Bitnami/charts
2
0
Fork 0
mirror of https://github.com/bitnami/charts.git synced 2026-03-05 14:57:31 +08:00
Code Issues Packages Projects Releases Wiki Activity

[bitnami/solr] feat: 🔒 Enable networkPolicy (#22725)

Browse Source 
* [bitnami/solr] feat: 🔒 Enable networkPolicy

Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com>

* Update networkpolicy.yaml

Signed-off-by: Javier J. Salmerón-García <jsalmeron@vmware.com>

---------

Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com>
Signed-off-by: Javier J. Salmerón-García <jsalmeron@vmware.com>
This commit is contained in:
Javier J. Salmerón-García
2024-01-26 10:00:10 +01:00
committed by GitHub
parent b9b885c5cb
commit 04af8af68d
19 changed files with 206 additions and 57 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
bitnami/solr/Chart.yaml
View File

@@ -34,4 +34,4 @@ maintainers:
name: solr
sources:
- https://github.com/bitnami/charts/tree/main/bitnami/solr
version: 8.5.1
version: 8.6.0

62
bitnami/solr/README.md
View File

@@ -181,34 +181,40 @@ The command removes all the Kubernetes components associated with the chart and
### Traffic Exposure parameters
| Name | Description | Value |
| ---------------------------------- | -------------------------------------------------------------------------------------------------------------------------------- | ------------------------ |
| `service.type` | Kubernetes Service type | `ClusterIP` |
| `service.ports.http` | Solr HTTP service port | `8983` |
| `service.nodePorts.http` | Node port for the HTTP service | `""` |
| `service.sessionAffinity` | Control where client requests go, to the same pod or round-robin | `None` |
| `service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` |
| `service.clusterIP` | Solr service Cluster IP | `""` |
| `service.loadBalancerIP` | Solr service Load Balancer IP | `""` |
| `service.loadBalancerSourceRanges` | Solr service Load Balancer sources | `[]` |
| `service.externalTrafficPolicy` | Solr service external traffic policy | `Cluster` |
| `service.annotations` | Additional custom annotations for Solr service | `{}` |
| `service.extraPorts` | Extra ports to expose in the Solr service (normally used with the `sidecar` value) | `[]` |
| `service.headless.annotations` | Annotations for the headless service. | `{}` |
| `ingress.enabled` | Enable ingress record generation for Apache Geode | `false` |
| `ingress.ingressClassName` | IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) | `""` |
| `ingress.pathType` | Ingress path type | `ImplementationSpecific` |
| `ingress.apiVersion` | Force Ingress API version (automatically detected if not set) | `""` |
| `ingress.hostname` | Default host for the ingress record | `solr.local` |
| `ingress.path` | Default path for the ingress record | `/` |
| `ingress.annotations` | Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. | `{}` |
| `ingress.tls` | Enable TLS configuration for the host defined at `ingress.hostname` parameter | `false` |
| `ingress.selfSigned` | Create a TLS secret for this ingress record using self-signed certificates generated by Helm | `false` |
| `ingress.extraHosts` | An array with additional hostname(s) to be covered with the ingress record | `[]` |
| `ingress.extraPaths` | Any additional arbitrary paths that may need to be added to the ingress under the main host. | `[]` |
| `ingress.extraTls` | The tls configuration for additional hostnames to be covered with this ingress record. | `[]` |
| `ingress.secrets` | If you're providing your own certificates, please use this to add the certificates as secrets | `[]` |
| `ingress.extraRules` | Additional rules to be covered with this ingress record | `[]` |
| Name | Description | Value |
| --------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------- | ------------------------ |
| `service.type` | Kubernetes Service type | `ClusterIP` |
| `service.ports.http` | Solr HTTP service port | `8983` |
| `service.nodePorts.http` | Node port for the HTTP service | `""` |
| `service.sessionAffinity` | Control where client requests go, to the same pod or round-robin | `None` |
| `service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` |
| `service.clusterIP` | Solr service Cluster IP | `""` |
| `service.loadBalancerIP` | Solr service Load Balancer IP | `""` |
| `service.loadBalancerSourceRanges` | Solr service Load Balancer sources | `[]` |
| `service.externalTrafficPolicy` | Solr service external traffic policy | `Cluster` |
| `service.annotations` | Additional custom annotations for Solr service | `{}` |
| `service.extraPorts` | Extra ports to expose in the Solr service (normally used with the `sidecar` value) | `[]` |
| `service.headless.annotations` | Annotations for the headless service. | `{}` |
| `networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` |
| `networkPolicy.allowExternal` | Don't require client label for connections | `true` |
| `networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolice | `[]` |
| `networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` |
| `networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` |
| `networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` |
| `ingress.enabled` | Enable ingress record generation for Apache Geode | `false` |
| `ingress.ingressClassName` | IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) | `""` |
| `ingress.pathType` | Ingress path type | `ImplementationSpecific` |
| `ingress.apiVersion` | Force Ingress API version (automatically detected if not set) | `""` |
| `ingress.hostname` | Default host for the ingress record | `solr.local` |
| `ingress.path` | Default path for the ingress record | `/` |
| `ingress.annotations` | Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. | `{}` |
| `ingress.tls` | Enable TLS configuration for the host defined at `ingress.hostname` parameter | `false` |
| `ingress.selfSigned` | Create a TLS secret for this ingress record using self-signed certificates generated by Helm | `false` |
| `ingress.extraHosts` | An array with additional hostname(s) to be covered with the ingress record | `[]` |
| `ingress.extraPaths` | Any additional arbitrary paths that may need to be added to the ingress under the main host. | `[]` |
| `ingress.extraTls` | The tls configuration for additional hostnames to be covered with this ingress record. | `[]` |
| `ingress.secrets` | If you're providing your own certificates, please use this to add the certificates as secrets | `[]` |
| `ingress.extraRules` | Additional rules to be covered with this ingress record | `[]` |
### Persistence parameters

