feat: disable network policies generation by default (#1629)

* feat: disable network policies default generation Signed-off-by: AhmedGrati <ahmedgrati1999@gmail.com> * docs: add the generate-network-policies flag to user guide Signed-off-by: AhmedGrati <ahmedgrati1999@gmail.com> * test: add unit tests of the network policies generation Signed-off-by: AhmedGrati <ahmedgrati1999@gmail.com> --------- Signed-off-by: AhmedGrati <ahmedgrati1999@gmail.com>
2023-07-05 11:26:37 +01:00 · 2023-07-05 11:26:37 +01:00 · f7bee839ce
commit f7bee839ce
parent 485cd2f163
28 changed files with 112 additions and 423 deletions
--- a/cmd/convert.go
+++ b/cmd/convert.go
@ -50,6 +50,7 @@ var (
 	ConvertPushImageRegistry     string
 	ConvertOpt                   kobject.ConvertOptions
 	ConvertYAMLIndent            int
+	GenerateNetworkPolicies      bool

 	UpBuild string

@ -116,6 +117,7 @@ var convertCmd = &cobra.Command{
 			ServiceGroupMode:            ServiceGroupMode,
 			ServiceGroupName:            ServiceGroupName,
 			SecretsAsFiles:              SecretsAsFiles,
+			GenerateNetworkPolicies:     GenerateNetworkPolicies,
 		}

 		if ServiceGroupMode == "" && MultipleContainerMode {
@ -178,6 +180,7 @@ func init() {
 	convertCmd.Flags().IntVar(&ConvertReplicas, "replicas", 1, "Specify the number of replicas in the generated resource spec")
 	convertCmd.Flags().StringVar(&ConvertVolumes, "volumes", "persistentVolumeClaim", `Volumes to be generated ("persistentVolumeClaim"|"emptyDir"|"hostPath" | "configMap")`)
 	convertCmd.Flags().StringVar(&ConvertPVCRequestSize, "pvc-request-size", "", `Specify the size of pvc storage requests in the generated resource spec`)
+	convertCmd.Flags().BoolVar(&GenerateNetworkPolicies, "generate-network-policies", false, "Specify whether to generate network policies or not.")

 	convertCmd.Flags().BoolVar(&WithKomposeAnnotation, "with-kompose-annotation", true, "Add kompose annotations to generated resource")

--- a/docs/user-guide.md
+++ b/docs/user-guide.md
@ -495,6 +495,10 @@ If the Docker Compose file has service name with `_` or `.` in it (eg.`web_servi

 Please note that changing service name might break some `docker-compose` files.

+## Network policies generation
+[Network policies](https://kubernetes.io/docs/concepts/services-networking/network-policies) are not generated by default, because it's not mandatory to deploy your application. However, it's one of the best practices when it comes to deploy secure applications on top of Kubernetes.
+To generate network policies, all you need is to use the `--generate-network-policies` flag.
+
 ## Build and push image

 If the Docker Compose file has `build` or `build:context, build:dockerfile` keys, build will run when `--build` specified.
@ -503,6 +507,7 @@ And Image will push to _docker.io_ (default) when `--push-image=true` specified.

 It is possible to push to custom registry by specify `--push-image-registry`, which will override the registry from image name.

+
 ### Authentication on registry

 Kompose uses the docker authentication from file `$DOCKER_CONFIG/config.json`, `$HOME/.docker/config.json`, and `$HOME/.dockercfg` after `docker login`.
--- a/pkg/kobject/kobject.go
+++ b/pkg/kobject/kobject.go
@ -83,6 +83,7 @@ type ConvertOptions struct {
 	ServiceGroupMode        string
 	ServiceGroupName        string
 	SecretsAsFiles          bool
+	GenerateNetworkPolicies bool
 }

 // IsPodController indicate if the user want to use a controller
--- a/pkg/transformer/kubernetes/kubernetes.go
+++ b/pkg/transformer/kubernetes/kubernetes.go
@ -1519,10 +1519,12 @@ func (k *Kubernetes) Transform(komposeObject kobject.KomposeObject, opt kobject.
 					return nil, errors.Wrap(err, "Error transforming Kubernetes objects")
 				}

