From 155e0e1894248e7786ed374e1c003336d1c7a7d9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mat=C3=ADas=20Charri=C3=A8re?= <matias@giantswarm.io>
Date: Tue, 16 Apr 2024 10:23:04 +0200
Subject: [PATCH] remove default-policies and enable DNS policies (#284)

* remove default-policies and enable DNS policies

Signed-off-by: Matias Charriere <matias@giantswarm.io>

* update changelog

Signed-off-by: Matias Charriere <matias@giantswarm.io>

---------

Signed-off-by: Matias Charriere <matias@giantswarm.io>
---
 CHANGELOG.md                                                 | 5 +++++
 .../cluster-cloud-director/templates/cilium-helmrelease.yaml | 3 ++-
 .../cluster-cloud-director/templates/netpol-helmrelease.yaml | 4 +++-
 3 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index db6ed473..d109eddf 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -10,6 +10,11 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ### Added
 
 - Add teleport support to SSH into nodes (disabled by default)
+- Enable DNS network policies from network-policies-app.
+
+### Removed
+
+- Remove default network policies from cilium-app.
 
 ## [0.16.0] - 2024-04-02
 
diff --git a/helm/cluster-cloud-director/templates/cilium-helmrelease.yaml b/helm/cluster-cloud-director/templates/cilium-helmrelease.yaml
index 6c43e355..7ece6281 100644
--- a/helm/cluster-cloud-director/templates/cilium-helmrelease.yaml
+++ b/helm/cluster-cloud-director/templates/cilium-helmrelease.yaml
@@ -63,7 +63,8 @@ spec:
             value: "true"
 {{- if .Values.internal.ciliumNetworkPolicy.enabled }}
     defaultPolicies:
-      enabled: true
+      remove: true
+      enabled: false
       tolerations:
         - effect: NoSchedule
           operator: Exists
diff --git a/helm/cluster-cloud-director/templates/netpol-helmrelease.yaml b/helm/cluster-cloud-director/templates/netpol-helmrelease.yaml
index c9063c26..7b874b99 100644
--- a/helm/cluster-cloud-director/templates/netpol-helmrelease.yaml
+++ b/helm/cluster-cloud-director/templates/netpol-helmrelease.yaml
@@ -33,7 +33,9 @@ spec:
       retries: 30
   # Default values
   # https://github.com/giantswarm/network-policies-app/blob/main/helm/network-policies-app/values.yaml
-  # values:
+  values:
+    allowEgressToDNS:
+      enabled: true
 ---
 apiVersion: source.toolkit.fluxcd.io/v1beta2
 kind: HelmRepository