data,components: Consume kube-seconday-dns network-policy (#2342)

Extend the bump-kube-secondary-dns to consume the project network-policy
manifests.

This change include 'make gen-manifest' changes.

With this change KSD network-policy is added to KSD template, and CNAO
will install KSD network-policy.

Signed-off-by: Or Mergi <[email protected]>

Author: ormergi

data/kube-secondary-dns/secondarydns.yaml

@@ -186,3 +186,19 @@ spec:
       nodeSelector: {{ toYaml .Placement.NodeSelector | nindent 8 }}
       affinity: {{ toYaml .Placement.Affinity | nindent 8 }}
       tolerations: {{ toYaml .Placement.Tolerations | nindent 8 }}
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: allow-ingress-to-secondary-dns
+  namespace: '{{ .Namespace }}'
+spec:
+  podSelector:
+    matchLabels:
+      k8s-app: secondary-dns
+  policyTypes:
+    - Ingress
+  ingress:
+    - ports:
+        - protocol: UDP
+          port: dns

hack/components/bump-kube-secondary-dns.sh

@@ -41,6 +41,9 @@ function __parametize_by_object() {
         yaml-utils::update_param ${f} metadata.namespace '{{ .Namespace }}'
         yaml-utils::remove_single_quotes_from_yaml ${f}
         ;;
+      ./NetworkPolicy_allow-ingress-to-secondary-dns.yaml)
+        yaml-utils::update_param ${f} metadata.namespace '{{ .Namespace }}'
+        ;;
     esac
   done
 }
@@ -79,7 +82,9 @@ echo 'Adjust kube-secondary-dns to CNAO'
       ClusterRole_secondary.yaml \
       ClusterRoleBinding_secondary.yaml \
       ServiceAccount_secondary.yaml \
-      Deployment_secondary-dns.yaml > secondarydns.yaml
+      Deployment_secondary-dns.yaml \
+      NetworkPolicy_allow-ingress-to-secondary-dns.yaml \
+        > secondarydns.yaml
 )
 
 echo 'copy manifests'