mirror of
https://github.com/bitnami/charts.git
synced 2026-03-16 06:47:30 +08:00
[bitnami/opensearch] feat: 🔒 Enable networkPolicy (#22870)
* [bitnami/opensearch] feat: 🔒 Enable networkPolicy Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com> * fix: 🐛 Add allowExternalEgress to avoid breaking istio Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com> * fix: 🐛 Set correct values for networkpolicy Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com> --------- Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com> Signed-off-by: Javier J. Salmerón-García <jsalmeron@vmware.com>
This commit is contained in:
Javier J. Salmerón-García
committed by
GitHub
GitHub
parent
a55b6091f3
commit
aa5df1fa93
@@ -30,4 +30,4 @@ maintainers:
|
|||||||
name: opensearch
|
name: opensearch
|
||||||
sources:
|
sources:
|
||||||
- https://github.com/bitnami/charts/tree/main/bitnami/opensearch
|
- https://github.com/bitnami/charts/tree/main/bitnami/opensearch
|
||||||
version: 0.8.3
|
version: 0.9.0
|
||||||
|
|||||||
@@ -280,8 +280,9 @@ helm delete --purge my-release
|
|||||||
| `master.serviceAccount.name` | Name of the service account to use. If not set and create is true, a name is generated using the fullname template. | `""` |
|
| `master.serviceAccount.name` | Name of the service account to use. If not set and create is true, a name is generated using the fullname template. | `""` |
|
||||||
| `master.serviceAccount.automountServiceAccountToken` | Automount service account token for the server service account | `false` |
|
| `master.serviceAccount.automountServiceAccountToken` | Automount service account token for the server service account | `false` |
|
||||||
| `master.serviceAccount.annotations` | Annotations for service account. Evaluated as a template. Only used if `create` is `true`. | `{}` |
|
| `master.serviceAccount.annotations` | Annotations for service account. Evaluated as a template. Only used if `create` is `true`. | `{}` |
|
||||||
| `master.networkPolicy.enabled` | Enable creation of NetworkPolicy resources | `false` |
|
| `master.networkPolicy.enabled` | Enable creation of NetworkPolicy resources | `true` |
|
||||||
| `master.networkPolicy.allowExternal` | The Policy model to apply | `true` |
|
| `master.networkPolicy.allowExternal` | The Policy model to apply | `true` |
|
||||||
|
| `master.networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` |
|
||||||
| `master.networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolicy | `[]` |
|
| `master.networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolicy | `[]` |
|
||||||
| `master.networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` |
|
| `master.networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` |
|
||||||
| `master.networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` |
|
| `master.networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` |
|
||||||
@@ -389,8 +390,9 @@ helm delete --purge my-release
|
|||||||
| `data.serviceAccount.name` | Name of the service account to use. If not set and create is true, a name is generated using the fullname template. | `""` |
|
| `data.serviceAccount.name` | Name of the service account to use. If not set and create is true, a name is generated using the fullname template. | `""` |
|
||||||
| `data.serviceAccount.automountServiceAccountToken` | Automount service account token for the server service account | `false` |
|
| `data.serviceAccount.automountServiceAccountToken` | Automount service account token for the server service account | `false` |
|
||||||
| `data.serviceAccount.annotations` | Annotations for service account. Evaluated as a template. Only used if `create` is `true`. | `{}` |
|
| `data.serviceAccount.annotations` | Annotations for service account. Evaluated as a template. Only used if `create` is `true`. | `{}` |
|
||||||
| `data.networkPolicy.enabled` | Enable creation of NetworkPolicy resources | `false` |
|
| `data.networkPolicy.enabled` | Enable creation of NetworkPolicy resources | `true` |
|
||||||
| `data.networkPolicy.allowExternal` | The Policy model to apply | `true` |
|
| `data.networkPolicy.allowExternal` | The Policy model to apply | `true` |
|
||||||
|
| `data.networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` |
|
||||||
| `data.networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolicy | `[]` |
|
