Feature: Network policies

[unicode-it]

It would be great to have an option to also generate network policies automatically. A plausible default would be to limit access to exposed ports to all pods/services only to ressources of the same application via the existent labels. This restricts all foreign traffic to use the ingress if configured.
It could be an extra label to provide a network policy for the given service.

Something like this:

{{- if .Values.db.networkPolicy.enabled -}}
kind: NetworkPolicy
apiVersion: networking.k8s.io/v1
metadata:
  annotations:
    katenary.v3/compose-hash: f7e37491abe3220deeb5961e7dd0075983ee7cb0
    katenary.v3/version: develop-4367a01
  labels:
    {{- include "mosparo.labels" . | nindent 4 }}
    katenary.v3/component: db
  name: '{{ include "mosparo.fullname" . }}-db'
spec:
  podSelector:
    matchLabels:
      {{- include "mosparo.selectorLabels" . | nindent 6 }}
      katenary.v3/component: db
  ingress:
  - from:
    - podSelector:
        matchLabels:
          {{- include "mosparo.selectorLabels" . | nindent 10 }}
    ports:
    - protocol: TCP
      port: 3306
  policyTypes:
    - Ingress

# vim: ft=helm.gotmpl.yaml
{{- end }}

[metal3d]

I really like the idea. I set it up for the 3.0.1 release. I need to fix up the master branch with the newest features and I will adapt to integrate the network policies.