16
bitnami/solr/templates/NOTES.txt
View File

@@ -21,14 +21,14 @@ APP VERSION: {{ .Chart.AppVersion }}
Solr can be accessed via port {{ .Values.service.ports.http }} on the following DNS name from within your cluster:
{{ include "common.names.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}:{{ .Values.service.ports.http }}
{{ include "common.names.fullname" . }}.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }}:{{ .Values.service.ports.http }}
{{- if .Values.auth.enabled }}
To get the Solr credentials execute the following commands:
echo Username: {{ .Values.auth.adminUsername }}
echo Password: $(kubectl get secret --namespace {{ .Release.Namespace }} {{ include "solr.secretName" . }} -o jsonpath="{.data.solr-password}" | base64 -d)
echo Password: $(kubectl get secret --namespace {{ include "common.names.namespace" . }} {{ include "solr.secretName" . }} -o jsonpath="{.data.solr-password}" | base64 -d)
{{- end }}
@@ -38,8 +38,8 @@ To connect to your Solr cluster from outside the cluster, perform the following
1. Obtain the NodePort IP and ports:
export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.names.fullname" . }})
export NODE_IP=$(kubectl get nodes --namespace {{ include "common.names.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
export NODE_PORT=$(kubectl get --namespace {{ include "common.names.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.names.fullname" . }})
echo "Solr URL: ${NODE_IP}:${NODE_PORT}"
{{- else if contains "LoadBalancer" .Values.service.type }}
@@ -47,16 +47,16 @@ To connect to your Solr cluster from outside the cluster, perform the following
1. Obtain the LoadBalancer IP
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ include "common.names.fullname" . }}'
Watch the status with: 'kubectl get svc --namespace {{ include "common.names.namespace" . }} -w {{ include "common.names.fullname" . }}'
export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "common.names.fullname" . }} --template "{{ "{{ range (index .status.loadBalancer.ingress 0) }}{{ . }}{{ end }}" }}")
export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.names.namespace" . }} {{ include "common.names.fullname" . }} --template "{{ "{{ range (index .status.loadBalancer.ingress 0) }}{{ . }}{{ end }}" }}")
echo "Solr URL: ${SERVICE_IP}:{{ .Values.service.ports.http }}"
{{- else if contains "ClusterIP" .Values.service.type }}
1. Create a port-forward to the Solr client port:
kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ include "common.names.fullname" . }} {{ .Values.service.ports.http }}:{{ .Values.service.ports.http }} &
kubectl port-forward --namespace {{ include "common.names.namespace" . }} svc/{{ include "common.names.fullname" . }} {{ .Values.service.ports.http }}:{{ .Values.service.ports.http }} &
echo "Solr URL: 127.0.0.1:{{ .Values.service.ports.http }}"
{{- end }}
@@ -67,7 +67,7 @@ To connect to your Solr cluster from outside the cluster, perform the following
Solr Prometheus metrics can be accessed via port {{ .Values.metrics.service.ports.http }} on the following DNS name from within your cluster:
{{ printf "%s-exporter" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}:{{ .Values.metrics.service.ports.http }}/metrics
{{ printf "%s-exporter" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" }}.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }}:{{ .Values.metrics.service.ports.http }}/metrics
{{- end }}

