template network policy

Per G. da Silva · Per G. da Silva · commit 90300eb2f826 · 2025-05-16T10:00:56.000+01:00
Signed-off-by: Per G. da Silva &lt;pegoncal@redhat.com&gt;
diff --git a/deploy/chart/templates/0000_50_olm_01-networkpolicies.yaml b/deploy/chart/templates/0000_50_olm_01-networkpolicies.yaml
@@ -19,17 +19,10 @@ spec:
     matchLabels:
       app: olm-operator
   ingress:
-    - ports:
-      - protocol: TCP
-        port: 8080
+    - {{ .Values.networkPolicy.metrics | toYaml | nindent 6 | trimSuffix "\n" }}
   egress:
-    - ports:
-      - protocol: TCP
-        port: 6443  # kube-api service
-      - protocol: TCP
-        port: 53  # DNS
-      - protocol: UDP
-        port: 53  # DNS
+    - {{ .Values.networkPolicy.kubeAPIServer | toYaml | nindent 6 | trimSuffix "\n" }}
+    - {{ .Values.networkPolicy.dns | toYaml | nindent 6 | trimSuffix "\n" }}
   policyTypes:
     - Ingress
     - Egress
@@ -44,19 +37,13 @@ spec:
     matchLabels:
       app: catalog-operator
   ingress:
-    - ports:
-      - protocol: TCP
-        port: metrics
+    - {{ .Values.networkPolicy.metrics | toYaml | nindent 6 | trimSuffix "\n" }}
   egress:
-    - ports:
-      - protocol: TCP
-        port: 6443  # kube-api server
+    - {{ .Values.networkPolicy.kubeAPIServer | toYaml | nindent 6 | trimSuffix "\n" }}
+    - {{ .Values.networkPolicy.dns | toYaml | nindent 6 | trimSuffix "\n" }}
+    - ports: # This is another distinct rule in the egress list
       - protocol: TCP
-        port: 50051  # registry pods' service port
-      - protocol: TCP
-        port: 53  # DNS
-      - protocol: UDP
-        port: 53  # DNS
+        port: {{ .Values.catalogGrpcServicePort }}
   policyTypes:
     - Ingress
     - Egress
@@ -75,13 +62,10 @@ spec:
       - protocol: TCP
         port: {{ .Values.package.service.internalPort }}
   egress:
+    - {{ .Values.networkPolicy.dns | toYaml | nindent 6 | trimSuffix "\n" }}
     - ports:
       - protocol: TCP
-        port: 50051  # registry pods' service port
-      - protocol: UDP
-        port: 53  # DNS
-      - protocol: TCP
-        port: 53  # DNS
+        port: {{ .Values.catalogGrpcServicePort }}
   policyTypes:
   - Ingress
   - Egress
diff --git a/deploy/chart/values.yaml b/deploy/chart/values.yaml
@@ -19,6 +19,8 @@ writeStatusName: '""'
 imagestream: false
 debug: false
 installType: upstream
+catalogGrpcServicePort: 50051
+
 olm:
   replicaCount: 1
   image:
@@ -75,3 +77,19 @@ package:
 monitoring:
   enabled: false
   namespace: monitoring
+
+networkPolicy:
+  dns:
+    ports:
+      - protocol: TCP
+        port: 53
+      - protocol: UDP
+        port: 53
+  kubeAPIServer:
+    ports:
+      - protocol: TCP
+        port: 6443
+  metrics:
+    ports:
+      - protocol: TCP
+        port: metrics
