cryostatio
diff --git a/‎api/v1beta2/cryostat_types.go‎
Lines changed: 28 additions & 0 deletions b/‎api/v1beta2/cryostat_types.go‎
Lines changed: 28 additions & 0 deletions
diff --git a/‎api/v1beta2/zz_generated.deepcopy.go‎
Lines changed: 60 additions & 0 deletions b/‎api/v1beta2/zz_generated.deepcopy.go‎
Lines changed: 60 additions & 0 deletions
diff --git a/‎bundle/manifests/cryostat-operator.clusterserviceversion.yaml‎
Lines changed: 26 additions & 1 deletion b/‎bundle/manifests/cryostat-operator.clusterserviceversion.yaml‎
Lines changed: 26 additions & 1 deletion
diff --git a/‎bundle/manifests/operator.cryostat.io_cryostats.yaml‎
Lines changed: 35 additions & 0 deletions b/‎bundle/manifests/operator.cryostat.io_cryostats.yaml‎
Lines changed: 35 additions & 0 deletions
diff --git a/‎config/crd/bases/operator.cryostat.io_cryostats.yaml‎
Lines changed: 35 additions & 0 deletions b/‎config/crd/bases/operator.cryostat.io_cryostats.yaml‎
Lines changed: 35 additions & 0 deletions
diff --git a/‎config/manifests/bases/cryostat-operator.clusterserviceversion.yaml‎
Lines changed: 24 additions & 0 deletions b/‎config/manifests/bases/cryostat-operator.clusterserviceversion.yaml‎
Lines changed: 24 additions & 0 deletions
diff --git a/‎config/rbac/role.yaml‎
Lines changed: 1 addition & 0 deletions b/‎config/rbac/role.yaml‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎config/samples/operator_v1beta2_cryostat.yaml‎
Lines changed: 1 addition & 0 deletions b/‎config/samples/operator_v1beta2_cryostat.yaml‎
Lines changed: 1 addition & 0 deletions
@@ -53,6 +53,10 @@ type CryostatSpec struct {
 	// +optional
 	// +operator-sdk:csv:customresourcedefinitions:type=spec
 	ServiceOptions *ServiceConfigList `json:"serviceOptions,omitempty"`
+	// Options to customize the NetworkPolicy objects created for Cryostat's various Services.
+	// +optional
+	// +operator-sdk:csv:customresourcedefinitions:type=spec
+	NetworkPolicies *NetworkPoliciesList `json:"networkPolicies,omitempty"`
 	// Options to control how the operator exposes the application outside of the cluster,
 	// such as using an Ingress or Route.
 	// +optional
@@ -372,6 +376,30 @@ type ServiceConfigList struct {
 	AgentConfig *AgentServiceConfig `json:"agentConfig,omitempty"`
 }
 
+// NetworkPoliciesList holds the configurations for NetworkPolicy
+// objects for each service created by the operator.
+type NetworkPoliciesList struct {
+	// NetworkPolicy configuration for the Cryostat application service.
+	// +optional
+	CoreConfig *NetworkPolicyConfig `json:"coreConfig,omitempty"`
+	// NetworkPolicy configuration for the cryostat-reports service.
+	// +optional
+	ReportsConfig *NetworkPolicyConfig `json:"reportsConfig,omitempty"`
+	// NetworkPolicy configuration for the database service.
+	// +optional
+	DatabaseConfig *NetworkPolicyConfig `json:"databaseConfig,omitempty"`
+	// NetworkPolicy configuration for the storage service.
+	// +optional
+	StorageConfig *NetworkPolicyConfig `json:"storageConfig,omitempty"`
+}
+
+type NetworkPolicyConfig struct {
+	// Disable the NetworkPolicy for a given service.
+	// +optional
+	// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Disable NetworkPolicy creation",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:booleanSwitch"}
+	Disabled *bool `json:"disabled,omitempty"`
+}
+
 // NetworkConfiguration provides customization for how to expose a Cryostat
 // service, so that it can be reached from outside the cluster.
 // On OpenShift, a Route is created by default. On Kubernetes, an Ingress will
 
@@ -13,6 +13,7 @@ metadata:
           "spec": {
             "enableCertManager": true,
             "eventTemplates": [],
+            "networkPolicies": {},
             "reportOptions": {
               "replicas": 0
             },
@@ -30,7 +31,7 @@ metadata:
     capabilities: Seamless Upgrades
     categories: Monitoring, Developer Tools
     containerImage: quay.io/cryostat/cryostat-operator:4.0.0-dev
-    createdAt: "2025-01-14T19:21:36Z"
+    createdAt: "2025-01-16T17:07:46Z"
     description: JVM monitoring and profiling tool
     operatorframework.io/initialization-resource: |-
       {
@@ -160,6 +161,29 @@ spec:
           - description: Labels to add to the Ingress or Route during its creation. The label with key "app" is reserved for use by the operator.
             displayName: Labels
             path: networkOptions.coreConfig.labels
+          - description: Options to customize the NetworkPolicy objects created for Cryostat's various Services.
+            displayName: Network Policies
+            path: networkPolicies
+          - description: Disable the NetworkPolicy for a given service.
+            displayName: Disable NetworkPolicy creation
+            path: networkPolicies.coreConfig.disabled
+            x-descriptors:
+              - urn:alm:descriptor:com.tectonic.ui:booleanSwitch
+          - description: Disable the NetworkPolicy for a given service.
+            displayName: Disable NetworkPolicy creation
+            path: networkPolicies.databaseConfig.disabled
+            x-descriptors:
+              - urn:alm:descriptor:com.tectonic.ui:booleanSwitch
+          - description: Disable the NetworkPolicy for a given service.
+            displayName: Disable NetworkPolicy creation
+            path: networkPolicies.reportsConfig.disabled
+            x-descriptors:
+              - urn:alm:descriptor:com.tectonic.ui:booleanSwitch
+          - description: Disable the NetworkPolicy for a given service.
+            displayName: Disable NetworkPolicy creation
+            path: networkPolicies.storageConfig.disabled
+            x-descriptors:
+              - urn:alm:descriptor:com.tectonic.ui:booleanSwitch
           - description: Options to configure the Cryostat deployments and pods metadata
             displayName: Operand metadata
             path: operandMetadata
@@ -916,6 +940,7 @@ spec:
                 - networking.k8s.io
               resources:
                 - ingresses
+                - networkpolicies
               verbs:
                 - '*'
             - apiGroups:
 
