fix(netpol): allows toggling the lockdown

This patch set allows disabling egress and ingress separately.

Signed-off-by: Tin Lam <t@lam.wtf>
Change-Id: I18250a009d62a05983e00db7b7309dd065b94069

lockdown/Chart.yaml

@@ -16,6 +16,6 @@ appVersion: "1.0"
 description: |
   A helm chart used to lockdown all ingress and egress for a namespace
 name: lockdown
-version: 0.1.0
+version: 0.1.1
 home: https://kubernetes.io/docs/concepts/services-networking/network-policies/
 ...

lockdown/templates/network_policy.yaml

@@ -11,6 +11,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 */}}
+{{- if or .Values.conf.ingress.disallowed .Values.conf.egress.disallowed }}
 apiVersion: networking.k8s.io/v1
 kind: NetworkPolicy
 metadata:
@@ -18,8 +19,17 @@ metadata:
   namespace: {{ .Release.Namespace }}
 spec:
   policyTypes:
-    - Egress
+{{- if .Values.conf.ingress.disallowed }}
     - Ingress
+{{- end }}
+{{- if .Values.conf.egress.disallowed }}
+    - Egress
+{{- end }}
   podSelector: {}
-  egress: []
+{{- if .Values.conf.ingress.disallowed }}
   ingress: []
+{{- end }}
+{{- if .Values.conf.egress.disallowed }}
+  egress: []
+{{- end }}
+{{- end }}

lockdown/values.yaml

@@ -1,3 +1,4 @@
+---
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
@@ -13,3 +14,9 @@
 # Default values for lockdown chart.
 # This is a YAML-formatted file.
 # Declare variables to be passed into your templates.
+conf:
+  ingress:
+    disallowed: true
+  egress:
+    disallowed: true
+...

releasenotes/notes/lockdown.yaml

@@ -1,4 +1,5 @@
 ---
 lockdown:
   - 0.1.0 Initial Chart
+  - 0.1.1 Allows toggling
 ...