From 5d1faa7f79f58cd8999a16f3217fc5ca9656efc0 Mon Sep 17 00:00:00 2001
From: Rajiv Senthilnathan <rajivnathan@gmail.com>
Date: Wed, 25 Oct 2023 20:18:06 -0400
Subject: [PATCH] Update CNV network policy (#903)

* Update CNV network policy

* Update deploy/templates/nstemplatetiers/base/ns_stage.yaml

Co-authored-by: Alexey Kazakov <alkazako@redhat.com>

---------

Co-authored-by: Alexey Kazakov <alkazako@redhat.com>
Co-authored-by: Francisc Munteanu <fmuntean@redhat.com>
---
 deploy/templates/nstemplatetiers/base/ns_dev.yaml    | 6 +++++-
 deploy/templates/nstemplatetiers/base/ns_stage.yaml  | 6 +++++-
 deploy/templates/nstemplatetiers/base1ns/ns_dev.yaml | 6 +++++-
 3 files changed, 15 insertions(+), 3 deletions(-)

diff --git a/deploy/templates/nstemplatetiers/base/ns_dev.yaml b/deploy/templates/nstemplatetiers/base/ns_dev.yaml
index 65797b72d..8ac67bee5 100644
--- a/deploy/templates/nstemplatetiers/base/ns_dev.yaml
+++ b/deploy/templates/nstemplatetiers/base/ns_dev.yaml
@@ -173,7 +173,7 @@ objects:
 - apiVersion: networking.k8s.io/v1
   kind: NetworkPolicy
   metadata:
-    name: allow-from-openshift-virtualization-os-images
+    name: allow-from-openshift-virtualization-namespaces
     namespace: ${SPACE_NAME}-dev
   spec:
     ingress:
@@ -181,6 +181,10 @@ objects:
       - namespaceSelector:
           matchLabels:
             kubernetes.io/metadata.name: openshift-virtualization-os-images
+    - from:
+      - namespaceSelector:
+          matchLabels:
+            kubernetes.io/metadata.name: openshift-cnv
     podSelector: {}
     policyTypes:
     - Ingress
diff --git a/deploy/templates/nstemplatetiers/base/ns_stage.yaml b/deploy/templates/nstemplatetiers/base/ns_stage.yaml
index dda3ed8e8..bc1dda573 100644
--- a/deploy/templates/nstemplatetiers/base/ns_stage.yaml
+++ b/deploy/templates/nstemplatetiers/base/ns_stage.yaml
@@ -173,7 +173,7 @@ objects:
 - apiVersion: networking.k8s.io/v1
   kind: NetworkPolicy
   metadata:
-    name: allow-from-openshift-virtualization-os-images
+    name: allow-from-openshift-virtualization-namespaces
     namespace: ${SPACE_NAME}-stage
   spec:
     ingress:
@@ -181,6 +181,10 @@ objects:
       - namespaceSelector:
           matchLabels:
             kubernetes.io/metadata.name: openshift-virtualization-os-images
+    - from:
+      - namespaceSelector:
+          matchLabels:
+            kubernetes.io/metadata.name: openshift-cnv
     podSelector: {}
     policyTypes:
     - Ingress
diff --git a/deploy/templates/nstemplatetiers/base1ns/ns_dev.yaml b/deploy/templates/nstemplatetiers/base1ns/ns_dev.yaml
index e08240adc..b326e83e2 100644
--- a/deploy/templates/nstemplatetiers/base1ns/ns_dev.yaml
+++ b/deploy/templates/nstemplatetiers/base1ns/ns_dev.yaml
@@ -199,7 +199,7 @@ objects:
 - apiVersion: networking.k8s.io/v1
   kind: NetworkPolicy
   metadata:
-    name: allow-from-openshift-virtualization-os-images
+    name: allow-from-openshift-virtualization-namespaces
     namespace: ${SPACE_NAME}-dev
   spec:
     ingress:
@@ -207,6 +207,10 @@ objects:
       - namespaceSelector:
           matchLabels:
             kubernetes.io/metadata.name: openshift-virtualization-os-images
+    - from:
+      - namespaceSelector:
+          matchLabels:
+            kubernetes.io/metadata.name: openshift-cnv
     podSelector: {}
     policyTypes:
     - Ingress