[bitnami/mongodb-sharded] feat: 🔒 Enable networkPolicy (#22878)

* [bitnami/mongodb-sharded] feat: 🔒 Enable networkPolicy Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com> * fix: 🐛 Add allowExternalEgress to avoid breaking istio Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com> * Update bitnami/mongodb-sharded/templates/networkpolicy.yaml Co-authored-by: Fran Mulero <fmulero@vmware.com> Signed-off-by: Javier J. Salmerón-García <jsalmeron@vmware.com> --------- Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com> Signed-off-by: Javier J. Salmerón-García <jsalmeron@vmware.com> Signed-off-by: Fran Mulero <fmulero@vmware.com> Co-authored-by: Fran Mulero <fmulero@vmware.com>
2026-03-29 16:27:11 +08:00 · 2024-02-01 17:42:01 +01:00
parent 394cd12455
commit 66237d001e
4 changed files with 140 additions and 1 deletions
--- a/bitnami/mongodb-sharded/README.md
+++ b/bitnami/mongodb-sharded/README.md
@@ -145,6 +145,13 @@ The command removes all the Kubernetes components associated with the chart and
 | `service.sessionAffinity`                            | Session Affinity for Kubernetes service, can be "None" or "ClientIP"                                                                                      | `None`                            |
 | `service.sessionAffinityConfig`                      | Additional settings for the sessionAffinity                                                                                                               | `{}`                              |
 | `service.headless.annotations`                       | Annotations for the headless service.                                                                                                                     | `{}`                              |
+| `networkPolicy.enabled`                              | Specifies whether a NetworkPolicy should be created                                                                                                       | `true`                            |
+| `networkPolicy.allowExternal`                        | Don't require server label for connections                                                                                                                | `true`                            |
+| `networkPolicy.allowExternalEgress`                  | Allow the pod to access any range of port and all destinations.                                                                                           | `true`                            |
+| `networkPolicy.extraIngress`                         | Add extra ingress rules to the NetworkPolice                                                                                                              | `[]`                              |
+| `networkPolicy.extraEgress`                          | Add extra ingress rules to the NetworkPolicy                                                                                                              | `[]`                              |
+| `networkPolicy.ingressNSMatchLabels`                 | Labels to match to allow traffic from other namespaces                                                                                                    | `{}`                              |
+| `networkPolicy.ingressNSPodMatchLabels`              | Pod labels to match to allow traffic from other namespaces                                                                                                | `{}`                              |

 ### Config Server parameters