From 0ab53ffa19fb65c021d8cf8cc1997d6c9468482d Mon Sep 17 00:00:00 2001
From: Jonas Bo Grimsgaard <1508560+jonasbg@users.noreply.github.com>
Date: Mon, 18 Sep 2023 09:53:42 +0200
Subject: [PATCH] removed(networkPolicy): removed network policy

---
 guides/production-notes/production-notes.md   |  5 +--
 .../templates/juice-shop/networkPolicy.yaml   | 40 -------------------
 2 files changed, 1 insertion(+), 44 deletions(-)
 delete mode 100644 helm/multi-juicer/templates/juice-shop/networkPolicy.yaml

diff --git a/guides/production-notes/production-notes.md b/guides/production-notes/production-notes.md
index 97dd67de..7ee2382a 100644
--- a/guides/production-notes/production-notes.md
+++ b/guides/production-notes/production-notes.md
@@ -11,7 +11,7 @@ To ensure MultiJuicer runs as smoothly during your CTF's / trainings / workshops
 
 ## Security Consideration
 
-Add SecurityContext, PodSecurityContext and NetworkPolicy to further isolate and secure your training plattform.
+Add SecurityContext and PodSecurityContext further isolate and secure your training plattform.
 
 ## TLDR
 
@@ -27,7 +27,6 @@ balancer:
     capabilities:
       drop:
       - ALL
-  networkPolicy: true
   replicas: 3
   cookie:
     cookieParserSecret: "THIS_IS_A_EXAMPLE_DONT_USE_THIS_AS_THE_ACTUAL_SECRET"
@@ -44,11 +43,9 @@ juiceShop:
     runAsNonRoot: true
   podsecurityContext:
     allowPrivilegeEscalation: false
-    readOnlyRootFilesystem: true
     capabilities:
       drop:
       - ALL
-  networkPolicy: true
 
 progressWatchdog:
   securityContext:
diff --git a/helm/multi-juicer/templates/juice-shop/networkPolicy.yaml b/helm/multi-juicer/templates/juice-shop/networkPolicy.yaml
deleted file mode 100644
index d4593fc9..00000000
--- a/helm/multi-juicer/templates/juice-shop/networkPolicy.yaml
+++ /dev/null
@@ -1,40 +0,0 @@
-{{- if .Values.juiceShop.networkPolicy }}
-apiVersion: networking.k8s.io/v1
-kind: NetworkPolicy
-metadata:
-  name: networkpolicy-juice-shop
-spec:
-  podSelector:
-    matchLabels:
-      app.kubernetes.io/name: 'juice-shop'
-  policyTypes:
-  - Ingress
-  - Egress
-  ingress:
-  - from:
-      - podSelector:
-          matchLabels:
-            app.kubernetes.io/name: 'juice-balancer'
-    ports:
-    - port: http
-  egress:
-  - to:
-      - podSelector:
-          matchLabels:
-            app.kubernetes.io/name: 'juice-balancer'
-      - podSelector:
-          matchLabels:
-            app.kubernetes.io/name: 'progress-watchdog'
-    ports:
-    - port: http
-  - ports:
-    - port: 53
-      protocol: UDP
-    - port: 53
-      protocol: TCP
-    to:
-    - namespaceSelector: {}
-      podSelector:
-        matchLabels:
-          k8s-app: kube-dns
-{{- end }}