adj netpols and secrets

ikethecoder · ikethecoder · commit 1f1340507d72 · 2026-01-09T17:06:08.000-08:00
diff --git a/sdx/chart/sdx-edge/templates/ocp-netpols.yml b/sdx/chart/sdx-edge/templates/ocp-netpols.yml
@@ -1,7 +1,7 @@
 kind: NetworkPolicy
 apiVersion: networking.k8s.io/v1
 metadata:
-  name: allow-ingress-to-{{ include "sdx-edge.fullname" . }}
+  name: sdx-ingress-{{ include "sdx-edge.fullname" . }}
 spec:
   podSelector:
     matchLabels:
@@ -11,18 +11,23 @@ spec:
         - namespaceSelector:
             matchLabels:
               network.openshift.io/policy-group: ingress
+      ports:
+      - protocol: TCP
+        port: 8443
   policyTypes:
     - Ingress
+
 {{ if .Values.shared.fluentbit.enabled }}
 ---
 kind: NetworkPolicy
 apiVersion: networking.k8s.io/v1
 metadata:
-  name: allow-edge-to-aggregator
+  name: sdx-edge-to-fluentbit
 spec:
   podSelector:
     matchLabels:
-      app.kubernetes.io/name: log-aggregator
+      app.kubernetes.io/name: sdx-edge
+      app.kubernetes.io/component: fluentbit
   ingress:
     - from:
         - podSelector:
@@ -37,11 +42,12 @@ spec:
 kind: NetworkPolicy
 apiVersion: networking.k8s.io/v1
 metadata:
-  name: allow-ingress-to-prometheus
+  name: sdx-ingress-prometheus
 spec:
   podSelector:
     matchLabels:
-      app.kubernetes.io/name: prometheus
+      app.kubernetes.io/name: sdx-edge
+      app.kubernetes.io/component: prometheus
   ingress:
     - from:
         - namespaceSelector:
diff --git a/sdx/chart/sdx-edge/templates/secrets.yaml b/sdx/chart/sdx-edge/templates/secrets.yaml
@@ -1,27 +1,29 @@
-{{ if .Values.tls.client.bootstrap.token }}
 kind: Secret
 apiVersion: v1
 metadata:
-  name: {{ include "sdx-edge.fullname" . }}-bootstrap
+  name: {{ include "sdx-edge.fullname" . }}-proxy-include
 data:
-  token: {{ .Values.tls.client.bootstrap.token | b64enc | quote }}
+  config: {{ .Values.nginx_conf | b64enc | quote }}
 type: Opaque
+
+{{ if .Values.tls.client.bootstrap.token }}
 ---
-{{ end }}
-{{ if .Values.shared.ca_secret }}
 kind: Secret
 apiVersion: v1
 metadata:
-  name: sdx-public-ca
+  name: {{ include "sdx-edge.fullname" . }}-bootstrap
 data:
-  ca.crt: {{ .Values.tls.public_ca | b64enc | quote }}
+  token: {{ .Values.tls.client.bootstrap.token | b64enc | quote }}
 type: Opaque
+{{ end }}
+
+{{ if .Values.shared.ca_secret }}
 ---
 kind: Secret
 apiVersion: v1
 metadata:
-  name: {{ include "sdx-edge.fullname" . }}-proxy-include
+  name: sdx-public-ca
 data:
-  config: {{ .Values.nginx_conf | b64enc | quote }}
+  ca.crt: {{ .Values.tls.public_ca | b64enc | quote }}
 type: Opaque
-{{ end }}
+{{ end }}
