netpol: rename option to interNamespaceAccessLabels

jupyterhub · Oct 20, 2020 · 0f0ea2b · 0f0ea2b
1 parent ddb1a47
commit 0f0ea2b
Show file tree

Hide file tree

Showing 6 changed files with 13 additions and 13 deletions.
diff --git a/jupyterhub/templates/hub/netpol.yaml b/jupyterhub/templates/hub/netpol.yaml
@@ -45,7 +45,7 @@ spec:
         - podSelector:
             matchLabels:
               hub.jupyter.org/network-access-hub: "true"
-        {{- if eq .Values.hub.networkPolicy.interNamespaceLabeledIngress "allow" }}
+        {{- if eq .Values.hub.networkPolicy.interNamespaceAccessLabels "accept" }}
           namespaceSelector:
             matchLabels: {}   # without this, the podSelector would only consider pods in the local namespace
         # source 2 - pods in labeled namespaces

diff --git a/jupyterhub/templates/proxy/autohttps/netpol.yaml b/jupyterhub/templates/proxy/autohttps/netpol.yaml
@@ -48,7 +48,7 @@ spec:
         - podSelector:
             matchLabels:
               hub.jupyter.org/network-access-proxy-http: "true"
-        {{- if eq .Values.proxy.traefik.networkPolicy.interNamespaceLabeledIngress "allow" }}
+        {{- if eq .Values.proxy.traefik.networkPolicy.interNamespaceAccessLabels "accept" }}
           namespaceSelector:
             matchLabels: {}   # without this, the podSelector would only consider pods in the local namespace
         # source 2 - pods in labeled namespaces

diff --git a/jupyterhub/templates/proxy/netpol.yaml b/jupyterhub/templates/proxy/netpol.yaml
@@ -52,7 +52,7 @@ spec:
         - podSelector:
             matchLabels:
               hub.jupyter.org/network-access-proxy-http: "true"
-        {{- if eq .Values.proxy.chp.networkPolicy.interNamespaceLabeledIngress "allow" }}
+        {{- if eq .Values.proxy.chp.networkPolicy.interNamespaceAccessLabels "accept" }}
           namespaceSelector:
             matchLabels: {}   # without this, the podSelector would only consider pods in the local namespace
         # source 2 - pods in labeled namespaces
@@ -69,7 +69,7 @@ spec:
         - podSelector:
             matchLabels:
               hub.jupyter.org/network-access-proxy-api: "true"
-        {{- if eq .Values.proxy.chp.networkPolicy.interNamespaceLabeledIngress "allow" }}
+        {{- if eq .Values.proxy.chp.networkPolicy.interNamespaceAccessLabels "accept" }}
           namespaceSelector:
             matchLabels: {}   # without this, the podSelector would only consider pods in the local namespace
         # source 2 - pods in labeled namespaces

diff --git a/jupyterhub/templates/singleuser/netpol.yaml b/jupyterhub/templates/singleuser/netpol.yaml
@@ -46,7 +46,7 @@ spec:
         - podSelector:
             matchLabels:
               hub.jupyter.org/network-access-singleuser: "true"
-        {{- if eq .Values.singleuser.networkPolicy.interNamespaceLabeledIngress "allow" }}
+        {{- if eq .Values.singleuser.networkPolicy.interNamespaceAccessLabels "accept" }}
           namespaceSelector:
             matchLabels: {}   # without this, the podSelector would only consider pods in the local namespace
         # source 2 - pods in labeled namespaces

diff --git a/jupyterhub/values.yaml b/jupyterhub/values.yaml
@@ -97,7 +97,7 @@ hub:
       - to:
           - ipBlock:
               cidr: 0.0.0.0/0
-    interNamespaceLabeledIngress: block
+    interNamespaceAccessLabels: ignore
     allowedIngressPorts: []
   allowNamedServers: false
   namedServerLimitPerUser:
@@ -200,7 +200,7 @@ proxy:
         - to:
             - ipBlock:
                 cidr: 0.0.0.0/0
-      interNamespaceLabeledIngress: allow
+      interNamespaceAccessLabels: accept
       allowedIngressPorts: [http, https]
   # traefik relates to the autohttps pod, which is responsible for TLS
   # termination when proxy.https.type=letsencrypt.
@@ -233,7 +233,7 @@ proxy:
         - to:
             - ipBlock:
                 cidr: 0.0.0.0/0
-      interNamespaceLabeledIngress: allow
+      interNamespaceAccessLabels: accept
       allowedIngressPorts: [http, https]
   secretSync:
     containerSecurityContext:
@@ -329,7 +329,7 @@ singleuser:
               cidr: 0.0.0.0/0
               except:
                 - 169.254.169.254/32
-    interNamespaceLabeledIngress: block
+    interNamespaceAccessLabels: ignore
     allowedIngressPorts: []
   events: true
   extraAnnotations: {}

diff --git a/tools/templates/lint-and-validate-values.yaml b/tools/templates/lint-and-validate-values.yaml
@@ -75,7 +75,7 @@ hub:
       - to:
           - ipBlock:
               cidr: 0.0.0.0/0
-    interNamespaceLabeledIngress: block
+    interNamespaceAccessLabels: ignore
     allowedIngressPorts: []
   allowNamedServers: true
   nodeSelector:
@@ -135,7 +135,7 @@ proxy:
         - to:
             - ipBlock:
                 cidr: 0.0.0.0/0
-      interNamespaceLabeledIngress: allow
+      interNamespaceAccessLabels: accept
       allowedIngressPorts: [http, https]
   traefik:
     resources:
@@ -165,7 +165,7 @@ proxy:
         - to:
             - ipBlock:
                 cidr: 0.0.0.0/0
-      interNamespaceLabeledIngress: allow
+      interNamespaceAccessLabels: accept
       allowedIngressPorts: [http, https]
   secretSync:
     resources:
@@ -294,7 +294,7 @@ singleuser:
               cidr: 0.0.0.0/0
               except:
                 - 169.254.169.254/32
-    interNamespaceLabeledIngress: block
+    interNamespaceAccessLabels: ignore
     allowedIngressPorts: []
   events: true
   extraLabels: {}