+				if opt.GenerateNetworkPolicies {
 					if err = k.configNetworkPolicyForService(service, service.Name, &objects); err != nil {
 						return nil, err
 					}
 				}
+			}

 			allobjects = append(allobjects, objects...)
 		}
@ -1560,9 +1562,11 @@ func (k *Kubernetes) Transform(komposeObject kobject.KomposeObject, opt kobject.
 		if err != nil {
 			return nil, errors.Wrap(err, "Error transforming Kubernetes objects")
 		}
+		if opt.GenerateNetworkPolicies {
 			if err := k.configNetworkPolicyForService(service, name, &objects); err != nil {
 				return nil, err
 			}
+		}
 		allobjects = append(allobjects, objects...)
 	}

--- a/pkg/transformer/kubernetes/kubernetes_test.go
+++ b/pkg/transformer/kubernetes/kubernetes_test.go
@ -32,6 +32,7 @@ import (
 	"github.com/pkg/errors"
 	appsv1 "k8s.io/api/apps/v1"
 	api "k8s.io/api/core/v1"
+	networkingv1 "k8s.io/api/networking/v1"
 	networkingv1beta1 "k8s.io/api/networking/v1beta1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
@ -327,15 +328,15 @@ func TestKomposeConvert(t *testing.T) {
 		expectedNumObjs int
 	}{
 		// objects generated are deployment, service nework policies (2) and pvc
-		"Convert to Deployments (D)":                  {newKomposeObject(), kobject.ConvertOptions{CreateD: true, Replicas: replicas, IsReplicaSetFlag: true}, 6},
-		"Convert to Deployments (D) with v3 replicas": {newKomposeObject(), kobject.ConvertOptions{CreateD: true}, 6},
-		"Convert to DaemonSets (DS)":                  {newKomposeObject(), kobject.ConvertOptions{CreateDS: true}, 6},
+		"Convert to Deployments (D)":                  {newKomposeObject(), kobject.ConvertOptions{CreateD: true, Replicas: replicas, IsReplicaSetFlag: true}, 4},
+		"Convert to Deployments (D) with v3 replicas": {newKomposeObject(), kobject.ConvertOptions{CreateD: true}, 4},
+		"Convert to DaemonSets (DS)":                  {newKomposeObject(), kobject.ConvertOptions{CreateDS: true}, 4},
 		// objects generated are deployment, daemonset, ReplicationController, service and pvc
-		"Convert to D, DS, and RC":                  {newKomposeObject(), kobject.ConvertOptions{CreateD: true, CreateDS: true, CreateRC: true, Replicas: replicas, IsReplicaSetFlag: true}, 7},
-		"Convert to D, DS, and RC with v3 replicas": {newKomposeObject(), kobject.ConvertOptions{CreateD: true, CreateDS: true, CreateRC: true}, 7},
+		"Convert to D, DS, and RC":                  {newKomposeObject(), kobject.ConvertOptions{CreateD: true, CreateDS: true, CreateRC: true, Replicas: replicas, IsReplicaSetFlag: true}, 5},
+		"Convert to D, DS, and RC with v3 replicas": {newKomposeObject(), kobject.ConvertOptions{CreateD: true, CreateDS: true, CreateRC: true}, 5},
 		// objects generated are statefulset
-		"Convert to SS with replicas ":   {newKomposeObject(), kobject.ConvertOptions{Controller: StatefulStateController, Replicas: replicas, IsReplicaSetFlag: true}, 5},
-		"Convert to SS without replicas": {newKomposeObject(), kobject.ConvertOptions{Controller: StatefulStateController}, 5},
+		"Convert to SS with replicas ":   {newKomposeObject(), kobject.ConvertOptions{Controller: StatefulStateController, Replicas: replicas, IsReplicaSetFlag: true}, 3},
+		"Convert to SS without replicas": {newKomposeObject(), kobject.ConvertOptions{Controller: StatefulStateController}, 3},
 	}

