feat: add cilium network policy with alerts and deprecate network policy

cd test

GO111MODULE=auto go test ./...        # required for every change to the tests or the template

```

### Windows users

Some of the dependencies might not be available on Windows (e.g., `github.com/sirupsen/logrus/hooks/syslog`). Therefore we recommend running tests on docker, vagrant boxes or similar virtualization tools.

 No newline at end of file

apiVersion: v1

description: GitLab's Auto-deploy Helm Chart

name: auto-deploy-app

version: 2.5.0

version: 2.6.0

icon: https://gitlab.com/gitlab-com/gitlab-artwork/raw/master/logo/logo-square.png

| podDisruptionBudget.maxUnavailable |             | `1`                            |

| podDisruptionBudget.minAvailable | If present, this variable will configure minAvailable in the PodDisruptionBudget. :warning: if you have `replicaCount: 1` and `podDisruptionBudget.minAvailable: 1` `kubectl drain` will be blocked.              | `nil`                            |

| prometheus.metrics            | Annotates the service for prometheus auto-discovery. Also denies access to the `/metrics` endpoint from external addresses with Ingress. | `false` |

| networkPolicy.enabled         | Enable container network policy | `false` |

| networkPolicy.spec            | [Network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/) definition | `{ podSelector: { matchLabels: {} }, ingress: [{ from: [{ podSelector: { matchLabels: {} } }, { namespaceSelector: { matchLabels: { app.gitlab.com/managed_by: gitlab } } }] }] }` |

| networkPolicy.enabled(**DEPRECATED**)         | Enable container network policy | `false` |

| networkPolicy.spec(**DEPRECATED**)            | [Network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/) definition | `{ podSelector: { matchLabels: {} }, ingress: [{ from: [{ podSelector: { matchLabels: {} } }, { namespaceSelector: { matchLabels: { app.gitlab.com/managed_by: gitlab } } }] }] }` |

| ciliumNetworkPolicy.enabled         | Enable container cilium network policy | `false` |

| ciliumNetworkPolicy.alerts.enabled         | Enable alert generation for container cilium network policy | `false` |

| ciliumNetworkPolicy.spec            | [Cilium network policy](https://docs.cilium.io/en/v1.8/concepts/kubernetes/policy/#ciliumnetworkpolicy/) definition | `{ endpointSelector: {}, ingress: [{ fromEndpoints: [{ matchLabels: { app.gitlab.com/managed_by: gitlab } }] }] }` |

{{- if .Values.ciliumNetworkPolicy.enabled -}}

apiVersion: cilium.io/v2

kind: CiliumNetworkPolicy

metadata:

  name: {{ template "fullname" . }}

{{- if .Values.ciliumNetworkPolicy.alerts.enabled }}

  annotations:

    "app.gitlab.com/alert": "true"

{{- end }}

  labels:

    app.gitlab.com/proj: {{ .Values.gitlab.proj | quote }}

{{ include "sharedlabels" . | indent 4}}

spec:

{{ toYaml .Values.ciliumNetworkPolicy.spec | indent 2 }}

{{- end -}}

go 1.15

require (

	github.com/cilium/cilium v1.8.1

	github.com/gruntwork-io/terratest v0.32.1

	github.com/stretchr/testify v1.6.1

	k8s.io/api v0.19.7

	k8s.io/apimachinery v0.19.7

)

replace github.com/optiopay/kafka => github.com/cilium/kafka v0.0.0-20180809090225-01ce283b732b