| `data.networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolicy | `[]` |
|
||||||
| `data.networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` |
|
| `data.networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` |
|
||||||
| `data.networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` |
|
| `data.networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` |
|
||||||
@@ -490,8 +492,9 @@ helm delete --purge my-release
|
|||||||
| `coordinating.serviceAccount.name` | Name of the service account to use. If not set and create is true, a name is generated using the fullname template. | `""` |
|
| `coordinating.serviceAccount.name` | Name of the service account to use. If not set and create is true, a name is generated using the fullname template. | `""` |
|
||||||
| `coordinating.serviceAccount.automountServiceAccountToken` | Automount service account token for the server service account | `false` |
|
| `coordinating.serviceAccount.automountServiceAccountToken` | Automount service account token for the server service account | `false` |
|
||||||
| `coordinating.serviceAccount.annotations` | Annotations for service account. Evaluated as a template. Only used if `create` is `true`. | `{}` |
|
| `coordinating.serviceAccount.annotations` | Annotations for service account. Evaluated as a template. Only used if `create` is `true`. | `{}` |
|
||||||
| `coordinating.networkPolicy.enabled` | Enable creation of NetworkPolicy resources | `false` |
|
| `coordinating.networkPolicy.enabled` | Enable creation of NetworkPolicy resources | `true` |
|
||||||
| `coordinating.networkPolicy.allowExternal` | The Policy model to apply | `true` |
|
| `coordinating.networkPolicy.allowExternal` | The Policy model to apply | `true` |
|
||||||
|
| `coordinating.networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` |
|
||||||
| `coordinating.networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolicy | `[]` |
|
| `coordinating.networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolicy | `[]` |
|
||||||
| `coordinating.networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` |
|
| `coordinating.networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` |
|
||||||
| `coordinating.networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` |
|
| `coordinating.networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` |
|
||||||
@@ -592,8 +595,9 @@ helm delete --purge my-release
|
|||||||
| `ingest.serviceAccount.name` | Name of the service account to use. If not set and create is true, a name is generated using the fullname template. | `""` |
|
| `ingest.serviceAccount.name` | Name of the service account to use. If not set and create is true, a name is generated using the fullname template. | `""` |
|
||||||
| `ingest.serviceAccount.automountServiceAccountToken` | Automount service account token for the server service account | `false` |
|
| `ingest.serviceAccount.automountServiceAccountToken` | Automount service account token for the server service account | `false` |
|
||||||
| `ingest.serviceAccount.annotations` | Annotations for service account. Evaluated as a template. Only used if `create` is `true`. | `{}` |
|
| `ingest.serviceAccount.annotations` | Annotations for service account. Evaluated as a template. Only used if `create` is `true`. | `{}` |
|
||||||
| `ingest.networkPolicy.enabled` | Enable creation of NetworkPolicy resources | `false` |
|
| `ingest.networkPolicy.enabled` | Enable creation of NetworkPolicy resources | `true` |
|
||||||
| `ingest.networkPolicy.allowExternal` | The Policy model to apply | `true` |
|
| `ingest.networkPolicy.allowExternal` | The Policy model to apply | `true` |
|
||||||
|
| `ingest.networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` |
|
||||||
| `ingest.networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolicy | `[]` |
|
| `ingest.networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolicy | `[]` |
|
||||||
| `ingest.networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` |
|
| `ingest.networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` |
|
||||||
| `ingest.networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` |
|
| `ingest.networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` |
|
||||||
@@ -773,8 +777,9 @@ helm delete --purge my-release
|
|||||||
