aws
diff --git a/‎Makefile‎
Lines changed: 6 additions & 6 deletions b/‎Makefile‎
Lines changed: 6 additions & 6 deletions
diff --git a/‎charts/amazon-network-policy-controller-k8s/.helmignore‎
Lines changed: 23 additions & 0 deletions b/‎charts/amazon-network-policy-controller-k8s/.helmignore‎
Lines changed: 23 additions & 0 deletions
diff --git a/‎charts/amazon-network-policy-controller-k8s/Chart.yaml‎
Lines changed: 13 additions & 0 deletions b/‎charts/amazon-network-policy-controller-k8s/Chart.yaml‎
Lines changed: 13 additions & 0 deletions
diff --git a/‎charts/amazon-network-policy-controller-k8s/README.md‎
Lines changed: 40 additions & 0 deletions b/‎charts/amazon-network-policy-controller-k8s/README.md‎
Lines changed: 40 additions & 0 deletions
diff --git a/‎charts/amazon-network-policy-controller-k8s/crds/crds.yaml‎
Lines changed: 234 additions & 0 deletions b/‎charts/amazon-network-policy-controller-k8s/crds/crds.yaml‎
Lines changed: 234 additions & 0 deletions
@@ -195,16 +195,16 @@ format:       ## Format all Go source code files.
 
 run-cyclonus-test: ## Runs cyclonus tests on an existing cluster. Call with CLUSTER_NAME=<name of your cluster> to execute cyclonus test
 ifdef CLUSTER_NAME
-	CLUSTER_NAME=$(CLUSTER_NAME) DISABLE_CP_NETWORK_POLICY_CONTROLLER=$(DISABLE_CP_NETWORK_POLICY_CONTROLLER) ./scripts/run-cyclonus-tests.sh
+	CLUSTER_NAME=$(CLUSTER_NAME) ./scripts/run-cyclonus-tests.sh
 else
 	@echo 'Pass CLUSTER_NAME parameter'
 endif
 
 ./PHONY: deploy-controller-on-dataplane
-deploy-controller-on-dataplane: ## Deploys the Network Policy controller on an existing cluster. Optionally call with AMAZON_NP_CONTROLLER=<Image URI> to update the image
-	./scripts/update-controller-image-dataplane.sh AMAZON_NP_CONTROLLER=$(AMAZON_NP_CONTROLLER)
+deploy-controller-on-dataplane: ## Deploys the Network Policy controller on an existing cluster. Optionally call with NP_CONTROLLER_IMAGE=<Image URI> to update the image
+	./scripts/deploy-controller-on-dataplane.sh NP_CONTROLLER_IMAGE=$(NP_CONTROLLER_IMAGE)
 
 ./PHONY: deploy-and-test
-deploy-and-test: ## Deploys the Network Policy controller on an existing cluster and runs cyclonus tests. Call with CLUSTER_NAME=<name of the cluster> and AMAZON_NP_CONTROLLER=<Image URI> 
-	$(MAKE) deploy-controller-on-dataplane AMAZON_NP_CONTROLLER=$(AMAZON_NP_CONTROLLER)
-	$(MAKE) run-cyclonus-test CLUSTER_NAME=$(CLUSTER_NAME) DISABLE_CP_NETWORK_POLICY_CONTROLLER=true
+deploy-and-test: ## Deploys the Network Policy controller on an existing cluster and runs cyclonus tests. Call with CLUSTER_NAME=<name of the cluster> and NP_CONTROLLER_IMAGE=<Image URI> 
+	$(MAKE) deploy-controller-on-dataplane NP_CONTROLLER_IMAGE=$(NP_CONTROLLER_IMAGE)
+	$(MAKE) run-cyclonus-test CLUSTER_NAME=$(CLUSTER_NAME)
@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
+crds/kustomization.yaml
@@ -0,0 +1,13 @@
+apiVersion: v2
+name: amazon-network-policy-controller-k8s
+version: 1.0.4
+appVersion: v1.0.4
+description: A Helm chart for Amazon Network Policy Controller K8s
+icon: https://raw.githubusercontent.com/aws/eks-charts/master/docs/logo/aws.png
+home: https://github.com/aws/amazon-network-policy-controller-k8s
+sources:
+  - https://github.com/aws/amazon-network-policy-controller-k8s
+keywords:
+  - eks
+  - networking
+  - network-policy
@@ -0,0 +1,40 @@
+# AMAZON NETWORK POLICY CONTROLLER
+
+This chart provides a Kubernetes deployment for the Amazon Network Policy Controller
+
+## Prerequisites
+
+- Kubernetes 1.24+ running on AWS
+- Helm 3.0+
+
+## Installing the Chart
+
+To install the chart with the release name `amazon-network-policy-controller-k8s` and default configuration:
+
+```shell
+$ helm install amazon-network-policy-controller-k8s --namespace kube-system charts/amazon-network-policy-controller-k8s
+```
+
+
+## Configuration
+
+The following table lists the configurable parameters for this chart and their default values.
