From 31cb162b9146f035f7e191c43040581527e4ac9f Mon Sep 17 00:00:00 2001
From: Artur Zheludkov <rurkss@gmail.com>
Date: Wed, 7 Feb 2024 15:32:45 -0500
Subject: [PATCH] add egress rules for sentinel np

---
 operator/redisfailover/service/generator.go   | 13 +++++++
 .../redisfailover/service/generator_test.go   | 39 +++++++++++++++++++
 2 files changed, 52 insertions(+)

diff --git a/operator/redisfailover/service/generator.go b/operator/redisfailover/service/generator.go
index d0162a817..4b448a867 100644
--- a/operator/redisfailover/service/generator.go
+++ b/operator/redisfailover/service/generator.go
@@ -563,6 +563,19 @@ func generateSentinelNetworkPolicy(rf *redisfailoverv1.RedisFailover, labels map
 					Ports: ports,
 				},
 			},
+			Egress: []np.NetworkPolicyEgressRule{
+				np.NetworkPolicyEgressRule{
+					To: []np.NetworkPolicyPeer{
+						np.NetworkPolicyPeer{
+							NamespaceSelector: &metav1.LabelSelector{
+								MatchLabels: map[string]string{
+									"app.kubernetes.io/instance": namespace,
+								},
+							},
+						},
+					},
+				},
+			},
 		},
 	}
 }
diff --git a/operator/redisfailover/service/generator_test.go b/operator/redisfailover/service/generator_test.go
index cfa80bd4b..e8f04bd5e 100644
--- a/operator/redisfailover/service/generator_test.go
+++ b/operator/redisfailover/service/generator_test.go
@@ -1478,6 +1478,19 @@ func TestSentinelNetworkPolicy(t *testing.T) {
 							},
 						},
 					},
+					Egress: []networkingv1.NetworkPolicyEgressRule{
+						networkingv1.NetworkPolicyEgressRule{
+							To: []networkingv1.NetworkPolicyPeer{
+								networkingv1.NetworkPolicyPeer{
+									NamespaceSelector: &metav1.LabelSelector{
+										MatchLabels: map[string]string{
+											"app.kubernetes.io/instance": namespace,
+										},
+									},
+								},
+							},
+						},
+					},
 				},
 			},
 		},
@@ -1534,6 +1547,19 @@ func TestSentinelNetworkPolicy(t *testing.T) {
 							},
 						},
 					},
+					Egress: []networkingv1.NetworkPolicyEgressRule{
+						networkingv1.NetworkPolicyEgressRule{
+							To: []networkingv1.NetworkPolicyPeer{
+								networkingv1.NetworkPolicyPeer{
+									NamespaceSelector: &metav1.LabelSelector{
+										MatchLabels: map[string]string{
+											"app.kubernetes.io/instance": namespace,
+										},
+									},
+								},
+							},
+						},
+					},
 				},
 			},
 		},
@@ -1600,6 +1626,19 @@ func TestSentinelNetworkPolicy(t *testing.T) {
 							},
 						},
 					},
+					Egress: []networkingv1.NetworkPolicyEgressRule{
+						networkingv1.NetworkPolicyEgressRule{
+							To: []networkingv1.NetworkPolicyPeer{
+								networkingv1.NetworkPolicyPeer{
+									NamespaceSelector: &metav1.LabelSelector{
+										MatchLabels: map[string]string{
+											"app.kubernetes.io/instance": namespace,
+										},
+									},
+								},
+							},
+						},
+					},
 				},
 			},
 		},