From 5c91bb821760142b61a969da0b51e7e8a3d6a31c Mon Sep 17 00:00:00 2001
From: Adam Kosmin <windowsrefund@users.noreply.github.com>
Date: Tue, 15 Feb 2022 10:01:40 -0500
Subject: [PATCH] Remove abstraction that doesn't work anyway (#3209)

Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu>

Co-authored-by: Trey Dockendorf <tdockendorf@osc.edu>
---
 charts/kyverno/README.md                    |  1 +
 charts/kyverno/templates/networkpolicy.yaml | 32 ++++-----------------
 charts/kyverno/values.yaml                  |  6 ++--
 3 files changed, 8 insertions(+), 31 deletions(-)

diff --git a/charts/kyverno/README.md b/charts/kyverno/README.md
index b4103b561f..ab6a9cb6d1 100644
--- a/charts/kyverno/README.md
+++ b/charts/kyverno/README.md
@@ -92,6 +92,7 @@ The following table lists the configurable parameters of the kyverno chart and t
 | `nameOverride` | override the name of the chart | `nil` |
 | `namespace` | namespace the chart deploy to | `nil` |
 | `networkPolicy.enabled` | when true, use a NetworkPolicy to grant access to the webhook. | `false` |
+| `networkPolicy.ingressFrom` | A list of valid from selectors. | `[]` |
 | `nodeAffinity` | node affinities. Empty by default. Can be added for nodeAffinities. | `nil` |
 | `nodeSelector` | node labels for pod assignment | `{}` |
 | `podAffinity` | pod affinities. Empty by default. Can be added for podAffinities. | `nil` |
diff --git a/charts/kyverno/templates/networkpolicy.yaml b/charts/kyverno/templates/networkpolicy.yaml
index 0f3c8e46e8..0f0433384d 100644
--- a/charts/kyverno/templates/networkpolicy.yaml
+++ b/charts/kyverno/templates/networkpolicy.yaml
@@ -12,34 +12,11 @@ spec:
       app: kyverno
   policyTypes:
   - Ingress
-  {{- if or .Values.networkPolicy.namespaceExpressions .Values.networkPolicy.namespaceLabels .Values.networkPolicy.podExpressions .Values.networkPolicy.podLabels }}
+  {{- if .Values.networkPolicy.ingressFrom }}
   ingress:
   - from:
-    {{- if or .Values.networkPolicy.namespaceExpressions .Values.networkPolicy.namespaceLabels }}
-      - namespaceSelector:
-        {{- with .Values.networkPolicy.namespaceExpressions }}
-          matchExpressions:
-            {{- toYaml . | nindent 10 }}
-        {{- end }}
-        {{- with .Values.networkPolicy.namespaceLabels }}
-          matchLabels:
-            {{- range $key, $value := . }}
-            {{ $key | quote }}: {{ $value | quote }}
-            {{- end }}
-        {{- end }}
-    {{- end }}
-    {{- if or .Values.networkPolicy.podExpressions .Values.networkPolicy.podLabels }}
-        podSelector:
-          {{- with .Values.networkPolicy.podExpressions }}
-          matchExpressions:
-            {{- toYaml . | nindent 10 }}
-          {{- end }}
-          {{- with .Values.networkPolicy.podLabels }}
-          matchLabels:
-            {{- range $key, $value := . }}
-            {{ $key | quote }}: {{ $value | quote }}
-            {{- end }}
-          {{- end }}
+    {{- with .Values.networkPolicy.ingressFrom }}
+      {{- toYaml . | nindent 4 }}
     {{- end }}
     ports:
     - protocol: TCP
@@ -50,6 +27,7 @@ spec:
       port: {{ .Values.metricsService.port }}
   {{- end }}
   {{- else }}
-  ingress: []
+  ingress:
+    - {}
   {{- end }}
 {{- end }}
diff --git a/charts/kyverno/values.yaml b/charts/kyverno/values.yaml
index c0b0d82eda..47168e1a43 100644
--- a/charts/kyverno/values.yaml
+++ b/charts/kyverno/values.yaml
@@ -262,7 +262,5 @@ installCRDs: true
 # policies in a default-deny setup.
 networkPolicy:
   enabled: false
-  namespaceExpressions: []
-  namespaceLabels: {}
-  podExpressions: []
-  podLabels: {}
+# A list of valid from selectors according to https://kubernetes.io/docs/concepts/services-networking/network-policies
+  ingressFrom: []