No more netpols fo pods in open namespaces.

cmd/policygen/config.go

@@ -56,7 +56,7 @@ type Application struct {
 	Name        string            `yaml:"name"`
 	Ports       []Port            `yaml:"ports,omitempty"`
 	MatchLabels map[string]string `yaml:"matchLabels"`
-	Namespace   string            `yaml:"-"`
+	Namespace   *Namespace        `yaml:"-"`
 }
 
 type Namespace struct {
@@ -180,7 +180,7 @@ func LoadConfig(file string) (*Config, error) {
 	// every application must have its namespace field set
 	for _, ns := range config.Namespaces {
 		for _, app := range ns.Applications {
-			app.Namespace = ns.Name
+			app.Namespace = ns
 		}
 	}
 

cmd/policygen/netpol_generator.go

@@ -43,7 +43,6 @@ func (g NetworkPolicyGenerrator) GenerateCommunicationRule(
 		log.Printf("Found template %v for pod %s", tmpl, app.Name)
 		if tmpl != nil {
 
-			log.Printf("EXECUTING %s", app.Namespace)
 			err := tmpl.Execute(writer, map[string]any{
 				"app":     app,
 				"ingress": ingress,

cmd/policygen/templates/netpol/pod/pod.yaml

@@ -35,11 +35,12 @@
       {{- end }}
 {{- end }}
 
+{{- if not .app.Namespace.Open }}
 kind: NetworkPolicy
 apiVersion: networking.k8s.io/v1
 metadata:
   name: "{{.app.Name}}"
-  namespace: "{{.app.Namespace}}"
+  namespace: "{{.app.Namespace.Name }}"
   labels: {{ .labels | toYaml | nindent 4 }}
 spec:
   podSelector: {{ .app.MatchLabels | toYaml | nindent 4 }}
@@ -65,4 +66,4 @@ spec:
       {{- template "networks" .egress }}
   {{- end }}
 
-    THEEND
+{{- end }}

example/config.yaml

@@ -14,7 +14,7 @@ networks:
 
 namespaces:
   - name: wamblee-org
-    open: true
+    open: false
     capabilities:
       - linkerd
     applications: