Add support for NetworkPolicy
This MR introduces support for network policies deployment. Network policies only affect clusters that use container networking provider with support for policies (calico, cilium etc.)
- Network policy deployment is disabled by default
- Default policy is block all ingress traffic for all pods in the namespace
- Policy can be changed via
networkPolicy.spec
value
Performed QA steps:
- I have deployed cilium and ingress via cluster apps: https://gitlab.com/gitlab-org/defend/network-policy-cluster-management
- I have deployed my MR to that cluster with a policy that blocks ingress: aevstifeev/network-policy-demo@85319ec2 . I checked that app was in-accessible
- I have deployed another policy that whitelists ingress: aevstifeev/network-policy-demo@a5822969
You can check that app on https://aevstifeev-network-policy-demo.35.224.152.153.nip.io/
related to gitlab-org/gitlab#14010 (closed)
Edited by Arthur Evstifeev