mirror of
https://github.com/bitnami/charts.git
synced 2026-03-16 06:47:30 +08:00
[bitnami/whereabouts] feat: 🔒 Enable networkPolicy (#22551)
Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com>
This commit is contained in:
Javier J. Salmerón-García
committed by
GitHub
GitHub
parent
31b5756877
commit
0cc21d7bb9
@@ -29,4 +29,4 @@ maintainers:
|
|||||||
name: whereabouts
|
name: whereabouts
|
||||||
sources:
|
sources:
|
||||||
- https://github.com/bitnami/charts/tree/main/bitnami/whereabouts
|
- https://github.com/bitnami/charts/tree/main/bitnami/whereabouts
|
||||||
version: 0.8.0
|
version: 0.9.0
|
||||||
|
|||||||
@@ -151,6 +151,9 @@ The command removes all the Kubernetes components associated with the chart and
|
|||||||
| `lifecycleHooks` | LifecycleHook to set additional configuration at startup Evaluated as a template | `{}` |
|
| `lifecycleHooks` | LifecycleHook to set additional configuration at startup Evaluated as a template | `{}` |
|
||||||
| `podAnnotations` | Pod annotations | `{}` |
|
| `podAnnotations` | Pod annotations | `{}` |
|
||||||
| `podLabels` | Add additional labels to the pod (evaluated as a template) | `{}` |
|
| `podLabels` | Add additional labels to the pod (evaluated as a template) | `{}` |
|
||||||
|
| `networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` |
|
||||||
|
| `networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolice | `[]` |
|
||||||
|
| `networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` |
|
||||||
|
|
||||||
### Other Parameters
|
### Other Parameters
|
||||||
|
|
||||||
|
|||||||
37
bitnami/whereabouts/templates/networkpolicy.yaml
Normal file
37
bitnami/whereabouts/templates/networkpolicy.yaml
Normal file
@@ -0,0 +1,37 @@
|
|||||||
|
{{- /*
|
||||||
|
Copyright VMware, Inc.
|
||||||
|
SPDX-License-Identifier: APACHE-2.0
|
||||||
|
*/}}
|
||||||
|
|
||||||
|
{{- if .Values.networkPolicy.enabled }}
|
||||||
|
kind: NetworkPolicy
|
||||||
|
apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }}
|
||||||
|
metadata:
|
||||||
|
name: {{ include "common.names.fullname" . }}
|
||||||
|
namespace: {{ template "common.names.namespace" . }}
|
||||||
|
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
|
||||||
|
{{- if .Values.commonAnnotations }}
|
||||||
|
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
spec:
|
||||||
|
{{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.podLabels .Values.commonLabels ) "context" . ) }}
|
||||||
|
podSelector:
|
||||||
|
matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }}
|
||||||
|
policyTypes:
|
||||||
|
- Ingress
|
||||||
|
- Egress
|
||||||
|
egress:
|
||||||
|
# Allow dns resolution
|
||||||
|
- ports:
|
||||||
|
- port: 53
|
||||||
|
protocol: UDP
|
||||||
|
- port: 53
|
||||||
|
protocol: TCP
|
||||||
|
{{- if .Values.networkPolicy.extraEgress }}
|
||||||
|
{{- include "common.tplvalues.render" ( dict "value" .Values.rts.networkPolicy.extraEgress "context" $ ) | nindent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
ingress:
|
||||||
|
{{- if .Values.networkPolicy.extraIngress }}
|
||||||
|
{{- include "common.tplvalues.render" ( dict "value" .Values.networkPolicy.extraIngress "context" $ ) | nindent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
@@ -311,6 +311,47 @@ podAnnotations: {}
|
|||||||
##
|
##
|
||||||
podLabels: {}
|
podLabels: {}
|
||||||
|
|
||||||
|
## Network Policies
|
||||||
|
## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/
|
||||||
|
##
|
||||||
|
networkPolicy:
|
||||||
|
## @param networkPolicy.enabled Specifies whether a NetworkPolicy should be created
|
||||||
|
##
|
||||||
|
enabled: true
|
||||||
|
## @param networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolice
|
||||||
|
## e.g:
|
||||||
|
## extraIngress:
|
||||||
|
## - ports:
|
||||||
|
## - port: 1234
|
||||||
|
## from:
|
||||||
|
## - podSelector:
|
||||||
|
## - matchLabels:
|
||||||
|
## - role: frontend
|
||||||
|
## - podSelector:
|
||||||
|
## - matchExpressions:
|
||||||
|
## - key: role
|
||||||
|
## operator: In
|
||||||
|
## values:
|
||||||
|
## - frontend
|
||||||
|
extraIngress: []
|
||||||
|
## @param networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy
|
||||||
|
## e.g:
|
||||||
|
## extraEgress:
|
||||||
|
## - ports:
|
||||||
|
## - port: 1234
|
||||||
|
## to:
|
||||||
|
## - podSelector:
|
||||||
|
## - matchLabels:
|
||||||
|
## - role: frontend
|
||||||
|
## - podSelector:
|
||||||
|
## - matchExpressions:
|
||||||
|
## - key: role
|
||||||
|
## operator: In
|
||||||
|
## values:
|
||||||
|
## - frontend
|
||||||
|
##
|
||||||
|
extraEgress: []
|
||||||
|
|
||||||
## @section Other Parameters
|
## @section Other Parameters
|
||||||
##
|
##
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user