Handling Egress network policy restrictions with variable

[gyaja]

Is your feature request related to a problem ?

Yes, I can't describe custom egress policy in the values.yaml.

Original policies.yaml template

{{- if and .Values.policies.create}}
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  labels:
    app.kubernetes.io/instance: {{ .Release.Namespace | quote }}
    app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
    app.kubernetes.io/version: {{ .Chart.AppVersion | quote  }}
    app.kubernetes.io/part-of: flux
    helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
  name: allow-egress
spec:
  egress:
  - {}
  ingress:
  - from:
    - podSelector: {}
  podSelector: {}
  policyTypes:
  - Ingress
  - Egress

Describe the solution you'd like.

My suggestion is to provide an opportunity to define allow-egress policy in the values.yaml

Describe alternatives you've considered.

values.yaml:

custom-allow-egress: true
egress
  cidrs:
    host: 10.0.0.0/8

Suggested policies.yaml template:

{{- if and .Values.policies.create}}
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  labels:
    app.kubernetes.io/instance: {{ .Release.Namespace | quote }}
    app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
    app.kubernetes.io/version: {{ .Chart.AppVersion | quote  }}
    app.kubernetes.io/part-of: flux
    helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
  name: allow-egress
spec:
{{- if .Values.custom-allow-egress }}
  egress:
    {{- range $rule := index .Values "egress" "cidrs" }}
    - to:
        - ipBlock:
            cidr: {{ index $rule.host }}
{{- else }}
  egress:
  - {}
{{- end }}
  ingress:
  - from:
    - podSelector: {}
  podSelector: {}
  policyTypes:
  - Ingress
  - Egress

  egress:
    {{- range $rule := index .Values "allow-egress" "cidrs" }}
    - to:
        - ipBlock:
            cidr: {{ index $rule.host }}

Additional context.

Feel free to reach out or respond here with any questions!