feat: add ingress network policy with generic sandbox label (#1113)

* allow from dev sandbox managed NS
---------

Co-authored-by: Devtools <devtools@redhat.com>
Co-authored-by: Matous Jobanek <mjobanek@redhat.com>

deploy/templates/nstemplatetiers/base/ns_dev.yaml

@@ -226,6 +226,19 @@ objects:
                 kubernetes.io/metadata.name: redhat-ods-applications
     policyTypes:
       - Ingress
+- apiVersion: networking.k8s.io/v1
+  kind: NetworkPolicy
+  metadata:
+    name: allow-from-dev-sandbox-managed-ns
+    namespace: ${SPACE_NAME}-dev
+  spec:
+    ingress:
+    - from:
+      - namespaceSelector:
+          matchLabels:
+            dev-sandbox/policy-group: ingress
+    policyTypes:
+      - Ingress
 parameters:
 - name: SPACE_NAME
   required: true

deploy/templates/nstemplatetiers/base/ns_stage.yaml

@@ -226,6 +226,19 @@ objects:
                 kubernetes.io/metadata.name: redhat-ods-applications
     policyTypes:
       - Ingress
+- apiVersion: networking.k8s.io/v1
+  kind: NetworkPolicy
+  metadata:
+    name: allow-from-dev-sandbox-managed-ns
+    namespace: ${SPACE_NAME}-stage
+  spec:
+    ingress:
+    - from:
+      - namespaceSelector:
+          matchLabels:
+            dev-sandbox/policy-group: ingress
+    policyTypes:
+      - Ingress
 parameters:
 - name: SPACE_NAME
   required: true

deploy/templates/nstemplatetiers/base1ns/ns_dev.yaml

@@ -252,6 +252,19 @@ objects:
                 kubernetes.io/metadata.name: redhat-ods-applications
     policyTypes:
       - Ingress
+- apiVersion: networking.k8s.io/v1
+  kind: NetworkPolicy
+  metadata:
+    name: allow-from-dev-sandbox-managed-ns
+    namespace: ${SPACE_NAME}-dev
+  spec:
+    ingress:
+    - from:
+      - namespaceSelector:
+          matchLabels:
+            dev-sandbox/policy-group: ingress
+    policyTypes:
+      - Ingress
 parameters:
 - name: SPACE_NAME
   required: true

deploy/templates/nstemplatetiers/intellarge/ns_dev.yaml

@@ -252,6 +252,19 @@ objects:
                 kubernetes.io/metadata.name: redhat-ods-applications
     policyTypes:
       - Ingress
+- apiVersion: networking.k8s.io/v1
+  kind: NetworkPolicy
+  metadata:
+    name: allow-from-dev-sandbox-managed-ns
+    namespace: ${SPACE_NAME}-dev
+  spec:
+    ingress:
+    - from:
+      - namespaceSelector:
+          matchLabels:
+            dev-sandbox/policy-group: ingress
+    policyTypes:
+      - Ingress
 parameters:
 - name: SPACE_NAME
   required: true

deploy/templates/nstemplatetiers/intelmedium/ns_dev.yaml

@@ -252,6 +252,19 @@ objects:
                 kubernetes.io/metadata.name: redhat-ods-applications
     policyTypes:
       - Ingress
+- apiVersion: networking.k8s.io/v1
+  kind: NetworkPolicy
+  metadata:
+    name: allow-from-dev-sandbox-managed-ns
+    namespace: ${SPACE_NAME}-dev
+  spec:
+    ingress:
+    - from:
+      - namespaceSelector:
+          matchLabels:
+            dev-sandbox/policy-group: ingress
+    policyTypes:
+      - Ingress
 parameters:
 - name: SPACE_NAME
   required: true

deploy/templates/nstemplatetiers/test/ns_dev.yaml

@@ -197,6 +197,19 @@ objects:
     podSelector: {}
     policyTypes:
     - Ingress
+- apiVersion: networking.k8s.io/v1
+  kind: NetworkPolicy
+  metadata:
+    name: allow-from-dev-sandbox-managed-ns
+    namespace: ${SPACE_NAME}-dev
+  spec:
+    ingress:
+    - from:
+      - namespaceSelector:
+          matchLabels:
+            dev-sandbox/policy-group: ingress
+    policyTypes:
+      - Ingress
 parameters:
 - name: SPACE_NAME
   required: true