17
bitnami/solr/templates/_helpers.tpl
View File

@@ -101,7 +101,7 @@ Return Solr admin password
{{- if not (empty .Values.auth.adminPassword) -}}
{{- .Values.auth.adminPassword -}}
{{- else -}}
{{- include "getValueFromSecret" (dict "Namespace" .Release.Namespace "Name" (include "common.names.fullname" .) "Length" 10 "Key" "solr-password") -}}
{{- include "getValueFromSecret" (dict "Namespace" (include "common.names.namespace" .) "Name" (include "common.names.fullname" .) "Length" 10 "Key" "solr-password") -}}
{{- end -}}
{{- end -}}
@@ -113,7 +113,7 @@ Return proper Zookeeper hosts
{{- include "common.tplvalues.render" (dict "value" (join "," .Values.externalZookeeper.servers) "context" $) -}}
{{- else -}}
{{- $zookeeperList := list -}}
{{- $releaseNamespace := default .Release.Namespace .Values.zookeeper.namespaceOverride -}}
{{- $releaseNamespace := default (include "common.names.namespace" .) .Values.zookeeper.namespaceOverride -}}
{{- $clusterDomain := .Values.clusterDomain -}}
{{- $zookeeperFullname := include "solr.zookeeper.fullname" . -}}
{{- range $e, $i := until (int .Values.zookeeper.replicaCount) -}}
@@ -123,6 +123,19 @@ Return proper Zookeeper hosts
{{- end -}}
{{- end -}}
{{/*
Return proper Zookeeper hosts
*/}}
{{- define "solr.zookeeper.port" -}}
{{- if .Values.externalZookeeper.servers -}}
{{- include "solr.zookeeper.hosts" . | regexFind ":[0-9]+" | trimPrefix ":" | default "2181" | int -}}
{{- else if .Values.zookeeper.enabled -}}
{{- int .Values.zookeeper.containerPorts.client -}}
{{- else -}}
{{- int "2181" -}}
{{- end -}}
{{- end -}}
{{/*
Return true if a TLS secret object should be created
*/}}

4
bitnami/solr/templates/ingress-tls-secrets.yaml
View File

@@ -10,7 +10,7 @@ apiVersion: v1
kind: Secret
metadata:
name: {{ .name }}
namespace: {{ $.Release.Namespace | quote }}
namespace: {{ include "common.names.namespace" $ | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" $.Values.commonLabels "context" $ ) | nindent 4 }}
{{- if $.Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 4 }}
@@ -30,7 +30,7 @@ apiVersion: v1
kind: Secret
metadata:
name: {{ $secretName }}
namespace: {{ .Release.Namespace | quote }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}

2
bitnami/solr/templates/metrics-deployment.yaml
View File

@@ -8,7 +8,7 @@ apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }}
kind: Deployment
metadata:
name: {{ printf "%s-exporter" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" }}
namespace: {{ .Release.Namespace | quote }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: solr-exporter
{{- if .Values.commonAnnotations }}

2
bitnami/solr/templates/metrics-svc.yaml
View File

@@ -8,7 +8,7 @@ apiVersion: v1
kind: Service
metadata:
name: {{ printf "%s-exporter" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" }}
namespace: {{ .Release.Namespace | quote }}
namespace: {{ include "common.names.namespace" . | quote }}
{{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.metrics.service.labels .Values.commonLabels ) "context" . ) }}
labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: metrics

