kubeshop
feat(testkube): add networkpolicy support
Pull request description
Adds Network Policies support
Checklist (choose whats happened)
- [ ] breaking change! (describe)
- [x] tested locally
- [x] tested on cluster
- [ ] added new dependencies
- [ ] updated the docs
- [ ] added a test
Breaking changes
- none
Changes
- none
Fixes
- none
Additional Info
This will be useful to those folks who use network policies with a default-deny configuration. Only Testkube-specific traffic has been accommodated for and by default, these resources will not be created (must enable in values.yaml). I came up with these rules by watching for PacketDrop events (provided by kube-iptables-tailor) in the testkube namespace while running my Test Suites, etc. Hopefully, I didn't miss anything! Also, I am still on 1.16.64 so I added support for the dashboard if enabled.
I didn't update the README as I came to believe it may be auto-generated. LMK if I'm wrong and I'll be happy to update accordingly.
To see the template rendered:
cat << EOF > /tmp/values.yaml
networkPolicy:
enabled: true
EOF
Now from inside the testkube chart directory
helm template testkube . -f values.yaml -f /tmp/values.yaml -s templates/networkpolicy.yaml
Could this support CiliumNetworkPolicy as well? Some inspiration could be taken from datadogs implementation
https://github.com/DataDog/helm-charts/blob/61736e9132b9a44a268ae266bc45c99f78a7491e/charts/datadog/values.yaml#L798 https://github.com/DataDog/helm-charts/blob/61736e9132b9a44a268ae266bc45c99f78a7491e/charts/datadog/templates/agent-cilium-network-policy.yaml
Just wanted to mention these rules are still valid against the 2.0.17 Helm chart.