diff --git a/ae/CHANGELOG.md b/ae/CHANGELOG.md index 3b1bc38f..81e0f957 100644 --- a/ae/CHANGELOG.md +++ b/ae/CHANGELOG.md @@ -2,6 +2,10 @@ This file documents all notable changes to [Gravitee.io Alert Engine](https://github.com/gravitee-io/helm-charts/tree/master/ae) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). +### 1.1.46 + +- add networkPolicy + ### 1.1.45 - [x] fix: license deleted after helm upgrade diff --git a/ae/Chart.yaml b/ae/Chart.yaml index dab6b485..49ec0f3d 100644 --- a/ae/Chart.yaml +++ b/ae/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 name: ae # When the version is modified, make sure the artifacthub.io/changes list is updated # Also update CHANGELOG.md -version: 1.1.45 +version: 1.1.46 appVersion: 2.1.5 description: Official Gravitee.io Helm chart for Alert Engine home: https://gravitee.io @@ -20,4 +20,4 @@ annotations: # List of changes for the release in artifacthub.io # https://artifacthub.io/packages/helm/graviteeio/ae?modal=changelog artifacthub.io/changes: | - - 'fix: license deleted after helm upgrade' + - 'add networkPolicy' diff --git a/ae/templates/networkpolicy.yaml b/ae/templates/networkpolicy.yaml new file mode 100644 index 00000000..9b11c84d --- /dev/null +++ b/ae/templates/networkpolicy.yaml @@ -0,0 +1,14 @@ +{{- if .Values.networkPolicy }} +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: {{ .Release.Name }}-networkpolicy + labels: + app.kubernetes.io/name: {{ template "gravitee.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Values.engine.image.tag | default .Chart.AppVersion | quote }} + app.kubernetes.io/component: "{{ .Values.engine.name }}" + app.kubernetes.io/managed-by: {{ .Release.Service }} +spec: + {{ toYaml .Values.networkPolicy | nindent 2 }} +{{- end -}} diff --git a/ae/tests/networkPolicy_test.yaml b/ae/tests/networkPolicy_test.yaml new file mode 100644 index 00000000..417377ae --- /dev/null +++ b/ae/tests/networkPolicy_test.yaml @@ -0,0 +1,59 @@ +suite: ae - Common - NetworkPolicy configuration test +templates: + - "networkpolicy.yaml" +tests: + - it: should generate nothing by default + template: networkpolicy.yaml + asserts: + - hasDocuments: + count: 0 + + - it: should generate a networkPolicy + template: networkpolicy.yaml + set: + networkPolicy: + podSelector: + matchExpressions: + - key: app.kubernetes.io/component + operator: In + values: [ "engine" ] + policyTypes: + - Egress + - Ingress + egress: + - to: + - ipBlock: + cidr: 0.0.0.0/0 + except: + - 169.254.169.254/32 + ingress: + - from: + - ipBlock: + cidr: 172.17.0.0/16 + except: + - 172.17.1.0/24 + asserts: + - isSubset: + path: spec + content: + egress: + - to: + - ipBlock: + cidr: 0.0.0.0/0 + except: + - 169.254.169.254/32 + ingress: + - from: + - ipBlock: + cidr: 172.17.0.0/16 + except: + - 172.17.1.0/24 + podSelector: + matchExpressions: + - key: app.kubernetes.io/component + operator: In + values: + - engine + policyTypes: + - Egress + - Ingress \ No newline at end of file diff --git a/ae/values.yaml b/ae/values.yaml index ad606adb..f94dbf84 100644 --- a/ae/values.yaml +++ b/ae/values.yaml @@ -13,6 +13,23 @@ extraObjects: [] # data: # license.key: myLicenceInBase64== +# Create NetworkPolicy objects +# https://kubernetes.io/docs/concepts/services-networking/network-policies/ +networkPolicy: +# podSelector: +# matchExpressions: +# - key: app.kubernetes.io/component +# operator: In +# values: [ "engine" ] +# policyTypes: +# - Egress +# egress: +# - to: +# - ipBlock: +# cidr: 0.0.0.0/0 +# except: +# - 169.254.169.254/32 + chaos: enabled: false diff --git a/cockpit/CHANGELOG.md b/cockpit/CHANGELOG.md index 3f9f03fe..ba2c15cf 100644 --- a/cockpit/CHANGELOG.md +++ b/cockpit/CHANGELOG.md @@ -2,6 +2,10 @@ This file documents all notable changes to [Gravitee.io Cockpit](https://github.com/gravitee-io/helm-charts/tree/master/cockpit) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). +### 1.9.4 + +- [X] add networkPolicy + ### 1.9.3 - [X] Allow users to define extra manifests diff --git a/cockpit/Chart.yaml b/cockpit/Chart.yaml index 63abe9c0..9e798c88 100644 --- a/cockpit/Chart.yaml +++ b/cockpit/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 name: cockpit # When the version is modified, make sure the artifacthub.io/changes list is updated # Also update CHANGELOG.md -version: 1.9.3 +version: 1.9.4 appVersion: 3.16.0 description: Official Gravitee.io Helm chart for Cockpit home: https://gravitee.io @@ -21,4 +21,4 @@ annotations: # List of changes for the release in artifacthub.io # https://artifacthub.io/packages/helm/graviteeio/cockpit?modal=changelog artifacthub.io/changes: | - - Allow users to define extra manifests + - add networkPolicy diff --git a/cockpit/templates/common/networkpolicy.yaml b/cockpit/templates/common/networkpolicy.yaml new file mode 100644 index 00000000..d1547a0c --- /dev/null +++ b/cockpit/templates/common/networkpolicy.yaml @@ -0,0 +1,15 @@ +{{- if .Values.networkPolicy }} +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: {{ .Release.Name }}-networkpolicy + labels: + app.kubernetes.io/name: {{ template "gravitee.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: "{{ .Values.cockpit.name }}" + app.kubernetes.io/managed-by: {{ .Release.Service }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} +spec: + {{ toYaml .Values.networkPolicy | nindent 2 }} +{{- end -}} \ No newline at end of file diff --git a/cockpit/tests/common/networkPolicy_test.yaml b/cockpit/tests/common/networkPolicy_test.yaml new file mode 100644 index 00000000..6d2b5070 --- /dev/null +++ b/cockpit/tests/common/networkPolicy_test.yaml @@ -0,0 +1,61 @@ +suite: apim - Common - NetworkPolicy configuration test +templates: + - "common/networkpolicy.yaml" +tests: + - it: should generate nothing by default + template: common/networkpolicy.yaml + asserts: + - hasDocuments: + count: 0 + + - it: should generate a networkPolicy + template: common/networkpolicy.yaml + set: + networkPolicy: + podSelector: + matchExpressions: + - key: app.kubernetes.io/component + operator: In + values: [ "generator", "api", "ui" ] + policyTypes: + - Egress + - Ingress + egress: + - to: + - ipBlock: + cidr: 0.0.0.0/0 + except: + - 169.254.169.254/32 + ingress: + - from: + - ipBlock: + cidr: 172.17.0.0/16 + except: + - 172.17.1.0/24 + asserts: + - isSubset: + path: spec + content: + egress: + - to: + - ipBlock: + cidr: 0.0.0.0/0 + except: + - 169.254.169.254/32 + ingress: + - from: + - ipBlock: + cidr: 172.17.0.0/16 + except: + - 172.17.1.0/24 + podSelector: + matchExpressions: + - key: app.kubernetes.io/component + operator: In + values: + - generator + - api + - ui + policyTypes: + - Egress + - Ingress \ No newline at end of file diff --git a/cockpit/values.yaml b/cockpit/values.yaml index 8b3ef2bf..bfc5af16 100644 --- a/cockpit/values.yaml +++ b/cockpit/values.yaml @@ -13,6 +13,23 @@ extraObjects: [] # data: # license.key: myLicenceInBase64== +# Create NetworkPolicy objects +# https://kubernetes.io/docs/concepts/services-networking/network-policies/ +networkPolicy: +# podSelector: +# matchExpressions: +# - key: app.kubernetes.io/component +# operator: In +# values: [ "generator", "api", "ui" ] +# policyTypes: +# - Egress +# egress: +# - to: +# - ipBlock: +# cidr: 0.0.0.0/0 +# except: +# - 169.254.169.254/32 + cockpit: name: cockpit # Whether this chart should self-manage its service account, role, and associated role binding.