added network policy config and tests

Author: Barkha Choithani

charts/templates/networkPolicy.yaml

@@ -0,0 +1,20 @@
+{{- if .Values.networkPolicy.enabled }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ include "marklogic.fullname" . }}-network-policy
+  namespace: {{ .Release.Namespace }}
+spec:
+  podSelector:
+    matchLabels:
+      {{- include "marklogic.selectorLabels" . | nindent 6 }}
+  policyTypes:
+    - Ingress
+  ingress:
+    {{- if .Values.networkPolicy.customRules }}
+    - from:
+        {{- toYaml .Values.networkPolicy.customRules | nindent 8 }}
+    {{- end }}
+    - ports:
+        {{- toYaml .Values.networkPolicy.ports | nindent 8 }}
+{{- end }}

charts/values.yaml

@@ -100,7 +100,18 @@ serviceAccount:
   # If not set and create is true, a name is generated using the fullname template
   name: ""
 
-
+# Configure network options
+networkPolicy:
+  enabled: true
+  customRules: {}
+  ports:
+    - port: 8000
+      protocol: TCP
+    - port: 8001
+      protocol: TCP
+    - port: 8002
+      protocol: TCP
+    
 # Below are the advanced configurations, please understand read the reference before you make changes
 
 # Configure options for liveness probe

test/template/network_templ_test.go

@@ -0,0 +1,52 @@
+package template_test
+
+import (
+	"path/filepath"
+	"strings"
+	"testing"
+
+	"github.com/stretchr/testify/require"
+	netv1 "k8s.io/api/networking/v1"
+
+	"github.com/gruntwork-io/terratest/modules/helm"
+	"github.com/gruntwork-io/terratest/modules/k8s"
+	"github.com/gruntwork-io/terratest/modules/random"
+)
+
+func TestChartTemplateNetworkPolicyEnabled(t *testing.T) {
+	t.Parallel()
+
+	// Path to the helm chart we will test
+	helmChartPath, err := filepath.Abs("../../charts")
+	releaseName := "marklogic-network-test"
+	t.Log(helmChartPath, releaseName)
+	require.NoError(t, err)
+
+	// Set up the namespace; confirm that the template renders the expected value for the namespace.
+	namespaceName := "marklogic-" + strings.ToLower(random.UniqueId()) + "-network-policy"
+	t.Logf("Namespace: %s\n", namespaceName)
+
+	// Setup the args for helm install
+	options := &helm.Options{
+		SetValues: map[string]string{
+			"image.repository":      "marklogicdb/marklogic-db",
+			"image.tag":             "latest",
+			"persistence.enabled":   "false",
+			"networkPolicy.enabled": "true",
+		},
+		KubectlOptions: k8s.NewKubectlOptions("", "", namespaceName),
+	}
+	output := helm.RenderTemplate(t, options, helmChartPath, releaseName, []string{"templates/networkPolicy.yaml"})
+
+	var networkpolicy netv1.NetworkPolicy
+	helm.UnmarshalK8SYaml(t, output, &networkpolicy)
+
+	// Verify the name and namespace matches
+	require.Equal(t, namespaceName, networkpolicy.Namespace)
+
+	// Verify the network policy type matches
+	networkPolicies := networkpolicy.Spec
+	expectedPolicyTypes := "Ingress"
+	require.Equal(t, string(networkPolicies.PolicyTypes[0]), expectedPolicyTypes)
+}
+