Make metrics-access network policy configurable

Add networkPolicy.enabled flag (default: true) to allow users to disable
the metrics-access network policy when it conflicts with other services.

The current network policy only allows ingress on ports 2112 (metrics)
and 9216 (MongoDB metrics), which blocks other services like cert-manager
webhook (port 443) when deployed in the same namespace.

Users can now disable it by setting:
  networkPolicy:
    enabled: false

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

Author: yuanchen8911

distros/kubernetes/nvsentinel/templates/networkpolicy.yaml

@@ -12,6 +12,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+{{- if .Values.networkPolicy.enabled }}
 apiVersion: networking.k8s.io/v1
 kind: NetworkPolicy
 metadata:
@@ -39,3 +40,4 @@ spec:
         - protocol: TCP
           port: {{ .Values.global.inclusterFileServer.cleanupMetricsPort }}
         {{- end }}
+{{- end }}

distros/kubernetes/nvsentinel/values.yaml

@@ -97,6 +97,13 @@ global:
   preflight:
     enabled: false
 
+# Network policy configuration
+# The metrics-access network policy restricts ingress to metrics ports only.
+# This can block other services (e.g., cert-manager webhook) when deployed
+# in the same namespace. Set enabled=false to disable the network policy.
+networkPolicy:
+  enabled: true
+
 platformConnector:
   image:
     repository: ghcr.io/nvidia/nvsentinel/platform-connectors