 	for name, test := range testCases {
@ -1051,3 +1052,23 @@ func TestVolumeMountSubPath(t *testing.T) {
 		}
 	}
 }
+
+func TestNetworkPoliciesGeneration(t *testing.T) {
+	groupName := "pod_group"
+	komposeObject := kobject.KomposeObject{
+		ServiceConfigs: map[string]kobject.ServiceConfig{"app": newServiceConfig()},
+	}
+	k := Kubernetes{}
+	objs, err := k.Transform(komposeObject, kobject.ConvertOptions{ServiceGroupMode: groupName, GenerateNetworkPolicies: true})
+	if err != nil {
+		t.Error(errors.Wrap(err, "k.Transform failed"))
+	}
+	for _, obj := range objs {
+		if np, ok := obj.(*networkingv1.NetworkPolicy); ok {
+			matchLabelsLength := len(np.Spec.PodSelector.MatchLabels)
+			if matchLabelsLength == 0 {
+				t.Errorf("Expected length of Network Policy PodSelector to be greater than 0, got %v", matchLabelsLength)
+			}
+		}
+	}
+}
--- a/script/test/cmd/tests_new.sh
+++ b/script/test/cmd/tests_new.sh
@ -267,3 +267,8 @@ os_cmd="kompose --provider=openshift -f $KOMPOSE_ROOT/script/test/fixtures/vols-
 os_output="$KOMPOSE_ROOT/script/test/fixtures/vols-subpath/output-os.yaml"
 convert::expect_success_and_warning "$k8s_cmd" "$k8s_output"
 convert::expect_success "$os_cmd" "$os_output"
+
+# Test support for network policies generation
+k8s_cmd="kompose -f $KOMPOSE_ROOT/script/test/fixtures/network-policies/docker-compose.yaml convert --generate-network-policies --stdout --with-kompose-annotation=false"
+k8s_output="$KOMPOSE_ROOT/script/test/fixtures/network-policies/output-k8s.yaml"
+convert::expect_success "$os_cmd" "$os_output"
--- a/script/test/cmd/update-e2e.sh
+++ b/script/test/cmd/update-e2e.sh
@ -27,6 +27,7 @@ $KOMPOSE_ROOT/kompose -f $KOMPOSE_ROOT/script/test/fixtures/single-file-output/d
 $KOMPOSE_ROOT/kompose -f $KOMPOSE_ROOT/script/test/fixtures/host-port-protocol/docker-compose.yaml convert --stdout --with-kompose-annotation=false > $KOMPOSE_ROOT/script/test/fixtures/host-port-protocol/output-k8s.yaml
 $KOMPOSE_ROOT/kompose -f $KOMPOSE_ROOT/script/test/fixtures/external-traffic-policy/docker-compose-v1.yaml convert --stdout --with-kompose-annotation=false > $KOMPOSE_ROOT/script/test/fixtures/external-traffic-policy/output-k8s-v1.yaml
 $KOMPOSE_ROOT/kompose -f $KOMPOSE_ROOT/script/test/fixtures/external-traffic-policy/docker-compose-v2.yaml convert --stdout --with-kompose-annotation=false > $KOMPOSE_ROOT/script/test/fixtures/external-traffic-policy/output-k8s-v2.yaml
+$KOMPOSE_ROOT/kompose -f $KOMPOSE_ROOT/script/test/fixtures/compose-file-support/compose.yaml convert --stdout --with-kompose-annotation=false > $KOMPOSE_ROOT/script/test/fixtures/compose-file-support/output-k8s.yaml
 fi

 if $UPDATE_OS ; then
--- a/script/test/fixtures/change-in-volume/output-k8s-empty-vols-template.yaml
+++ b/script/test/fixtures/change-in-volume/output-k8s-empty-vols-template.yaml
@ -69,22 +69,6 @@ spec:
      restartPolicy: Always
 status: {}

---
-apiVersion: networking.k8s.io/v1
-kind: NetworkPolicy
-metadata:
-  creationTimestamp: null
-  name: change-in-volume-default
-spec:
-  ingress:
-    - from:
-        - podSelector:
-            matchLabels:
-              io.kompose.network/change-in-volume-default: "true"
-  podSelector:
-    matchLabels:
-      io.kompose.network/change-in-volume-default: "true"
-
 ---
 apiVersion: apps/v1
 kind: Deployment
--- a/script/test/fixtures/change-in-volume/output-k8s.yaml
+++ b/script/test/fixtures/change-in-volume/output-k8s.yaml
@ -69,22 +69,6 @@ spec:
      restartPolicy: Always
 status: {}

