name: twistlock-console
   policyTypes:
     - Ingress
   ingress:
@@ -20,5 +20,7 @@ spec:
             {{- toYaml .Values.networkPolicies.ingressLabels | nindent 12}}
       ports:
       - port: 8081 #Default UI console Port
+        protocol: TCP
       - port: 8083 #TLS configured UI console Port
+        protocol: TCP
 {{- end }}
-- 
GitLab