add np for tenant and env namespaces

codeready-toolchain · Dec 17, 2024 · 4e0c372 · 4e0c372
1 parent 7a65fcc
commit 4e0c372
Show file tree

Hide file tree

Showing 2 changed files with 26 additions and 0 deletions.
diff --git a/deploy/nstemplatetiers/appstudio-env/ns_env.yaml b/deploy/nstemplatetiers/appstudio-env/ns_env.yaml
@@ -218,6 +218,19 @@ objects:
     podSelector: {}
     policyTypes:
     - Ingress
+- apiVersion: networking.k8s.io/v1
+  kind: NetworkPolicy
+  metadata:
+    name: allow-from-dev-sandbox-managed-ns
+    namespace: ${SPACE_NAME}-env
+  spec:
+    ingress:
+    - from:
+      - namespaceSelector:
+          matchLabels:
+            dev-sandbox/policy-group: ingress
+    policyTypes:
+      - Ingress
 parameters:
 - name: SPACE_NAME
   required: true

diff --git a/deploy/nstemplatetiers/appstudio/ns_tenant.yaml b/deploy/nstemplatetiers/appstudio/ns_tenant.yaml
@@ -242,6 +242,19 @@ objects:
     podSelector: {}
     policyTypes:
     - Ingress
+- apiVersion: networking.k8s.io/v1
+  kind: NetworkPolicy
+  metadata:
+    name: allow-from-dev-sandbox-managed-ns
+    namespace: ${SPACE_NAME}-tenant
+  spec:
+    ingress:
+    - from:
+      - namespaceSelector:
+          matchLabels:
+            dev-sandbox/policy-group: ingress
+    policyTypes:
+      - Ingress
 # ServiceAccount and RoleBindings for running Pipelines.
 # appstudio-pipelines-runner-clusterrole is deployed by the pipeline-service component.
 - apiVersion: v1