dunglas / mercure / 25057553530 / 1
84%
master: 93%

LAST BUILD BRANCH: main
DEFAULT BRANCH: master
Ran
Files 23
Run time 2s
Badge
Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst
coverage: 83.829%. Remained the same
25057553530.1

push

github

web-flow 
feat(chart): add opt-in NetworkPolicy and CiliumNetworkPolicy templates (#1229)

* feat(chart): add an opt-in NetworkPolicy template

Lets operators restrict the hub pods' inbound and outbound traffic
without templating their own NetworkPolicy outside the chart.

Disabled by default (no behaviour change). When enabled with no rules,
all traffic is denied — supply `networkPolicy.ingress` /
`networkPolicy.egress` lists (pass-through to the Kubernetes
NetworkPolicy spec) to allow what you need. `policyTypes` is
overridable for the deny-all-egress case where leaving `egress`
unspecified would otherwise default to allow.

* feat(chart): add an opt-in CiliumNetworkPolicy template

Some Cilium-only features (FQDN-based egress, L7 rules, explicit deny
rules) are not expressible in the standard NetworkPolicy spec, so add a
sibling template gated on `ciliumNetworkPolicy.enabled` (default off).
Independent of `networkPolicy.enabled` — operators enable whichever
their CNI supports.

Pass-through `ingress` / `ingressDeny` / `egress` / `egressDeny` to the
matching `spec` fields. The `endpointSelector` reuses the same
`app.kubernetes.io/component: server` discriminator as the standard
NetworkPolicy template, so the helm test pod stays unscoped.

* fix(chart): force component label to win over user podLabels

Merge the chart's `app.kubernetes.io/component: server` into
`.Values.podLabels` instead of rendering it as a separate line, so a
user-supplied entry with the same key can't silently take the pods out
of the NetworkPolicy podSelector.

* fix(chart): null-safe podLabels merge and pass-through Cilium empty lists

Per Copilot review on #1229:

- `merge (dict ...) .Values.podLabels` errors when `podLabels` is null
  (the `with` block previously skipped that case). Wrap with
  `(... | default dict)` so the merge stays null-safe.

- Cilium template was using `with` for ingress/ingressDeny/egress/
  egressDeny, which collapses an explicit empty list into a missing
  fi... (continued)

1747 of 2084 relevant lines covered (83.83%)

49.57 hits per line

Source Files on job 0 - 25057553530.1