---
-apiVersion: networking.k8s.io/v1
-kind: NetworkPolicy
-metadata:
-  creationTimestamp: null
-  name: change-in-volume-default
-spec:
-  ingress:
-    - from:
-        - podSelector:
-            matchLabels:
-              io.kompose.network/change-in-volume-default: "true"
-  podSelector:
-    matchLabels:
-      io.kompose.network/change-in-volume-default: "true"
-
 ---
 apiVersion: apps/v1
 kind: Deployment
@ -115,6 +99,8 @@ spec:
          name: web
          ports:
            - containerPort: 5000
+              hostPort: 5000
+              protocol: TCP
          resources: {}
          volumeMounts:
            - mountPath: /code
--- a/script/test/fixtures/compose-file-support/output-k8s.yaml
+++ b/script/test/fixtures/compose-file-support/output-k8s.yaml
@ -2,9 +2,6 @@
 apiVersion: v1
 kind: Service
 metadata:
-  annotations:
-    kompose.cmd: ./kompose convert --stdout
-    kompose.version: 1.28.0 (4d1ce961)
  creationTimestamp: null
  labels:
    io.kompose.service: web
@ -23,9 +20,6 @@ status:
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  annotations:
-    kompose.cmd: ./kompose convert --stdout
-    kompose.version: 1.28.0 (4d1ce961)
  creationTimestamp: null
  labels:
    io.kompose.service: web
@ -38,12 +32,9 @@ spec:
  strategy: {}
  template:
    metadata:
-      annotations:
-        kompose.cmd: ./kompose convert --stdout
-        kompose.version: 1.28.0 (4d1ce961)
      creationTimestamp: null
      labels:
-        io.kompose.network/kompose-default: "true"
+        io.kompose.network/compose-file-support-default: "true"
        io.kompose.service: web
    spec:
      containers:
@ -57,19 +48,3 @@ spec:
      restartPolicy: Always
 status: {}

---
-apiVersion: networking.k8s.io/v1
-kind: NetworkPolicy
-metadata:
-  creationTimestamp: null
-  name: kompose-default
-spec:
-  ingress:
-    - from:
-        - podSelector:
-            matchLabels:
-              io.kompose.network/kompose-default: "true"
-  podSelector:
-    matchLabels:
-      io.kompose.network/kompose-default: "true"
-
--- a/script/test/fixtures/configmap-volume/output-k8s-withlabel.yaml
+++ b/script/test/fixtures/configmap-volume/output-k8s-withlabel.yaml
@ -55,22 +55,6 @@ metadata:
    io.kompose.service: db
  name: db-cm0

---
-apiVersion: networking.k8s.io/v1
-kind: NetworkPolicy
-metadata:
-  creationTimestamp: null
-  name: configmap-volume-default
-spec:
-  ingress:
-    - from:
-        - podSelector:
-            matchLabels:
-              io.kompose.network/configmap-volume-default: "true"
-  podSelector:
-    matchLabels:
-      io.kompose.network/configmap-volume-default: "true"
-
 ---
 apiVersion: apps/v1
 kind: Deployment
--- a/script/test/fixtures/configmap-volume/output-k8s.yaml
+++ b/script/test/fixtures/configmap-volume/output-k8s.yaml
@ -51,22 +51,6 @@ metadata:
    io.kompose.service: db
  name: db-cm0

---
-apiVersion: networking.k8s.io/v1
-kind: NetworkPolicy
-metadata:
-  creationTimestamp: null
-  name: configmap-volume-default
-spec:
-  ingress:
-    - from:
-        - podSelector:
-            matchLabels:
-              io.kompose.network/configmap-volume-default: "true"
-  podSelector:
-    matchLabels:
-      io.kompose.network/configmap-volume-default: "true"
-
 ---
 apiVersion: apps/v1
 kind: Deployment
--- a/script/test/fixtures/deploy/placement/output-placement-k8s.yaml
+++ b/script/test/fixtures/deploy/placement/output-placement-k8s.yaml
@ -77,19 +77,3 @@ spec:
          whenUnsatisfiable: ScheduleAnyway
 status: {}

