From 81b1bfdd804d6708877206dd732bddf7d1968e29 Mon Sep 17 00:00:00 2001
From: Aline Abler <aline.abler@vshn.ch>
Date: Mon, 24 Jun 2024 17:55:21 +0200
Subject: [PATCH] Enable NetworkPolicy by default

---
 class/defaults.yml                                |  2 +-
 .../modules/ROOT/pages/references/parameters.adoc |  2 +-
 tests/defaults.yml                                |  9 ---------
 .../argocd/argocd/01_namespace/00_namespace.yaml  |  1 -
 .../argocd/argocd/01_namespace/20_monitoring.yaml |  4 ----
 .../argocd/argocd/30_argocd/20_networkpolicy.yaml | 15 +++++++++++++++
 6 files changed, 17 insertions(+), 16 deletions(-)
 create mode 100644 tests/golden/defaults/argocd/argocd/30_argocd/20_networkpolicy.yaml

diff --git a/class/defaults.yml b/class/defaults.yml
index 716ddb33..f1503352 100644
--- a/class/defaults.yml
+++ b/class/defaults.yml
@@ -4,7 +4,7 @@ parameters:
     namespace: syn
     distribution: ${facts:distribution}
     network_policies:
-      enabled: false
+      enabled: true
       allow_from_namespaces: []
     monitoring:
       enabled: true
diff --git a/docs/modules/ROOT/pages/references/parameters.adoc b/docs/modules/ROOT/pages/references/parameters.adoc
index 4a792519..3d0cacfd 100644
--- a/docs/modules/ROOT/pages/references/parameters.adoc
+++ b/docs/modules/ROOT/pages/references/parameters.adoc
@@ -38,7 +38,7 @@ SSH known hosts for Git servers.
 == `network_policies.enabled`
 [horizontal]
 type:: boolean
-default:: false
+default:: true
 
 Whether to enable NetworkPolicies that isolate ArgoCD from the rest of the cluster.
 
diff --git a/tests/defaults.yml b/tests/defaults.yml
index 6806124f..aa350060 100644
--- a/tests/defaults.yml
+++ b/tests/defaults.yml
@@ -1,12 +1,6 @@
-applications:
-  - prometheus
-
 parameters:
   kapitan:
     dependencies:
-      - type: https
-        source: https://raw.githubusercontent.com/projectsyn/component-prometheus/master/lib/prometheus.libsonnet
-        output_path: vendor/lib/prometheus.libsonnet
       - type: https
         source: https://raw.githubusercontent.com/projectsyn/component-cert-manager/master/lib/cert-manager.libsonnet
         output_path: vendor/lib/cert-manager.libsonnet
@@ -15,6 +9,3 @@ parameters:
     vault_role: test
     vault_auth_mount_path: auth/lieutenant
     vault_addr: test.syn.tools
-
-  prometheus:
-    defaultInstance: infra
diff --git a/tests/golden/defaults/argocd/argocd/01_namespace/00_namespace.yaml b/tests/golden/defaults/argocd/argocd/01_namespace/00_namespace.yaml
index d0055abd..d05a4711 100644
--- a/tests/golden/defaults/argocd/argocd/01_namespace/00_namespace.yaml
+++ b/tests/golden/defaults/argocd/argocd/01_namespace/00_namespace.yaml
@@ -4,7 +4,6 @@ metadata:
   annotations: {}
   labels:
     app.kubernetes.io/part-of: argocd
-    monitoring.syn.tools/infra: 'true'
     name: syn
     openshift.io/cluster-monitoring: 'true'
   name: syn
diff --git a/tests/golden/defaults/argocd/argocd/01_namespace/20_monitoring.yaml b/tests/golden/defaults/argocd/argocd/01_namespace/20_monitoring.yaml
index 0534e247..a203bcca 100644
--- a/tests/golden/defaults/argocd/argocd/01_namespace/20_monitoring.yaml
+++ b/tests/golden/defaults/argocd/argocd/01_namespace/20_monitoring.yaml
@@ -4,7 +4,6 @@ metadata:
   labels:
     app.kubernetes.io/name: syn-argocd-metrics
     app.kubernetes.io/part-of: argocd
-    monitoring.syn.tools/enabled: 'true'
     name: syn-component-argocd-metrics
   name: syn-component-argocd-metrics
   namespace: syn
@@ -22,7 +21,6 @@ metadata:
   labels:
     app.kubernetes.io/name: syn-argocd-server-metrics
     app.kubernetes.io/part-of: argocd
-    monitoring.syn.tools/enabled: 'true'
     name: syn-component-argocd-server-metrics
   name: syn-component-argocd-server-metrics
   namespace: syn
@@ -40,7 +38,6 @@ metadata:
   labels:
     app.kubernetes.io/name: syn-argocd-repo-server
     app.kubernetes.io/part-of: argocd
-    monitoring.syn.tools/enabled: 'true'
     name: syn-component-argocd-repo-server
   name: syn-component-argocd-repo-server
   namespace: syn
@@ -57,7 +54,6 @@ kind: PrometheusRule
 metadata:
   labels:
     cluster_id: c-green-test-1234
-    monitoring.syn.tools/enabled: 'true'
     name: argocd
     prometheus: platform
     role: alert-rules
diff --git a/tests/golden/defaults/argocd/argocd/30_argocd/20_networkpolicy.yaml b/tests/golden/defaults/argocd/argocd/30_argocd/20_networkpolicy.yaml
new file mode 100644
index 00000000..5bcfa975
--- /dev/null
+++ b/tests/golden/defaults/argocd/argocd/30_argocd/20_networkpolicy.yaml
@@ -0,0 +1,15 @@
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  annotations: {}
+  labels:
+    name: argocd-allow-same-namespace
+  name: argocd-allow-same-namespace
+  namespace: syn
+spec:
+  ingress:
+    - from:
+        - podSelector: {}
+  podSelector: {}
+  policyTypes:
+    - Ingress