Skip to content

Commit

Permalink
Allow configurable egress for server network policy (hashicorp#389)
Browse files Browse the repository at this point in the history 
* Allow configurable egress

* Add test for networkpolicy egress in server

* Allow egress configuration

* Fix test

* Fix networkPolicy test

* Fix test
  • Loading branch information
@corest
corest authored Dec 16, 2020
1 parent 9067c4e commit f8e6aab
Show file tree
Hide file tree
Showing 3 changed files with 25 additions and 0 deletions.
4 changes: 4 additions & 0 deletions templates/server-network-policy.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,4 +19,8 @@ spec:
protocol: TCP
- port: 8201
protocol: TCP
{{- if .Values.server.networkPolicy.egress }}
egress:
{{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
{{ end }}
{{ end }}
13 changes: 13 additions & 0 deletions test/unit/server-network-policy.bats
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,3 +20,16 @@ load _helpers
yq 'length > 0' | tee /dev/stderr)
[ "${actual}" = "true" ]
}

@test "server/network-policy: egress enabled by server.networkPolicy.egress" {
cd `chart_dir`
local actual=$(helm template \
--set 'server.networkPolicy.enabled=true' \
--set 'server.networkPolicy.egress[0].to[0].ipBlock.cidr=10.0.0.0/24' \
--set 'server.networkPolicy.egress[0].ports[0].protocol=TCP' \
--set 'server.networkPolicy.egress[0].ports[0].port=443' \
--show-only templates/server-network-policy.yaml \
. | tee /dev/stderr |
yq -r '.spec.egress[0].to[0].ipBlock.cidr' | tee /dev/stderr)
[ "${actual}" = "10.0.0.0/24" ]
}
8 changes: 8 additions & 0 deletions values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -342,6 +342,14 @@ server:
# Enables network policy for server pods
networkPolicy:
enabled: false
egress: []
# egress:
# - to:
# - ipBlock:
# cidr: 10.0.0.0/24
# ports:
# - protocol: TCP
# port: 443

# Priority class for server pods
priorityClassName: ""
Expand Down

0 comments on commit f8e6aab

Please sign in to comment.