---
-apiVersion: networking.k8s.io/v1
-kind: NetworkPolicy
-metadata:
-  creationTimestamp: null
-  name: placement-default
-spec:
-  ingress:
-    - from:
-        - podSelector:
-            matchLabels:
-              io.kompose.network/placement-default: "true"
-  podSelector:
-    matchLabels:
-      io.kompose.network/placement-default: "true"
-
--- a/script/test/fixtures/envvars-interpolation/output-k8s.yaml
+++ b/script/test/fixtures/envvars-interpolation/output-k8s.yaml
@ -34,19 +34,3 @@ spec:
      restartPolicy: Always
 status: {}

---
-apiVersion: networking.k8s.io/v1
-kind: NetworkPolicy
-metadata:
-  creationTimestamp: null
-  name: envvars-interpolation-default
-spec:
-  ingress:
-    - from:
-        - podSelector:
-            matchLabels:
-              io.kompose.network/envvars-interpolation-default: "true"
-  podSelector:
-    matchLabels:
-      io.kompose.network/envvars-interpolation-default: "true"
-
--- a/script/test/fixtures/expose/output-k8s.yaml
+++ b/script/test/fixtures/expose/output-k8s.yaml
@ -69,22 +69,6 @@ spec:
      restartPolicy: Always
 status: {}

---
-apiVersion: networking.k8s.io/v1
-kind: NetworkPolicy
-metadata:
-  creationTimestamp: null
-  name: expose-default
-spec:
-  ingress:
-    - from:
-        - podSelector:
-            matchLabels:
-              io.kompose.network/expose-default: "true"
-  podSelector:
-    matchLabels:
-      io.kompose.network/expose-default: "true"
-
 ---
 apiVersion: apps/v1
 kind: Deployment
--- a/script/test/fixtures/external-traffic-policy/output-k8s-v1.yaml
+++ b/script/test/fixtures/external-traffic-policy/output-k8s-v1.yaml
@ -68,18 +68,3 @@ spec:
      restartPolicy: Always
 status: {}

---
-apiVersion: networking.k8s.io/v1
-kind: NetworkPolicy
-metadata:
-  creationTimestamp: null
-  name: external-traffic-policy-default
-spec:
-  ingress:
-    - from:
-        - podSelector:
-            matchLabels:
-              io.kompose.network/external-traffic-policy-default: "true"
-  podSelector:
-    matchLabels:
-      io.kompose.network/external-traffic-policy-default: "true"
--- a/script/test/fixtures/external-traffic-policy/output-k8s-v2.yaml
+++ b/script/test/fixtures/external-traffic-policy/output-k8s-v2.yaml
@ -97,19 +97,3 @@ spec:
 status:
  loadBalancer: {}

---
-apiVersion: networking.k8s.io/v1
-kind: NetworkPolicy
-metadata:
-  creationTimestamp: null
-  name: external-traffic-policy-default
-spec:
-  ingress:
-    - from:
-        - podSelector:
-            matchLabels:
-              io.kompose.network/external-traffic-policy-default: "true"
-  podSelector:
-    matchLabels:
-      io.kompose.network/external-traffic-policy-default: "true"
-
--- a/script/test/fixtures/healthcheck/output-healthcheck-k8s.yaml
+++ b/script/test/fixtures/healthcheck/output-healthcheck-k8s.yaml
@ -172,22 +172,6 @@ spec:
      restartPolicy: Always
 status: {}

---
-apiVersion: networking.k8s.io/v1
-kind: NetworkPolicy
-metadata:
-  creationTimestamp: null
-  name: healthcheck-default
-spec:
-  ingress:
-    - from:
-        - podSelector:
-            matchLabels:
-              io.kompose.network/healthcheck-default: "true"
-  podSelector:
-    matchLabels:
-      io.kompose.network/healthcheck-default: "true"
-
 ---
 apiVersion: apps/v1
 kind: Deployment
--- a/script/test/fixtures/host-port-protocol/output-k8s.yaml
+++ b/script/test/fixtures/host-port-protocol/output-k8s.yaml
@ -48,19 +48,3 @@ spec:
      restartPolicy: Always
 status: {}

---
-apiVersion: networking.k8s.io/v1
-kind: NetworkPolicy
-metadata:
-  creationTimestamp: null
-  name: host-port-protocol-default
-spec:
-  ingress:
-    - from:
-        - podSelector:
-            matchLabels:
-              io.kompose.network/host-port-protocol-default: "true"
-  podSelector:
-    matchLabels:
-      io.kompose.network/host-port-protocol-default: "true"
-
--- a/script/test/fixtures/multiple-files/output-k8s.yaml
+++ b/script/test/fixtures/multiple-files/output-k8s.yaml
@ -26,22 +26,6 @@ spec:
      restartPolicy: Always
 status: {}

