From 933b46c68c6dd29b30069cca45222653a93af3a3 Mon Sep 17 00:00:00 2001
From: Erik Brakkee <erik@brakkee.org>
Date: Thu, 2 Jan 2025 18:24:02 +0100
Subject: [PATCH] No more netpols fo pods in open namespaces.

---
 cmd/policygen/config.go                     | 4 ++--
 cmd/policygen/netpol_generator.go           | 1 -
 cmd/policygen/templates/netpol/pod/pod.yaml | 5 +++--
 example/config.yaml                         | 2 +-
 4 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/cmd/policygen/config.go b/cmd/policygen/config.go
index caa1467..660fb3e 100644
--- a/cmd/policygen/config.go
+++ b/cmd/policygen/config.go
@@ -56,7 +56,7 @@ type Application struct {
 	Name        string            `yaml:"name"`
 	Ports       []Port            `yaml:"ports,omitempty"`
 	MatchLabels map[string]string `yaml:"matchLabels"`
-	Namespace   string            `yaml:"-"`
+	Namespace   *Namespace        `yaml:"-"`
 }
 
 type Namespace struct {
@@ -180,7 +180,7 @@ func LoadConfig(file string) (*Config, error) {
 	// every application must have its namespace field set
 	for _, ns := range config.Namespaces {
 		for _, app := range ns.Applications {
-			app.Namespace = ns.Name
+			app.Namespace = ns
 		}
 	}
 
diff --git a/cmd/policygen/netpol_generator.go b/cmd/policygen/netpol_generator.go
index 2f6077c..66e0961 100644
--- a/cmd/policygen/netpol_generator.go
+++ b/cmd/policygen/netpol_generator.go
@@ -43,7 +43,6 @@ func (g NetworkPolicyGenerrator) GenerateCommunicationRule(
 		log.Printf("Found template %v for pod %s", tmpl, app.Name)
 		if tmpl != nil {
 
-			log.Printf("EXECUTING %s", app.Namespace)
 			err := tmpl.Execute(writer, map[string]any{
 				"app":     app,
 				"ingress": ingress,
diff --git a/cmd/policygen/templates/netpol/pod/pod.yaml b/cmd/policygen/templates/netpol/pod/pod.yaml
index d9ee62d..5f60669 100644
--- a/cmd/policygen/templates/netpol/pod/pod.yaml
+++ b/cmd/policygen/templates/netpol/pod/pod.yaml
@@ -35,11 +35,12 @@
       {{- end }}
 {{- end }}
 
+{{- if not .app.Namespace.Open }}
 kind: NetworkPolicy
 apiVersion: networking.k8s.io/v1
 metadata:
   name: "{{.app.Name}}"
-  namespace: "{{.app.Namespace}}"
+  namespace: "{{.app.Namespace.Name }}"
   labels: {{ .labels | toYaml | nindent 4 }}
 spec:
   podSelector: {{ .app.MatchLabels | toYaml | nindent 4 }}
@@ -65,4 +66,4 @@ spec:
       {{- template "networks" .egress }}
   {{- end }}
 
-    THEEND
\ No newline at end of file
+{{- end }}
diff --git a/example/config.yaml b/example/config.yaml
index 166225c..78bbe8e 100644
--- a/example/config.yaml
+++ b/example/config.yaml
@@ -14,7 +14,7 @@ networks:
 
 namespaces:
   - name: wamblee-org
-    open: true
+    open: false
     capabilities:
       - linkerd
     applications: