Merge branch 'main' into xrfxlp/763

Author: XRFXLP

distros/kubernetes/nvsentinel/templates/networkpolicy.yaml

@@ -12,6 +12,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+{{- if .Values.networkPolicy.enabled }}
 apiVersion: networking.k8s.io/v1
 kind: NetworkPolicy
 metadata:
@@ -39,3 +40,4 @@ spec:
         - protocol: TCP
           port: {{ .Values.global.inclusterFileServer.cleanupMetricsPort }}
         {{- end }}
+{{- end }}

distros/kubernetes/nvsentinel/values.yaml

@@ -108,6 +108,13 @@ global:
   preflight:
     enabled: false
 
+# Network policy configuration
+# The metrics-access network policy restricts ingress to metrics ports only.
+# This can block other services (e.g., cert-manager webhook) when deployed
+# in the same namespace. Set enabled=false to disable the network policy.
+networkPolicy:
+  enabled: true
+
 platformConnector:
   image:
     repository: ghcr.io/nvidia/nvsentinel/platform-connectors