78
bitnami/solr/templates/networkpolicy.yaml Normal file
View File

@@ -0,0 +1,78 @@
{{- /*
Copyright VMware, Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if .Values.networkPolicy.enabled }}
kind: NetworkPolicy
apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }}
metadata:
name: {{ template "common.names.fullname" . }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
{{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.podLabels .Values.commonLabels ) "context" . ) }}
podSelector:
matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }}
policyTypes:
- Ingress
- Egress
egress:
# Allow dns resolution
- ports:
- port: 53
protocol: UDP
- port: 53
protocol: TCP
# Allow outbound connections to other cluster pods
- ports:
- port: {{ .Values.containerPorts.http }}
to:
- podSelector:
matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 14 }}
# Allow outbound connections to Zookeeper
- ports:
- port: {{ include "solr.zookeeper.port" . }}
{{- if .Values.zookeeper.enabled }}
to:
- podSelector:
matchLabels:
app.kubernetes.io/name: zookeeper
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{- if .Values.networkPolicy.extraEgress }}
{{- include "common.tplvalues.render" ( dict "value" .Values.networkPolicy.extraEgress "context" $ ) | nindent 4 }}
{{- end }}
ingress:
- ports:
- port: {{ .Values.containerPorts.http }}
- port: {{ .Values.service.ports.http }}
{{- if not .Values.networkPolicy.allowExternal }}
from:
- podSelector:
matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 14 }}
- podSelector:
matchLabels:
{{ template "common.names.fullname" . }}-client: "true"
{{- if .Values.networkPolicy.ingressNSMatchLabels }}
- namespaceSelector:
matchLabels:
{{- range $key, $value := .Values.networkPolicy.ingressNSMatchLabels }}
{{ $key | quote }}: {{ $value | quote }}
{{- end }}
{{- if .Values.networkPolicy.ingressNSPodMatchLabels }}
podSelector:
matchLabels:
{{- range $key, $value := .Values.networkPolicy.ingressNSPodMatchLabels }}
{{ $key | quote }}: {{ $value | quote }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
{{- if .Values.networkPolicy.extraIngress }}
{{- include "common.tplvalues.render" ( dict "value" .Values.networkPolicy.extraIngress "context" $ ) | nindent 4 }}
{{- end }}
{{- end }}

2
bitnami/solr/templates/pdb.yaml
View File

@@ -8,7 +8,7 @@ apiVersion: {{ include "common.capabilities.policy.apiVersion" . }}
kind: PodDisruptionBudget
metadata:
name: {{ template "common.names.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}

2
bitnami/solr/templates/prometheusrule.yaml
View File

@@ -8,7 +8,7 @@ apiVersion: monitoring.coreos.com/v1
kind: PrometheusRule
metadata:
name: {{ template "common.names.fullname" . }}
namespace: {{ default .Release.Namespace .Values.metrics.prometheusRule.namespace | quote }}
namespace: {{ default include "common.names.namespace" . .Values.metrics.prometheusRule.namespace | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- if .Values.metrics.prometheusRule.additionalLabels }}
{{- include "common.tplvalues.render" (dict "value" .Values.metrics.prometheusRule.additionalLabels "context" $) | nindent 4 }}

4
bitnami/solr/templates/scripts-configmap.yaml
View File

@@ -7,7 +7,7 @@ apiVersion: v1
kind: ConfigMap
metadata:
name: {{ printf "%s-scripts" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" }}
namespace: {{ .Release.Namespace | quote }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: solr
{{- if .Values.commonAnnotations }}
@@ -49,5 +49,5 @@ data:
fi
{{- end }}
# Use hostname instead of IP to register in ZooKeeper
export SOLR_HOST="${MY_POD_NAME}.{{ printf "%s-headless" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}"
export SOLR_HOST="${MY_POD_NAME}.{{ printf "%s-headless" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" }}.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }}"
/opt/bitnami/scripts/solr/entrypoint.sh /opt/bitnami/scripts/solr/run.sh

4
bitnami/solr/templates/secrets.yaml
View File

@@ -13,7 +13,7 @@ metadata:
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
namespace: {{ .Release.Namespace | quote }}
namespace: {{ include "common.names.namespace" . | quote }}
type: Opaque
data:
solr-password: {{ include "solr.password" . | b64enc | quote }}
@@ -29,7 +29,7 @@ metadata:
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
namespace: {{ .Release.Namespace | quote }}
namespace: {{ include "common.names.namespace" . | quote }}
type: Opaque
data:
keystore-password: {{ default (randAlphaNum 10) .Values.tls.keystorePassword | b64enc | quote }}

