Merge pull request #282 from RasaHQ/netpol-egress-to-k8s-api-update

feat: Add support for defining an IP block for egress network policies

charts/rasa-x/Chart.yaml

@@ -1,7 +1,7 @@
 ---
 apiVersion: v2
 
-version: "4.4.1"
+version: "4.5.0"
 
 appVersion: "1.0.1"
 
@@ -41,5 +41,5 @@ dependencies:
 annotations:
   # See: https://artifacthub.io/docs/topics/annotations/helm/#supported-annotations
   artifacthub.io/changes: |
-    - kind: changed
-      description: Bugfix for external redis with credentials
+    - kind: added
+      description: Add support for defining target for the egress-from-rabbitmq-to-k8s-api and egress-from-rasa-x-to-https network policies.

charts/rasa-x/templates/network-policy.yaml

@@ -852,6 +852,10 @@ spec:
         port: 8443
       - protocol: TCP
         port: 443
+    {{- if .Values.networkPolicy.egress.apiCIDR }}
+    to:
+      {{- toYaml .Values.networkPolicy.egress.apiCIDR | nindent 6 }}
+    {{- end }}
 ---
 apiVersion: {{ template "networkPolicy.apiVersion" . }}
 kind: NetworkPolicy
@@ -1153,4 +1157,8 @@ spec:
     - ports:
       - protocol: TCP
         port: 443
+    {{- if .Values.networkPolicy.egress.rasaxToHttpsCIDR }}
+      to:
+        {{- toYaml .Values.networkPolicy.egress.rasaxToHttpsCIDR | nindent 6 }}
+    {{- end }}
 {{- end }}

charts/rasa-x/values.yaml

@@ -856,6 +856,17 @@ networkPolicy:
   #  - ipBlock:
   #      cidr: 0.0.0.0/0
 
+  egress:
+    # Allow for adding the specific k8s api IP/CIDR for the egress-from-rabbitmq-to-k8s-api NetworkPolicy
+    apiCIDR: []
+    #- ipBlock:
+    #    cidr: 10.0.0.0/8
+
+    # Allow for adding the specific IP/CIDR for the egress-from-rasa-x-to-https NetworkPolicy
+    rasaxToHttpsCIDR: []
+    #- ipBlock:
+    #    cidr: 11.0.0.0/8
+
 # images: Settings for the images
 images:
   # pullPolicy to use when deploying images