---
-apiVersion: networking.k8s.io/v1
-kind: NetworkPolicy
-metadata:
-  creationTimestamp: null
-  name: multiple-files-default
-spec:
-  ingress:
-    - from:
-        - podSelector:
-            matchLabels:
-              io.kompose.network/multiple-files-default: "true"
-  podSelector:
-    matchLabels:
-      io.kompose.network/multiple-files-default: "true"
-
 ---
 apiVersion: apps/v1
 kind: Deployment
--- a/script/test/fixtures/multiple-type-volumes/output-k8s.yaml
+++ b/script/test/fixtures/multiple-type-volumes/output-k8s.yaml
@ -54,22 +54,6 @@ spec:
      storage: 100Mi
 status: {}

---
-apiVersion: networking.k8s.io/v1
-kind: NetworkPolicy
-metadata:
-  creationTimestamp: null
-  name: multiple-type-volumes-default
-spec:
-  ingress:
-    - from:
-        - podSelector:
-            matchLabels:
-              io.kompose.network/multiple-type-volumes-default: "true"
-  podSelector:
-    matchLabels:
-      io.kompose.network/multiple-type-volumes-default: "true"
-
 ---
 apiVersion: apps/v1
 kind: Deployment
--- a/script/test/fixtures/network-policies/docker-compose.yaml
+++ b/script/test/fixtures/network-policies/docker-compose.yaml
@ -0,0 +1,10 @@
+version: '3.8'
+
+networks:
+  web:
+
+services:
+  nginx:
+    image: nginx
+    networks: 
+    - web
--- a/script/test/fixtures/network-policies/output-k8s.yaml
+++ b/script/test/fixtures/network-policies/output-k8s.yaml
@ -0,0 +1,44 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  creationTimestamp: null
+  labels:
+    io.kompose.service: nginx
+  name: nginx
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      io.kompose.service: nginx
+  strategy: {}
+  template:
+    metadata:
+      creationTimestamp: null
+      labels:
+        io.kompose.network/network-policies-web: "true"
+        io.kompose.service: nginx
+    spec:
+      containers:
+        - image: nginx
+          name: nginx
+          resources: {}
+      restartPolicy: Always
+status: {}
+
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  creationTimestamp: null
+  name: network-policies-web
+spec:
+  ingress:
+    - from:
+        - podSelector:
+            matchLabels:
+              io.kompose.network/network-policies-web: "true"
+  podSelector:
+    matchLabels:
+      io.kompose.network/network-policies-web: "true"
+
--- a/script/test/fixtures/service-group/output-k8s.yaml
+++ b/script/test/fixtures/service-group/output-k8s.yaml
@ -85,19 +85,3 @@ spec:
      storage: 100Mi
 status: {}

---
-apiVersion: networking.k8s.io/v1
-kind: NetworkPolicy
-metadata:
-  creationTimestamp: null
-  name: service-group-default
-spec:
-  ingress:
-    - from:
-        - podSelector:
-            matchLabels:
-              io.kompose.network/service-group-default: "true"
-  podSelector:
-    matchLabels:
-      io.kompose.network/service-group-default: "true"
-
--- a/script/test/fixtures/single-file-output/output-k8s.yaml
+++ b/script/test/fixtures/single-file-output/output-k8s.yaml
@ -87,19 +87,3 @@ spec:
 status:
  loadBalancer: {}

---
-apiVersion: networking.k8s.io/v1
-kind: NetworkPolicy
-metadata:
-  creationTimestamp: null
-  name: single-file-output-default
-spec:
-  ingress:
-    - from:
-        - podSelector:
-            matchLabels:
-              io.kompose.network/single-file-output-default: "true"
-  podSelector:
-    matchLabels:
-      io.kompose.network/single-file-output-default: "true"
-
--- a/script/test/fixtures/statefulset/output-k8s.yaml
+++ b/script/test/fixtures/statefulset/output-k8s.yaml
@ -97,22 +97,6 @@ spec:
 status:
  replicas: 0