+
+| Parameter                    | Description                                                   | Default                                                 |
+|------------------------------|---------------------------------------------------------------|---------------------------------------------------------|
+| fullnameOverride             | Override the fullname of the chart                            | amazon-network-policy-controller-k8s                    |
+| nameOverride                 | override for the name of the Helm Chart                       | amazon-network-policy-controller-k8s                    |
+| image.repository             | ECR repository to use. Should match your cluster              | public.ecr.aws/eks/amazon-network-policy-controller-k8s |
+| image.tag                    | Image tag                                                     | v1.0.4                                                  |
+| enableConfigMapCheck         | Enable configmap check to enable/disable controller in Control Plane | false                                            |
+| endpointChunkSize            | Number of endpoints to include in a single policy endpoints resource | 1000                                             |
+| maxConcurrentReconciles      | Maximum number of concurrent reconcile loops                  | 3                                                       |
+| podUpdateBatchPeriodDuration | Duration between batch updates of pods in seconds             | 1                                                       |
+| livenessProbe                | Liveness Probe configuration for controller                   | see `values.yaml`                                       |
+| readinessProbe               | Readiness Probe configuration for controller                  | see `values.yaml`                                       |
+
+Specify each parameter using the `--set key=value[,key=value]` argument to `helm install` or provide a YAML file containing the values for the above parameters:
+
+```shell
+$ helm install amazon-network-policy-controller-k8s --namespace kube-system ./charts/amazon-network-policy-controller-k8s --values values.yaml
+```
@@ -0,0 +1,234 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.11.3
+  creationTimestamp: null
+  labels:
+    app.kubernetes.io/name: amazon-network-policy-controller-k8s
+  name: policyendpoints.networking.k8s.aws
+spec:
+  group: networking.k8s.aws
+  names:
+    kind: PolicyEndpoint
+    listKind: PolicyEndpointList
+    plural: policyendpoints
+    singular: policyendpoint
+  scope: Namespaced
+  versions:
+  - name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: PolicyEndpoint is the Schema for the policyendpoints API
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: PolicyEndpointSpec defines the desired state of PolicyEndpoint
+            properties:
+              egress:
+                description: Egress is the list of egress rules containing resolved
+                  network addresses
+                items:
+                  description: EndpointInfo defines the network endpoint information
+                    for the policy ingress/egress
+                  properties:
+                    cidr:
+                      description: CIDR is the network address(s) of the endpoint
+                      type: string
+                    except:
+                      description: Except is the exceptions to the CIDR ranges mentioned
+                        above.
+                      items:
+                        type: string
+                      type: array
+                    ports:
+                      description: Ports is the list of ports
+                      items:
+                        description: Port contains information about the transport
+                          port/protocol
+                        properties:
+                          endPort:
+                            description: Endport specifies the port range port to
+                              endPort port must be defined and an integer, endPort
+                              > port
+                            format: int32
+                            type: integer
+                          port:
+                            description: Port specifies the numerical port for the
+                              protocol. If empty applies to all ports
+                            format: int32
+                            type: integer
+                          protocol:
+                            default: TCP
+                            description: Protocol specifies the transport protocol,
+                              default TCP
+                            type: string
+                        type: object
+                      type: array
+                  required:
+                  - cidr
+                  type: object
+                type: array
+              ingress:
+                description: Ingress is the list of ingress rules containing resolved
+                  network addresses
+                items:
+                  description: EndpointInfo defines the network endpoint information
+                    for the policy ingress/egress
+                  properties:
+                    cidr:
+                      description: CIDR is the network address(s) of the endpoint
+                      type: string
+                    except:
+                      description: Except is the exceptions to the CIDR ranges mentioned
+                        above.
