From 2f40412d51ecc4cb4a64f02b9225577298cb720a Mon Sep 17 00:00:00 2001
From: Veaceslav Doina <20563034+veaceslavdoina@users.noreply.github.com>
Date: Wed, 31 May 2023 18:36:40 +0300
Subject: [PATCH] Allow access from runner namespace (#12)

---
 KubernetesWorkflow/K8sController.cs | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/KubernetesWorkflow/K8sController.cs b/KubernetesWorkflow/K8sController.cs
index 782632d..90d0b32 100644
--- a/KubernetesWorkflow/K8sController.cs
+++ b/KubernetesWorkflow/K8sController.cs
@@ -165,6 +165,19 @@ namespace KubernetesWorkflow
                                         PodSelector = new V1LabelSelector {}
                                     }
                                 }
+                            },
+                            new V1NetworkPolicyIngressRule
+                            {
+                                FromProperty = new List<V1NetworkPolicyPeer>
+                                {
+                                    new V1NetworkPolicyPeer
+                                    {
+                                        NamespaceSelector = new V1LabelSelector
+                                        {
+                                            MatchLabels = GetRunnerNamespaceSelector()
+                                        }
+                                    }
+                                }
                             }
                         },
                         Egress = new List<V1NetworkPolicyEgressRule>
@@ -310,6 +323,11 @@ namespace KubernetesWorkflow
             return new Dictionary<string, string> { { "codex-test-node", "dist-test-" + workflowNumberSource.WorkflowNumber } };
         }
 
+        private IDictionary<string, string> GetRunnerNamespaceSelector()
+        {
+            return new Dictionary<string, string> { { "kubernetes.io/metadata.name", "default" } };
+        }
+
         private V1ObjectMeta CreateDeploymentMetadata()
         {
             return new V1ObjectMeta