Skip to content

Commit

Permalink
Merge pull request #167 from projectsyn/feat/enable-netpol-by-default
Browse files Browse the repository at this point in the history 
Enable NetworkPolicy by default
  • Loading branch information
@HappyTetrahedron
HappyTetrahedron authored Jun 25, 2024
2 parents b24d3fa + 81b1bfd commit d4648a1
Show file tree
Hide file tree
Showing 6 changed files with 17 additions and 16 deletions.
2 changes: 1 addition & 1 deletion class/defaults.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ parameters:
namespace: syn
distribution: ${facts:distribution}
network_policies:
enabled: false
enabled: true
allow_from_namespaces: []
monitoring:
enabled: true
Expand Down
2 changes: 1 addition & 1 deletion docs/modules/ROOT/pages/references/parameters.adoc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@ SSH known hosts for Git servers.
== `network_policies.enabled`
[horizontal]
type:: boolean
default:: false
default:: true

Whether to enable NetworkPolicies that isolate ArgoCD from the rest of the cluster.

Expand Down
9 changes: 0 additions & 9 deletions tests/defaults.yml
View file
Original file line number Diff line number Diff line change
@@ -1,12 +1,6 @@
applications:
- prometheus

parameters:
kapitan:
dependencies:
- type: https
source: https://raw.githubusercontent.com/projectsyn/component-prometheus/master/lib/prometheus.libsonnet
output_path: vendor/lib/prometheus.libsonnet
- type: https
source: https://raw.githubusercontent.com/projectsyn/component-cert-manager/master/lib/cert-manager.libsonnet
output_path: vendor/lib/cert-manager.libsonnet
Expand All @@ -15,6 +9,3 @@ parameters:
vault_role: test
vault_auth_mount_path: auth/lieutenant
vault_addr: test.syn.tools

prometheus:
defaultInstance: infra
1 change: 0 additions & 1 deletion tests/golden/defaults/argocd/argocd/01_namespace/00_namespace.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,6 @@ metadata:
annotations: {}
labels:
app.kubernetes.io/part-of: argocd
monitoring.syn.tools/infra: 'true'
name: syn
openshift.io/cluster-monitoring: 'true'
name: syn
4 changes: 0 additions & 4 deletions tests/golden/defaults/argocd/argocd/01_namespace/20_monitoring.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,6 @@ metadata:
labels:
app.kubernetes.io/name: syn-argocd-metrics
app.kubernetes.io/part-of: argocd
monitoring.syn.tools/enabled: 'true'
name: syn-component-argocd-metrics
name: syn-component-argocd-metrics
namespace: syn
Expand All @@ -22,7 +21,6 @@ metadata:
labels:
app.kubernetes.io/name: syn-argocd-server-metrics
app.kubernetes.io/part-of: argocd
monitoring.syn.tools/enabled: 'true'
name: syn-component-argocd-server-metrics
name: syn-component-argocd-server-metrics
namespace: syn
Expand All @@ -40,7 +38,6 @@ metadata:
labels:
app.kubernetes.io/name: syn-argocd-repo-server
app.kubernetes.io/part-of: argocd
monitoring.syn.tools/enabled: 'true'
name: syn-component-argocd-repo-server
name: syn-component-argocd-repo-server
namespace: syn
Expand All @@ -57,7 +54,6 @@ kind: PrometheusRule
metadata:
labels:
cluster_id: c-green-test-1234
monitoring.syn.tools/enabled: 'true'
name: argocd
prometheus: platform
role: alert-rules
Expand Down
15 changes: 15 additions & 0 deletions tests/golden/defaults/argocd/argocd/30_argocd/20_networkpolicy.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
annotations: {}
labels:
name: argocd-allow-same-namespace
name: argocd-allow-same-namespace
namespace: syn
spec:
ingress:
- from:
- podSelector: {}
podSelector: {}
policyTypes:
- Ingress

0 comments on commit d4648a1

Please sign in to comment.