+                      items:
+                        type: string
+                      type: array
+                    ports:
+                      description: Ports is the list of ports
+                      items:
+                        description: Port contains information about the transport
+                          port/protocol
+                        properties:
+                          endPort:
+                            description: Endport specifies the port range port to
+                              endPort port must be defined and an integer, endPort
+                              > port
+                            format: int32
+                            type: integer
+                          port:
+                            description: Port specifies the numerical port for the
+                              protocol. If empty applies to all ports
+                            format: int32
+                            type: integer
+                          protocol:
+                            default: TCP
+                            description: Protocol specifies the transport protocol,
+                              default TCP
+                            type: string
+                        type: object
+                      type: array
+                  required:
+                  - cidr
+                  type: object
+                type: array
+              podIsolation:
+                description: PodIsolation specifies whether the pod needs to be isolated
+                  for a particular traffic direction Ingress or Egress, or both. If
+                  default isolation is not specified, and there are no ingress/egress
+                  rules, then the pod is not isolated from the point of view of this
+                  policy. This follows the NetworkPolicy spec.PolicyTypes.
+                items:
+                  description: PolicyType string describes the NetworkPolicy type
+                    This type is beta-level in 1.8
+                  type: string
+                type: array
+              podSelector:
+                description: PodSelector is the podSelector from the policy resource
+                properties:
+                  matchExpressions:
+                    description: matchExpressions is a list of label selector requirements.
+                      The requirements are ANDed.
+                    items:
+                      description: A label selector requirement is a selector that
+                        contains values, a key, and an operator that relates the key
+                        and values.
+                      properties:
+                        key:
+                          description: key is the label key that the selector applies
+                            to.
+                          type: string
+                        operator:
+                          description: operator represents a key's relationship to
+                            a set of values. Valid operators are In, NotIn, Exists
+                            and DoesNotExist.
+                          type: string
+                        values:
+                          description: values is an array of string values. If the
+                            operator is In or NotIn, the values array must be non-empty.
+                            If the operator is Exists or DoesNotExist, the values
+                            array must be empty. This array is replaced during a strategic
+                            merge patch.
+                          items:
+                            type: string
+                          type: array
+                      required:
+                      - key
+                      - operator
+                      type: object
+                    type: array
+                  matchLabels:
+                    additionalProperties:
+                      type: string
+                    description: matchLabels is a map of {key,value} pairs. A single
+                      {key,value} in the matchLabels map is equivalent to an element
+                      of matchExpressions, whose key field is "key", the operator
+                      is "In", and the values array contains only "value". The requirements
+                      are ANDed.
+                    type: object
+                type: object
+                x-kubernetes-map-type: atomic
+              podSelectorEndpoints:
+                description: PodSelectorEndpoints contains information about the pods
+                  matching the podSelector
+                items:
+                  description: PodEndpoint defines the summary information for the
+                    pods
+                  properties:
+                    hostIP:
+                      description: HostIP is the IP address of the host the pod is
+                        currently running on
+                      type: string
+                    name:
+                      description: Name is the pod name
+                      type: string
+                    namespace:
+                      description: Namespace is the pod namespace
+                      type: string
+                    podIP:
+                      description: PodIP is the IP address of the pod
+                      type: string
+                  required:
+                  - hostIP
+                  - name
+                  - namespace
+                  - podIP
+                  type: object
+                type: array
+              policyRef:
+                description: PolicyRef is a reference to the Kubernetes NetworkPolicy
+                  resource.
+                properties:
+                  name:
+                    description: Name is the name of the Policy
+                    type: string
+                  namespace:
+                    description: Namespace is the namespace of the Policy
+                    type: string
+                required:
+                - name
+                - namespace
+                type: object
+            required:
+            - policyRef
+            type: object
+          status:
+            description: PolicyEndpointStatus defines the observed state of PolicyEndpoint
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}