From c5ad46310602bce3a09c897923dee8b36f065241 Mon Sep 17 00:00:00 2001
From: zamaz <71521611+zachariahmiller@users.noreply.github.com>
Date: Mon, 6 May 2024 23:28:35 -0400
Subject: [PATCH] chore: add netpol template for runner sandbox (#125)

updates default package config when specifying an internal runner to
support the sandbox namespace communication to the gitlab workhorse.

Release-As: v16.11.1-uds.1
---
 chart/templates/uds-package.yaml | 11 ++++++++++-
 chart/values.yaml                |  1 +
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/chart/templates/uds-package.yaml b/chart/templates/uds-package.yaml
index 35b35535..f4ad613f 100644
--- a/chart/templates/uds-package.yaml
+++ b/chart/templates/uds-package.yaml
@@ -79,6 +79,15 @@ spec:
         description: "Runner Ingress Workhorse"
     {{- end }}
 
+    {{- if and .Values.runner.internal (hasKey .Values.runner "sandboxNamespace") (ne .Values.runner.sandboxNamespace "") }}
+      - direction: Ingress
+        selector:
+          app: webservice
+        remoteNamespace: {{ .Values.runner.sandboxNamespace | quote }}
+        port: 8181
+        description: "Runner Sandbox Ingress Workhorse"
+    {{- end }}
+
       - direction: Ingress
         remoteNamespace: monitoring
         remoteSelector:
@@ -155,7 +164,7 @@ spec:
         {{- end }}
         description: "Registry Storage"
 
-      # Sidekiq Netpols 
+      # Sidekiq Netpols
       - direction: Egress
         selector:
           app: sidekiq
diff --git a/chart/values.yaml b/chart/values.yaml
index ad587a63..715db6b8 100644
--- a/chart/values.yaml
+++ b/chart/values.yaml
@@ -28,6 +28,7 @@ runner:
   selector:
     app: gitlab-runner
   namespace: gitlab-runner
+  sandboxNamespace: gitlab-runner-sandbox
 # custom:
 #    # Notice no `remoteGenerated` field here on custom internal rule
 #   - direction: Ingress