fix egress rules

Signed-off-by: Matthias Bertschy <[email protected]>

charts/kubescape-operator/assets/common-egress-rules.yaml

@@ -16,7 +16,7 @@
   to:
     - podSelector:
         matchLabels:
-          app: otel-collector
+          {{- include "kubescape-operator.selectorLabels" (dict "Chart" .Chart "Release" .Release "Values" .Values "app" .Values.otelCollector.name) | nindent 10 }}
 {{- if ne .Values.global.httpsProxy "" }}
 - ports:
     - port: {{ .Values.global.networkPolicy.httpsProxyPort }}

charts/kubescape-operator/templates/kubescape-scheduler/networkpolicy.yaml

@@ -15,4 +15,11 @@ spec:
     - Egress
   egress:
 {{ tpl (.Files.Get "assets/common-egress-rules.yaml") . | indent 4 }}
+    - ports:
+        - protocol: TCP
+          port: 4002
+      to:
+        - podSelector:
+            matchLabels:
+              {{- include "kubescape-operator.selectorLabels" (dict "Chart" .Chart "Release" .Release "Values" .Values "app" .Values.operator.name) | nindent 14 }}
 {{- end }}

charts/kubescape-operator/templates/kubevuln-scheduler/networkpolicy.yaml

@@ -15,4 +15,11 @@ spec:
     - Egress
   egress:
 {{ tpl (.Files.Get "assets/common-egress-rules.yaml") . | indent 4 }}
+    - ports:
+        - protocol: TCP
+          port: 4002
+      to:
+        - podSelector:
+            matchLabels:
+              {{- include "kubescape-operator.selectorLabels" (dict "Chart" .Chart "Release" .Release "Values" .Values "app" .Values.operator.name) | nindent 14 }}
 {{- end }}

charts/kubescape-operator/templates/kubevuln/service.yaml

@@ -14,5 +14,5 @@ spec:
       targetPort: {{ .Values.kubevuln.service.targetPort }}
       protocol: {{ .Values.kubevuln.service.protocol }}
   selector:
-    app: {{ .Values.kubevuln.name }}
+    {{- include "kubescape-operator.selectorLabels" (dict "Chart" .Chart "Release" .Release "Values" .Values "app" .Values.kubevuln.name) | nindent 4 }}
 {{- end }}

charts/kubescape-operator/templates/otel-collector/networkpolicy.yaml

@@ -35,4 +35,6 @@ spec:
       ports:
         - port: otlp
           protocol: TCP
+        - port: otlp-http
+          protocol: TCP
 {{- end }}

charts/kubescape-operator/templates/otel-collector/service.yaml

@@ -19,5 +19,5 @@ spec:
       targetPort: 4318
       protocol: TCP
   selector:
-    app: {{ .Values.otelCollector.name }}
+    {{- include "kubescape-operator.selectorLabels" (dict "Chart" .Chart "Release" .Release "Values" .Values "app" .Values.otelCollector.name) | nindent 4 }}
 {{ end }}

charts/kubescape-operator/templates/prometheus-exporter/service.yaml

@@ -14,5 +14,5 @@ spec:
       targetPort: {{ .Values.prometheusExporter.service.targetPort }}
       protocol: {{ .Values.prometheusExporter.service.protocol }}
   selector:
-    app: {{ .Values.prometheusExporter.name }}
+    {{- include "kubescape-operator.selectorLabels" (dict "Chart" .Chart "Release" .Release "Values" .Values "app" .Values.prometheusExporter.name) | nindent 4 }}
 {{- end }}

charts/kubescape-operator/templates/synchronizer/service.yaml

@@ -14,5 +14,5 @@ spec:
       targetPort: {{ .Values.synchronizer.service.targetPort }}
       protocol: {{ .Values.synchronizer.service.protocol }}
   selector:
-    app: {{ .Values.synchronizer.name }}
+    {{- include "kubescape-operator.selectorLabels" (dict "Chart" .Chart "Release" .Release "Values" .Values "app" .Values.synchronizer.name) | nindent 4 }}
   {{- end }}