Merge pull request #586 from vshn/hotfix/stackgres_netpol

Add missing network policy for stackgres operator

Author: github-actions[bot]

pkg/comp-functions/functions/vshnpostgres/postgresql_deploy.go

@@ -100,6 +100,19 @@ func DeployPostgreSQL(ctx context.Context, comp *vshnv1.VSHNPostgreSQL, svc *run
 			return runtime.NewWarningResult(fmt.Errorf("cannot create copyJob object: %w", err).Error())
 		}
 	}
+
+	l.Info("Create NetworkPolicy for Stackgres Operator access")
+
+	sgNamespace := svc.Config.Data["sgNamespace"]
+
+	if sgNamespace == "" {
+		return runtime.NewFatalResult(fmt.Errorf("\"sgNamespace\" parameter missing or empty. Ensure it's set correctly"))
+	}
+
+	err = common.CustomCreateNetworkPolicy([]string{sgNamespace}, comp.GetInstanceNamespace(), "allow-stackgres-operator", comp.GetName()+"-sg-netpol", false, svc)
+	if err != nil {
+		return runtime.NewWarningResult(fmt.Errorf("cannot create NetworkPolicy object: %w", err).Error())
+	}
 	return nil
 }
 

pkg/comp-functions/functions/vshnpostgres/postgresql_deploy_test.go

@@ -17,6 +17,7 @@ import (
 	"github.com/vshn/appcat/v4/pkg/comp-functions/runtime"
 	batchv1 "k8s.io/api/batch/v1"
 	corev1 "k8s.io/api/core/v1"
+	netv1 "k8s.io/api/networking/v1"
 	rbacv1 "k8s.io/api/rbac/v1"
 )
 
@@ -93,6 +94,11 @@ func TestPostgreSqlDeploy(t *testing.T) {
 	assert.Equal(t, comp.GetName(), podMonitor.Spec.Selector.MatchLabels["stackgres.io/cluster-name"])
 	assert.Equal(t, "pgexporter", podMonitor.Spec.PodMetricsEndpoints[0].Port)
 
+	netPol := &netv1.NetworkPolicy{}
+	assert.NoError(t, svc.GetDesiredKubeObject(netPol, comp.GetName()+"-sg-netpol"))
+	assert.Contains(t, netPol.Spec.Ingress[0].From[0].NamespaceSelector.MatchLabels, "kubernetes.io/metadata.name")
+	assert.Equal(t, netPol.Spec.Ingress[0].From[0].NamespaceSelector.MatchLabels["kubernetes.io/metadata.name"], svc.Config.Data["sgNamespace"])
+
 }
 
 func TestPostgreSqlDeployWithPgConfig(t *testing.T) {