From 87c82547e1e48da6325c1f91b9177ff71fb7ddde Mon Sep 17 00:00:00 2001
From: Mohit Sheth <msheth@redhat.com>
Date: Tue, 28 Jan 2025 09:36:52 -0500
Subject: [PATCH] add netpols to udn workload (#174)

Signed-off-by: Mohit Sheth <msheth@redhat.com>
Co-authored-by: vishnuchalla <vchalla@redhat.com>
---
 .../np-allow-from-clients.yml                 | 22 +++++++++++++++++++
 cmd/config/udn-density-pods/np-deny-all.yml   |  7 ++++++
 .../udn-density-pods/udn-density-pods.yml     |  6 +++++
 3 files changed, 35 insertions(+)
 create mode 100644 cmd/config/udn-density-pods/np-allow-from-clients.yml
 create mode 100644 cmd/config/udn-density-pods/np-deny-all.yml

diff --git a/cmd/config/udn-density-pods/np-allow-from-clients.yml b/cmd/config/udn-density-pods/np-allow-from-clients.yml
new file mode 100644
index 00000000..a86c6dab
--- /dev/null
+++ b/cmd/config/udn-density-pods/np-allow-from-clients.yml
@@ -0,0 +1,22 @@
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+  name: allow-from-clients-{{.Replica}}
+spec:
+  podSelector:
+    matchLabels:
+      app: nginx
+  ingress:
+  - from:
+    - namespaceSelector:
+        matchLabels:
+          kubernetes.io/metadata.name: udn-density-pods-{{.Iteration}}
+      podSelector:
+        matchLabels:
+          app: client
+    - namespaceSelector:
+        matchLabels:
+          kubernetes.io/metadata.name: kube-burner-service-latency
+    ports:
+    - protocol: TCP
+      port: 8080
diff --git a/cmd/config/udn-density-pods/np-deny-all.yml b/cmd/config/udn-density-pods/np-deny-all.yml
new file mode 100644
index 00000000..e5a9a99d
--- /dev/null
+++ b/cmd/config/udn-density-pods/np-deny-all.yml
@@ -0,0 +1,7 @@
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+  name: deny-all
+spec:
+  podSelector: {}
+  ingress: []
diff --git a/cmd/config/udn-density-pods/udn-density-pods.yml b/cmd/config/udn-density-pods/udn-density-pods.yml
index 05128086..c4c01c66 100644
--- a/cmd/config/udn-density-pods/udn-density-pods.yml
+++ b/cmd/config/udn-density-pods/udn-density-pods.yml
@@ -87,6 +87,12 @@ jobs:
       pod-security.kubernetes.io/warn: privileged
     objects:
 
+      - objectTemplate: np-deny-all.yml
+        replicas: 1
+
+      - objectTemplate: np-allow-from-clients.yml
+        replicas: 1
+
       - objectTemplate: service.yml
         replicas: 5