[bitnami/spring-cloud-dataflow] Add externalEgress support (#24576)

* [bitnami/spring-cloud-dataflow] Add externalEgress support Signed-off-by: Fran de Paz <fran.de-paz@broadcom.com> * Update README.md with readme-generator-for-helm Signed-off-by: Bitnami Containers <bitnami-bot@vmware.com> --------- Signed-off-by: Fran de Paz <fran.de-paz@broadcom.com> Signed-off-by: Bitnami Containers <bitnami-bot@vmware.com> Co-authored-by: Bitnami Containers <bitnami-bot@vmware.com>
2026-02-19 11:37:23 +08:00 · 2024-03-20 17:55:37 +01:00
parent b154df34b8
commit 19d385aae7
6 changed files with 28 additions and 1 deletions
--- a/bitnami/spring-cloud-dataflow/Chart.yaml
+++ b/bitnami/spring-cloud-dataflow/Chart.yaml
@@ -53,4 +53,4 @@ maintainers:
 name: spring-cloud-dataflow
 sources:
 - https://github.com/bitnami/charts/tree/main/bitnami/spring-cloud-dataflow
-version: 26.12.0
+version: 26.13.0
--- a/bitnami/spring-cloud-dataflow/README.md
+++ b/bitnami/spring-cloud-dataflow/README.md
@@ -339,6 +339,7 @@ As an alternative, you can use the preset configurations for pod affinity, pod a
 | `server.customReadinessProbe`                              | Override default readiness probe                                                                                                                                                                                         | `{}`                                                         |
 | `server.networkPolicy.enabled`                             | Specifies whether a NetworkPolicy should be created                                                                                                                                                                      | `true`                                                       |
 | `server.networkPolicy.allowExternal`                       | Don't require client label for connections                                                                                                                                                                               | `true`                                                       |
+| `server.networkPolicy.allowExternalEgress`                 | Allow the pod to access any range of port and all destinations.                                                                                                                                                          | `true`                                                       |
 | `server.networkPolicy.kubeAPIServerPorts`                  | List of possible endpoints to kube-apiserver (limit to your cluster settings to increase security)                                                                                                                       | `[]`                                                         |
 | `server.networkPolicy.extraIngress`                        | Add extra ingress rules to the NetworkPolice                                                                                                                                                                             | `[]`                                                         |
 | `server.networkPolicy.extraEgress`                         | Add extra ingress rules to the NetworkPolicy                                                                                                                                                                             | `[]`                                                         |
@@ -467,6 +468,7 @@ As an alternative, you can use the preset configurations for pod affinity, pod a
 | `skipper.customReadinessProbe`                              | Override default readiness probe                                                                                                                                                                                           | `{}`                                   |
 | `skipper.networkPolicy.enabled`                             | Specifies whether a NetworkPolicy should be created                                                                                                                                                                        | `true`                                 |
 | `skipper.networkPolicy.allowExternal`                       | Don't require client label for connections                                                                                                                                                                                 | `true`                                 |
+| `skipper.networkPolicy.allowExternalEgress`                 | Allow the pod to access any range of port and all destinations.                                                                                                                                                            | `true`                                 |
 | `skipper.networkPolicy.kubeAPIServerPorts`                  | List of possible endpoints to kube-apiserver (limit to your cluster settings to increase security)                                                                                                                         | `[]`                                   |
 | `skipper.networkPolicy.extraIngress`                        | Add extra ingress rules to the NetworkPolice                                                                                                                                                                               | `[]`                                   |
 | `skipper.networkPolicy.extraEgress`                         | Add extra ingress rules to the NetworkPolicy                                                                                                                                                                               | `[]`                                   |