@@ -5794,6 +5794,41 @@ spec:
                         type: object
                     type: object
                 type: object
+              networkPolicies:
+                description: Options to customize the NetworkPolicy objects created
+                  for Cryostat's various Services.
+                properties:
+                  coreConfig:
+                    description: NetworkPolicy configuration for the Cryostat application
+                      service.
+                    properties:
+                      disabled:
+                        description: Disable the NetworkPolicy for a given service.
+                        type: boolean
+                    type: object
+                  databaseConfig:
+                    description: NetworkPolicy configuration for the database service.
+                    properties:
+                      disabled:
+                        description: Disable the NetworkPolicy for a given service.
+                        type: boolean
+                    type: object
+                  reportsConfig:
+                    description: NetworkPolicy configuration for the cryostat-reports
+                      service.
+                    properties:
+                      disabled:
+                        description: Disable the NetworkPolicy for a given service.
+                        type: boolean
+                    type: object
+                  storageConfig:
+                    description: NetworkPolicy configuration for the storage service.
+                    properties:
+                      disabled:
+                        description: Disable the NetworkPolicy for a given service.
+                        type: boolean
+                    type: object
+                type: object
               operandMetadata:
                 description: Options to configure the Cryostat deployments and pods
                   metadata
 
@@ -5781,6 +5781,41 @@ spec:
                         type: object
                     type: object
                 type: object
+              networkPolicies:
+                description: Options to customize the NetworkPolicy objects created
+                  for Cryostat's various Services.
+                properties:
+                  coreConfig:
+                    description: NetworkPolicy configuration for the Cryostat application
+                      service.
+                    properties:
+                      disabled:
+                        description: Disable the NetworkPolicy for a given service.
+                        type: boolean
+                    type: object
+                  databaseConfig:
+                    description: NetworkPolicy configuration for the database service.
+                    properties:
+                      disabled:
+                        description: Disable the NetworkPolicy for a given service.
+                        type: boolean
+                    type: object
+                  reportsConfig:
+                    description: NetworkPolicy configuration for the cryostat-reports
+                      service.
+                    properties:
+                      disabled:
+                        description: Disable the NetworkPolicy for a given service.
+                        type: boolean
+                    type: object
+                  storageConfig:
+                    description: NetworkPolicy configuration for the storage service.
+                    properties:
+                      disabled:
+                        description: Disable the NetworkPolicy for a given service.
+                        type: boolean
+                    type: object
+                type: object
               operandMetadata:
                 description: Options to configure the Cryostat deployments and pods
                   metadata
 
@@ -165,6 +165,30 @@ spec:
           label with key "app" is reserved for use by the operator.
         displayName: Labels
         path: networkOptions.coreConfig.labels
+      - description: Options to customize the NetworkPolicy objects created for Cryostat's
+          various Services.
+        displayName: Network Policies
+        path: networkPolicies
+      - description: Disable the NetworkPolicy for a given service.
+        displayName: Disable NetworkPolicy creation
+        path: networkPolicies.coreConfig.disabled
+        x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:booleanSwitch
+      - description: Disable the NetworkPolicy for a given service.
+        displayName: Disable NetworkPolicy creation
+        path: networkPolicies.databaseConfig.disabled
+        x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:booleanSwitch
+      - description: Disable the NetworkPolicy for a given service.
+        displayName: Disable NetworkPolicy creation
+        path: networkPolicies.reportsConfig.disabled
+        x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:booleanSwitch
+      - description: Disable the NetworkPolicy for a given service.
+        displayName: Disable NetworkPolicy creation
+        path: networkPolicies.storageConfig.disabled
+        x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:booleanSwitch
       - description: Options to configure the Cryostat deployments and pods metadata
         displayName: Operand metadata
         path: operandMetadata
 
@@ -118,6 +118,7 @@ rules:
   - networking.k8s.io
   resources:
   - ingresses
+  - networkpolicies
   verbs:
   - '*'
 - apiGroups:
 
@@ -13,3 +13,4 @@ spec:
       spec: {}
   reportOptions:
     replicas: 0
+  networkPolicies: {}