Merge branch 'master' into gh-pages

ae/CHANGELOG.md

@@ -2,6 +2,10 @@
 
 This file documents all notable changes to [Gravitee.io Alert Engine](https://github.com/gravitee-io/helm-charts/tree/master/ae) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
 
+### 1.1.46
+
+- add networkPolicy
+
 ### 1.1.45
 
 - [x] fix: license deleted after helm upgrade

ae/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v1
 name: ae
 # When the version is modified, make sure the artifacthub.io/changes list is updated
 # Also update CHANGELOG.md
-version: 1.1.45
+version: 1.1.46
 appVersion: 2.1.5
 description: Official Gravitee.io Helm chart for Alert Engine
 home: https://gravitee.io
@@ -20,4 +20,4 @@ annotations:
   # List of changes for the release in artifacthub.io
   # https://artifacthub.io/packages/helm/graviteeio/ae?modal=changelog
   artifacthub.io/changes: |
-    - 'fix: license deleted after helm upgrade'
+    - 'add networkPolicy'

ae/templates/networkpolicy.yaml

@@ -0,0 +1,14 @@
+{{- if .Values.networkPolicy }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ .Release.Name }}-networkpolicy
+  labels:
+    app.kubernetes.io/name: {{ template "gravitee.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Values.engine.image.tag | default .Chart.AppVersion | quote }}
+    app.kubernetes.io/component: "{{ .Values.engine.name }}"
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  {{ toYaml .Values.networkPolicy | nindent 2 }}
+{{- end -}}

ae/tests/networkPolicy_test.yaml

@@ -0,0 +1,59 @@
+suite: ae - Common - NetworkPolicy configuration test
+templates:
+  - "networkpolicy.yaml"
+tests:
+  - it: should generate nothing by default
+    template: networkpolicy.yaml
+    asserts:
+      - hasDocuments:
+          count: 0
+
+  - it: should generate a networkPolicy
+    template: networkpolicy.yaml
+    set:
+      networkPolicy:
+        podSelector:
+          matchExpressions:
+            - key: app.kubernetes.io/component
+              operator: In
+              values: [ "engine" ]
+        policyTypes:
+          - Egress
+          - Ingress
+        egress:
+          - to:
+              - ipBlock:
+                  cidr: 0.0.0.0/0
+                  except:
+                    - 169.254.169.254/32
+        ingress:
+          - from:
+              - ipBlock:
+                  cidr: 172.17.0.0/16
+                  except:
+                    - 172.17.1.0/24
+    asserts:
+    - isSubset:
+        path: spec
+        content:
+          egress:
+          - to:
+              - ipBlock:
+                  cidr: 0.0.0.0/0
+                  except:
+                    - 169.254.169.254/32
+          ingress:
+            - from:
+                - ipBlock:
+                    cidr: 172.17.0.0/16
+                    except:
+                      - 172.17.1.0/24
+          podSelector:
+            matchExpressions:
+              - key: app.kubernetes.io/component
+                operator: In
+                values:
+                  - engine
+          policyTypes:
+            - Egress
+            - Ingress

ae/values.yaml

@@ -13,6 +13,23 @@ extraObjects: []
   #  data:
 #    license.key: myLicenceInBase64==
 
+# Create NetworkPolicy objects
+# https://kubernetes.io/docs/concepts/services-networking/network-policies/
+networkPolicy:
+#  podSelector:
+#    matchExpressions:
+#      - key: app.kubernetes.io/component
+#        operator: In
+#        values: [ "engine" ]
+#  policyTypes:
+#    - Egress
+#  egress:
+#    - to:
+#        - ipBlock:
+#            cidr: 0.0.0.0/0
+#            except:
+#              - 169.254.169.254/32
+
 chaos:
   enabled: false
 

cockpit/CHANGELOG.md

@@ -2,6 +2,10 @@
 
 This file documents all notable changes to [Gravitee.io Cockpit](https://github.com/gravitee-io/helm-charts/tree/master/cockpit) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
 
+### 1.9.4
+
+- [X] add networkPolicy
+
 ### 1.9.3
 
 - [X] Allow users to define extra manifests

cockpit/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v1
 name: cockpit
 # When the version is modified, make sure the artifacthub.io/changes list is updated
 # Also update CHANGELOG.md
-version: 1.9.3
+version: 1.9.4
 appVersion: 3.16.0
 description: Official Gravitee.io Helm chart for Cockpit
 home: https://gravitee.io
@@ -21,4 +21,4 @@ annotations:
   # List of changes for the release in artifacthub.io
   # https://artifacthub.io/packages/helm/graviteeio/cockpit?modal=changelog
   artifacthub.io/changes: |
-    - Allow users to define extra manifests
+    - add networkPolicy

cockpit/templates/common/networkpolicy.yaml

@@ -0,0 +1,15 @@
+{{- if .Values.networkPolicy }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ .Release.Name }}-networkpolicy
+  labels:
+    app.kubernetes.io/name: {{ template "gravitee.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: "{{ .Values.cockpit.name }}"
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+spec:
+  {{ toYaml .Values.networkPolicy | nindent 2 }}
+{{- end -}}

cockpit/tests/common/networkPolicy_test.yaml

@@ -0,0 +1,61 @@
+suite: apim - Common - NetworkPolicy configuration test
+templates:
+  - "common/networkpolicy.yaml"
+tests:
+  - it: should generate nothing by default
+    template: common/networkpolicy.yaml
+    asserts:
+      - hasDocuments:
+          count: 0
+
+  - it: should generate a networkPolicy
+    template: common/networkpolicy.yaml
+    set:
+      networkPolicy:
+        podSelector:
+          matchExpressions:
+            - key: app.kubernetes.io/component
+              operator: In
+              values: [ "generator", "api", "ui" ]
+        policyTypes:
+          - Egress
+          - Ingress
+        egress:
+          - to:
+              - ipBlock:
+                  cidr: 0.0.0.0/0
+                  except:
+                    - 169.254.169.254/32
+        ingress:
+          - from:
+              - ipBlock:
+                  cidr: 172.17.0.0/16
+                  except:
+                    - 172.17.1.0/24
+    asserts:
+    - isSubset:
+        path: spec
+        content:
+          egress:
+          - to:
+              - ipBlock:
+                  cidr: 0.0.0.0/0
+                  except:
+                    - 169.254.169.254/32
+          ingress:
+            - from:
+                - ipBlock:
+                    cidr: 172.17.0.0/16
+                    except:
+                      - 172.17.1.0/24
+          podSelector:
+            matchExpressions:
+              - key: app.kubernetes.io/component
+                operator: In
+                values:
+                  - generator
+                  - api
+                  - ui
+          policyTypes:
+            - Egress
+            - Ingress

cockpit/values.yaml

@@ -13,6 +13,23 @@ extraObjects: []
 #  data:
 #    license.key: myLicenceInBase64==
 
+# Create NetworkPolicy objects
+# https://kubernetes.io/docs/concepts/services-networking/network-policies/
+networkPolicy:
+#  podSelector:
+#    matchExpressions:
+#      - key: app.kubernetes.io/component
+#        operator: In
+#        values: [ "generator", "api", "ui" ]
+#  policyTypes:
+#    - Egress
+#  egress:
+#    - to:
+#        - ipBlock:
+#            cidr: 0.0.0.0/0
+#            except:
+#              - 169.254.169.254/32
+
 cockpit:
   name: cockpit
   # Whether this chart should self-manage its service account, role, and associated role binding.