---
-apiVersion: networking.k8s.io/v1
-kind: NetworkPolicy
-metadata:
-  creationTimestamp: null
-  name: statefulset-default
-spec:
-  ingress:
-    - from:
-        - podSelector:
-            matchLabels:
-              io.kompose.network/statefulset-default: "true"
-  podSelector:
-    matchLabels:
-      io.kompose.network/statefulset-default: "true"
-
 ---
 apiVersion: apps/v1
 kind: StatefulSet
--- a/script/test/fixtures/v3.0/output-k8s.yaml
+++ b/script/test/fixtures/v3.0/output-k8s.yaml
@ -53,102 +53,6 @@ spec:
      restartPolicy: Always
 status: {}

---
-apiVersion: networking.k8s.io/v1
-kind: NetworkPolicy
-metadata:
-  creationTimestamp: null
-  name: normalized-network
-spec:
-  ingress:
-    - from:
-        - podSelector:
-            matchLabels:
-              io.kompose.network/normalized-network: "true"
-  podSelector:
-    matchLabels:
-      io.kompose.network/normalized-network: "true"
-
---
-apiVersion: networking.k8s.io/v1
-kind: NetworkPolicy
-metadata:
-  creationTimestamp: null
-  name: v30-normalized-network
-spec:
-  ingress:
-    - from:
-        - podSelector:
-            matchLabels:
-              io.kompose.network/v30-normalized-network: "true"
-  podSelector:
-    matchLabels:
-      io.kompose.network/v30-normalized-network: "true"
-
---
-apiVersion: networking.k8s.io/v1
-kind: NetworkPolicy
-metadata:
-  creationTimestamp: null
-  name: app-network
-spec:
-  ingress:
-    - from:
-        - podSelector:
-            matchLabels:
-              io.kompose.network/normalized-network: "true"
-  podSelector:
-    matchLabels:
-      io.kompose.network/normalized-network: "true"
-
---
-apiVersion: networking.k8s.io/v1
-kind: NetworkPolicy
-metadata:
-  creationTimestamp: null
-  name: app-network
-spec:
-  ingress:
-    - from:
-        - podSelector:
-            matchLabels:
-              io.kompose.network/app-network: "true"
-  podSelector:
-    matchLabels:
-      io.kompose.network/app-network: "true"
-
---
-apiVersion: networking.k8s.io/v1
-kind: NetworkPolicy
-metadata:
-  creationTimestamp: null
-  name: web-network
-spec:
-  ingress:
-    - from:
-        - podSelector:
-            matchLabels:
-              io.kompose.network/web-network: "true"
-  podSelector:
-    matchLabels:
-      io.kompose.network/web-network: "true"
-
---
-apiVersion: networking.k8s.io/v1
-kind: NetworkPolicy
-metadata:
-  creationTimestamp: null
-  name: normalized-network
-spec:
-  ingress:
-    - from:
-        - podSelector:
-            matchLabels:
-              io.kompose.network/normalized-network: "true"
-  podSelector:
-    matchLabels:
-      io.kompose.network/normalized-network: "true"
-
 ---
 apiVersion: apps/v1
 kind: Deployment
@ -188,18 +92,3 @@ spec:
      restartPolicy: Always
 status: {}

---
-apiVersion: networking.k8s.io/v1
-kind: NetworkPolicy
-metadata:
-  creationTimestamp: null
-  name: v30-default
-spec:
-  ingress:
-    - from:
-        - podSelector:
-            matchLabels:
-              io.kompose.network/v30-default: "true"
-  podSelector:
-    matchLabels:
-      io.kompose.network/v30-default: "true"
--- a/script/test/fixtures/volume-mounts/windows/output-k8s.yaml
+++ b/script/test/fixtures/volume-mounts/windows/output-k8s.yaml
@ -71,19 +71,3 @@ spec:
      storage: 100Mi
 status: {}

---
-apiVersion: networking.k8s.io/v1
-kind: NetworkPolicy
-metadata:
-  creationTimestamp: null
-  name: windows-default
-spec:
-  ingress:
-    - from:
-        - podSelector:
-            matchLabels:
-              io.kompose.network/windows-default: "true"
-  podSelector:
-    matchLabels:
-      io.kompose.network/windows-default: "true"
-