2
bitnami/solr/templates/service-account.yaml
View File

@@ -8,7 +8,7 @@ apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "solr.serviceAccountName" . }}
namespace: {{ .Release.Namespace | quote }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: solr
{{- if or .Values.serviceAccount.annotations .Values.commonAnnotations }}

4
bitnami/solr/templates/servicemonitor.yaml
View File

@@ -8,7 +8,7 @@ apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ template "common.names.fullname" . }}
namespace: {{ default .Release.Namespace .Values.metrics.serviceMonitor.namespace | quote }}
namespace: {{ default include "common.names.namespace" . .Values.metrics.serviceMonitor.namespace | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: metrics
{{- if .Values.metrics.serviceMonitor.additionalLabels }}
@@ -47,5 +47,5 @@ spec:
{{- end }}
namespaceSelector:
matchNames:
- {{ .Release.Namespace }}
- {{ include "common.names.namespace" . }}
{{- end }}

2
bitnami/solr/templates/statefulset.yaml
View File

@@ -12,7 +12,7 @@ metadata:
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
namespace: {{ .Release.Namespace | quote }}
namespace: {{ include "common.names.namespace" . | quote }}
spec:
podManagementPolicy: {{ .Values.podManagementPolicy }}
replicas: {{ .Values.replicaCount }}

2
bitnami/solr/templates/svc-headless.yaml
View File

@@ -7,7 +7,7 @@ apiVersion: v1
kind: Service
metadata:
name: {{ printf "%s-headless" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" }}
namespace: {{ .Release.Namespace | quote }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: solr
{{- if or .Values.service.headless.annotations .Values.commonAnnotations }}

2
bitnami/solr/templates/svc.yaml
View File

@@ -7,7 +7,7 @@ apiVersion: v1
kind: Service
metadata:
name: {{ include "common.names.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: solr
{{- if or .Values.service.annotations .Values.commonAnnotations }}

4
bitnami/solr/templates/tls-secrets.yaml
View File

@@ -6,7 +6,7 @@ SPDX-License-Identifier: APACHE-2.0
{{- if (include "solr.createTlsSecret" .) }}
{{- $secretName := printf "%s-crt" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" }}
{{- $ca := genCA "solr-ca" 365 }}
{{- $releaseNamespace := .Release.Namespace }}
{{- $releaseNamespace := include "common.names.namespace" . }}
{{- $clusterDomain := .Values.clusterDomain }}
{{- $serviceName := include "common.names.fullname" . }}
{{- $headlessServiceName := printf "%s-headless" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" }}
@@ -21,7 +21,7 @@ metadata:
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
namespace: {{ .Release.Namespace | quote }}
namespace: {{ include "common.names.namespace" . | quote }}
type: kubernetes.io/tls
data:
tls.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.crt" "defaultValue" $cert.Cert "context" $) }}

52
bitnami/solr/values.yaml
View File

@@ -455,6 +455,58 @@ service:
## @param service.headless.annotations Annotations for the headless service.
##
annotations: {}
## Network Policies
## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/
##
networkPolicy:
## @param networkPolicy.enabled Specifies whether a NetworkPolicy should be created
##
enabled: true
## @param networkPolicy.allowExternal Don't require client label for connections
## The Policy model to apply. When set to false, only pods with the correct
## client label will have network access to the ports the application is listening
## on. When true, the app will accept connections from any source
## (with the correct destination port).
##
allowExternal: true
## @param networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolice
## e.g:
## extraIngress:
## - ports:
## - port: 1234
## from:
## - podSelector:
## - matchLabels:
## - role: frontend
## - podSelector:
## - matchExpressions:
## - key: role
## operator: In
## values:
## - frontend
extraIngress: []
## @param networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy
## e.g:
## extraEgress:
## - ports:
## - port: 1234
## to:
## - podSelector:
## - matchLabels:
## - role: frontend
## - podSelector:
## - matchExpressions:
## - key: role
## operator: In
## values:
## - frontend
##
extraEgress: []
## @param networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces
## @param networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces
##
ingressNSMatchLabels: {}
ingressNSPodMatchLabels: {}
## Solr ingress parameters
## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/
##