From 07a866bc00abc64f3fbaad5ec840439be449f4bd Mon Sep 17 00:00:00 2001
From: Michael Haehnel <michael.haehnel@netgo.de>
Date: Thu, 12 Jan 2023 11:26:47 +0100
Subject: [PATCH] DEV-752 New network policy for ingress2miniopods

---
 .../netpol_ingress-miniooperator2miniopods.yaml  |  2 --
 templates/netpol_ingress-nginx2miniopods.yaml    | 16 ++++++++++++++++
 2 files changed, 16 insertions(+), 2 deletions(-)
 create mode 100644 templates/netpol_ingress-nginx2miniopods.yaml

diff --git a/templates/netpol_ingress-miniooperator2miniopods.yaml b/templates/netpol_ingress-miniooperator2miniopods.yaml
index 2b6cfd0..56f45ec 100644
--- a/templates/netpol_ingress-miniooperator2miniopods.yaml
+++ b/templates/netpol_ingress-miniooperator2miniopods.yaml
@@ -9,10 +9,8 @@ spec:
     - namespaceSelector:
         matchLabels:
           kubernetes.io/metadata.name: minio-operator
-          kubernetes.io/metadata.name: ingress
   podSelector:
     matchLabels:
       v1.min.io/tenant: {{ .Values.tenant.tenant.name }}
-      app.kubernetes.io/name: ingress-nginx
   policyTypes:
   - Ingress
diff --git a/templates/netpol_ingress-nginx2miniopods.yaml b/templates/netpol_ingress-nginx2miniopods.yaml
new file mode 100644
index 0000000..1876de6
--- /dev/null
+++ b/templates/netpol_ingress-nginx2miniopods.yaml
@@ -0,0 +1,16 @@
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: ingress-nginx2miniopods
+# allow traffic from minio-operator NS to current NS across all ports
+spec:
+  ingress: 
+  - from:
+    - namespaceSelector:
+        matchLabels:
+          kubernetes.io/metadata.name: ingress
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: ingress-nginx
+  policyTypes:
+  - Ingress