Skip to content

Commit 8d17440

Browse files
BraisVQBraisVQ
committed
restore Network policy to initial implementation and same with bash for applying it
1 parent 5f3ba50 commit 8d17440

2 files changed

Lines changed: 16 additions & 28 deletions

File tree

create-projects/create-projects.sh

Lines changed: 3 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -52,11 +52,9 @@ oc new-project "${PROJECT_ID}-dev"
5252
oc new-project "${PROJECT_ID}-test"
5353

5454
echo "Applying NetworkPolicy to ${PROJECT_ID}-cd, ${PROJECT_ID}-dev and ${PROJECT_ID}-test"
55-
oc process -f "${ODS_CORE_DIR}/ocp-config/NetworkPolicy.yml" -p NAMESPACE="${PROJECT_ID}-cd" > "${SCRIPT_DIR}/NetworkPolicy-processed.yml"
56-
oc apply -f "${SCRIPT_DIR}/NetworkPolicy-processed.yml" -n "${PROJECT_ID}-cd"
57-
oc apply -f "${SCRIPT_DIR}/NetworkPolicy-processed.yml" -n "${PROJECT_ID}-dev"
58-
oc apply -f "${SCRIPT_DIR}/NetworkPolicy-processed.yml" -n "${PROJECT_ID}-test"
59-
rm -f "${SCRIPT_DIR}/NetworkPolicy-processed.yml"
55+
oc apply -f "${ODS_CORE_DIR}/ocp-config/NetworkPolicy.yml" -n "${PROJECT_ID}-cd"
56+
oc apply -f "${ODS_CORE_DIR}/ocp-config/NetworkPolicy.yml" -n "${PROJECT_ID}-dev"
57+
oc apply -f "${ODS_CORE_DIR}/ocp-config/NetworkPolicy.yml" -n "${PROJECT_ID}-test"
6058

6159
echo "Allow serviceaccount 'jenkins' of ${PROJECT_ID}-cd to admin the environment projects"
6260
oc policy add-role-to-user "${JENKINS_ROLE}" "system:serviceaccount:${PROJECT_ID}-cd:jenkins" -n "${PROJECT_ID}-dev"

ocp-config/NetworkPolicy.yml

Lines changed: 13 additions & 23 deletions
Original file line numberDiff line numberDiff line change
@@ -1,24 +1,14 @@
1-
apiVersion: template.openshift.io/v1
2-
kind: Template
1+
kind: NetworkPolicy
2+
apiVersion: networking.k8s.io/v1
33
metadata:
4-
name: networkpolicy-template
5-
parameters:
6-
- name: NAMESPACE
7-
description: The namespace to allow ingress from
8-
required: true
9-
value: "default" # Default value for the namespace
10-
objects:
11-
- kind: NetworkPolicy
12-
apiVersion: networking.k8s.io/v1
13-
metadata:
14-
name: only-allow-namespace-ingress
15-
spec:
16-
podSelector: {}
17-
ingress:
18-
- from:
19-
- namespaceSelector:
20-
matchLabels:
21-
name: "${NAMESPACE}" # Parameterized namespace
22-
- podSelector: {}
23-
policyTypes:
24-
- Ingress
4+
name: only-allow-namespace-ingress
5+
spec:
6+
podSelector: {}
7+
ingress:
8+
- from:
9+
- podSelector: {}
10+
- namespaceSelector:
11+
matchLabels:
12+
policy-group.network.openshift.io/ingress: ''
13+
policyTypes:
14+
- Ingress

0 commit comments

Comments
 (0)