@@ -609,6 +611,7 @@ As an alternative, you can use the preset configurations for pod affinity, pod a
 | `metrics.topologySpreadConstraints`                         | Topology Spread Constraints for pod assignment                                                                                                                                                                             | `[]`                                       |
 | `metrics.networkPolicy.enabled`                             | Specifies whether a NetworkPolicy should be created                                                                                                                                                                        | `true`                                     |
 | `metrics.networkPolicy.allowExternal`                       | Don't require client label for connections                                                                                                                                                                                 | `true`                                     |
+| `metrics.networkPolicy.allowExternalEgress`                 | Allow the pod to access any range of port and all destinations.                                                                                                                                                            | `true`                                     |
 | `metrics.networkPolicy.extraIngress`                        | Add extra ingress rules to the NetworkPolice                                                                                                                                                                               | `[]`                                       |
 | `metrics.networkPolicy.extraEgress`                         | Add extra ingress rules to the NetworkPolicy                                                                                                                                                                               | `[]`                                       |
 | `metrics.networkPolicy.ingressNSMatchLabels`                | Labels to match to allow traffic from other namespaces                                                                                                                                                                     | `{}`                                       |
--- a/bitnami/spring-cloud-dataflow/templates/prometheus-proxy/networkpolicy.yaml
+++ b/bitnami/spring-cloud-dataflow/templates/prometheus-proxy/networkpolicy.yaml
@@ -23,6 +23,10 @@ spec:
  policyTypes:
    - Ingress
    - Egress
+  {{- if .Values.metrics.networkPolicy.allowExternalEgress }}
+  egress:
+    - {}
+  {{- else }}
  egress:
    - ports:
        # Allow dns resolution
@@ -33,6 +37,7 @@ spec:
    {{- if .Values.metrics.networkPolicy.extraEgress }}
    {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.networkPolicy.extraEgress "context" $ ) | nindent 4 }}
    {{- end }}
+  {{- end }}
  ingress:
    - ports:
        - port: {{ coalesce .Values.metrics.service.ports.http .Values.metrics.service.httpPort }}
--- a/bitnami/spring-cloud-dataflow/templates/server/networkpolicy.yaml
+++ b/bitnami/spring-cloud-dataflow/templates/server/networkpolicy.yaml
@@ -23,6 +23,10 @@ spec:
  policyTypes:
    - Ingress
    - Egress
+  {{- if .Values.server.networkPolicy.allowExternalEgress }}
+  egress:
+    - {}
+  {{- else }}
  egress:
    - ports:
        # Allow dns resolution
@@ -95,6 +99,7 @@ spec:
    {{- if .Values.server.networkPolicy.extraEgress }}
    {{- include "common.tplvalues.render" ( dict "value" .Values.server.networkPolicy.extraEgress "context" $ ) | nindent 4 }}
    {{- end }}
+  {{- end }}
  ingress:
    - ports:
        - port: {{ .Values.server.containerPorts.http }}
--- a/bitnami/spring-cloud-dataflow/templates/skipper/networkpolicy.yaml
+++ b/bitnami/spring-cloud-dataflow/templates/skipper/networkpolicy.yaml
@@ -24,6 +24,10 @@ spec:
  policyTypes:
    - Ingress
    - Egress
+  {{- if .Values.skipper.networkPolicy.allowExternalEgress }}
+  egress:
+    - {}
+  {{- else }}
  egress:
    - ports:
        # Allow dns resolution
@@ -74,6 +78,7 @@ spec:
    {{- if .Values.skipper.networkPolicy.extraEgress }}
    {{- include "common.tplvalues.render" ( dict "value" .Values.skipper.networkPolicy.extraEgress "context" $ ) | nindent 4 }}
    {{- end }}
+  {{- end }}
  ingress:
    - ports:
        - port: {{ .Values.skipper.containerPorts.http }}
--- a/bitnami/spring-cloud-dataflow/values.yaml
+++ b/bitnami/spring-cloud-dataflow/values.yaml
@@ -387,6 +387,9 @@ server:
    ## (with the correct destination port).
    ##
    allowExternal: true
+    ## @param server.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations.
+    ##
+    allowExternalEgress: true
    ## @param server.networkPolicy.kubeAPIServerPorts [array] List of possible endpoints to kube-apiserver (limit to your cluster settings to increase security)
    ##
    kubeAPIServerPorts: [443, 6443, 8443]
@@ -965,6 +968,9 @@ skipper:
    ## (with the correct destination port).
    ##
    allowExternal: true
+    ## @param skipper.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations.
+    ##
+    allowExternalEgress: true
    ## @param skipper.networkPolicy.kubeAPIServerPorts [array] List of possible endpoints to kube-apiserver (limit to your cluster settings to increase security)
    ##
    kubeAPIServerPorts: [443, 6443, 8443]
@@ -1537,6 +1543,9 @@ metrics:
    ## (with the correct destination port).
    ##
    allowExternal: true
+    ## @param metrics.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations.
+    ##
+    allowExternalEgress: true
    ## @param metrics.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolice
    ## e.g:
    ## extraIngress: