NetworkPolicy: from should be an array of objects

[Namanl2001]

Signed-off-by: Namanl2001 namanlakhwani@gmail.com

from in kyverno Helm Chart should be an array of objects instead of an object.
changes as per slack discussion: https://kubernetes.slack.com/archives/CLGR9BJU9/p1632167129427100

cc: @realshuting @antoineozenne @diranged

---
# Source: kyverno/templates/networkpolicy.yaml
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  labels: 
    app.kubernetes.io/component: kyverno
    app.kubernetes.io/instance: RELEASE-NAME
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/name: kyverno
    app.kubernetes.io/part-of: kyverno
    app.kubernetes.io/version: "v2.0.4"
    helm.sh/chart: kyverno-v2.0.4
    app: kyverno
  name: RELEASE-NAME-kyverno
  namespace: default
spec:
  podSelector:
    matchLabels:
      app: kyverno
  policyTypes:
  - Ingress
  ingress:
  - from:
      - namespaceSelector:
          matchExpressions:
          - {}
          matchLabels:
        podSelector:
          matchExpressions:
          - {}
          matchLabels:
    ports:
    - protocol: TCP
      port: 9443 # webhook access
  # Allow prometheus scrapes for metrics
  - ports:
      - port: 8000

[realshuting]

@Namanl2001 - thanks for the fix!

Can you please attach the proof manifest in the description? You can install a local Helm chart and custom this NetworkPolicy:

CHART REFERENCES

When you use a chart reference with a repo prefix ('example/mariadb'), Helm will look in the local configuration for a chart repository named 'example', and will then look for a chart in that repository whose name is 'mariadb'

[pathikritmodak]

@realshuting can this helm chart version be released before 1.5.0 milestone?
The current one in master is broken on network policy.

[diranged]

@realshuting can this helm chart version be released before 1.5.0 milestone?
The current one in master is broken on network policy.

For what its worth - I strongly believe that Helm charts should be released on a very different (eg: immediate) cadence vs the applications they support.

[chipzoller]

@realshuting can this helm chart version be released before 1.5.0 milestone?
The current one in master is broken on network policy.

For what its worth - I strongly believe that Helm charts should be released on a very different (eg: immediate) cadence vs the applications they support.

Agreed. There's no reason for a Helm chart to share the same cadence as the bits it represents if there are improvements to the experience.

[realshuting]

@realshuting can this helm chart version be released before 1.5.0 milestone?
The current one in master is broken on network policy.

Yes we can, but the problem is that PR #2357 was merged before this fix. If we publish a new release, you will need to follow the new upgrade approach to upgrade Kyverno. If that's ok then I can tag a new Helm release.