Setup network policy in project creation

Author: BraisVQ

create-projects/create-projects.sh

@@ -48,6 +48,11 @@ oc new-project "${PROJECT_ID}-cd"
 oc new-project "${PROJECT_ID}-dev"
 oc new-project "${PROJECT_ID}-test"
 
+echo "Applying NetworkPolicy to ${PROJECT_ID}-cd, ${PROJECT_ID}-dev and ${PROJECT_ID}-test"
+oc apply -f ../ocp-config/NetworkPolicy.yml -n "${PROJECT_ID}-cd"
+oc apply -f ../ocp-config/NetworkPolicy.yml -n "${PROJECT_ID}-dev"
+oc apply -f ../ocp-config/NetworkPolicy.yml -n "${PROJECT_ID}-test"
+
 echo "Allow serviceaccount 'jenkins' of ${PROJECT_ID}-cd to admin the environment projects"
 oc policy add-role-to-user "${JENKINS_ROLE}" "system:serviceaccount:${PROJECT_ID}-cd:jenkins" -n "${PROJECT_ID}-dev"
 oc policy add-role-to-user "${JENKINS_ROLE}" "system:serviceaccount:${PROJECT_ID}-cd:jenkins" -n "${PROJECT_ID}-test"

ocp-config/NetworkPolicy.yml

@@ -0,0 +1,14 @@
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+  name: only-allow-namespace-ingress
+spec:
+  podSelector: {}
+  ingress:
+    - from:
+        - podSelector: {}
+        - namespaceSelector:
+            matchLabels:
+              policy-group.network.openshift.io/ingress: ''
+  policyTypes:
+    - Ingress

ocp-scripts/create-target-project.sh

@@ -44,6 +44,9 @@ echo ""
 echo "Creating project ..."
 oc new-project ${project}
 
+echo "Applying NetworkPolicy to ${project}"
+oc apply -f ../ocp-config/NetworkPolicy.yml -n "${project}"
+
 echo ""
 echo "Creating serviceaccount ..."
 oc create sa ${serviceaccountName}