| `dashboards.serviceAccount.name` | Name of the service account to use. If not set and create is true, a name is generated using the fullname template. | `""` |
|
| `dashboards.serviceAccount.name` | Name of the service account to use. If not set and create is true, a name is generated using the fullname template. | `""` |
|
||||||
| `dashboards.serviceAccount.automountServiceAccountToken` | Automount service account token for the server service account | `false` |
|
| `dashboards.serviceAccount.automountServiceAccountToken` | Automount service account token for the server service account | `false` |
|
||||||
| `dashboards.serviceAccount.annotations` | Annotations for service account. Evaluated as a template. Only used if `create` is `true`. | `{}` |
|
| `dashboards.serviceAccount.annotations` | Annotations for service account. Evaluated as a template. Only used if `create` is `true`. | `{}` |
|
||||||
| `dashboards.networkPolicy.enabled` | Enable creation of NetworkPolicy resources | `false` |
|
| `dashboards.networkPolicy.enabled` | Enable creation of NetworkPolicy resources | `true` |
|
||||||
| `dashboards.networkPolicy.allowExternal` | The Policy model to apply | `true` |
|
| `dashboards.networkPolicy.allowExternal` | The Policy model to apply | `true` |
|
||||||
|
| `dashboards.networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` |
|
||||||
| `dashboards.networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolicy | `[]` |
|
| `dashboards.networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolicy | `[]` |
|
||||||
| `dashboards.networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` |
|
| `dashboards.networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` |
|
||||||
| `dashboards.networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` |
|
| `dashboards.networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` |
|
||||||
|
|||||||
@@ -23,6 +23,10 @@ spec:
|
|||||||
policyTypes:
|
policyTypes:
|
||||||
- Ingress
|
- Ingress
|
||||||
- Egress
|
- Egress
|
||||||
|
{{- if .Values.coordinating.networkPolicy.allowExternalEgress }}
|
||||||
|
egress:
|
||||||
|
- {}
|
||||||
|
{{- else }}
|
||||||
egress:
|
egress:
|
||||||
# Allow dns resolution
|
# Allow dns resolution
|
||||||
- ports:
|
- ports:
|
||||||
@@ -34,6 +38,8 @@ spec:
|
|||||||
- ports:
|
- ports:
|
||||||
- port: {{ .Values.service.ports.restAPI }}
|
- port: {{ .Values.service.ports.restAPI }}
|
||||||
- port: {{ .Values.service.ports.transport }}
|
- port: {{ .Values.service.ports.transport }}
|
||||||
|
- port: {{ .Values.containerPorts.restAPI }}
|
||||||
|
- port: {{ .Values.containerPorts.transport }}
|
||||||
- port: {{ .Values.dashboards.service.ports.http }}
|
- port: {{ .Values.dashboards.service.ports.http }}
|
||||||
to:
|
to:
|
||||||
- podSelector:
|
- podSelector:
|
||||||
@@ -41,10 +47,11 @@ spec:
|
|||||||
{{- if .Values.coordinating.networkPolicy.extraEgress }}
|
{{- if .Values.coordinating.networkPolicy.extraEgress }}
|
||||||
{{- include "common.tplvalues.render" ( dict "value" .Values.coordinating.networkPolicy.extraEgress "context" $ ) | nindent 4 }}
|
{{- include "common.tplvalues.render" ( dict "value" .Values.coordinating.networkPolicy.extraEgress "context" $ ) | nindent 4 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
ingress:
|
ingress:
|
||||||
- ports:
|
- ports:
|
||||||
- port: {{ .Values.service.ports.restAPI }}
|
- port: {{ .Values.containerPorts.restAPI }}
|
||||||
- port: {{ .Values.service.ports.transport }}
|
- port: {{ .Values.containerPorts.transport }}
|
||||||
{{- if not .Values.coordinating.networkPolicy.allowExternal }}
|
{{- if not .Values.coordinating.networkPolicy.allowExternal }}
|
||||||
from:
|
from:
|
||||||
- podSelector:
|
- podSelector:
|
||||||
|
|||||||
@@ -23,6 +23,10 @@ spec:
|
|||||||
policyTypes:
|
policyTypes:
|
||||||
- Ingress
|
- Ingress
|
||||||
- Egress
|
- Egress
|
||||||
|
{{- if .Values.dashboards.networkPolicy.allowExternalEgress }}
|
||||||
|
egress:
|
||||||
|
- {}
|
||||||
|
{{- else }}
|
||||||
egress:
|
egress:
|
||||||
# Allow dns resolution
|
# Allow dns resolution
|
||||||
- ports:
|
- ports:
|
||||||
@@ -34,6 +38,8 @@ spec:
|
|||||||
- ports:
|
- ports:
|
||||||
- port: {{ .Values.service.ports.restAPI }}
|
- port: {{ .Values.service.ports.restAPI }}
|
||||||
- port: {{ .Values.service.ports.transport }}
|
- port: {{ .Values.service.ports.transport }}
|
||||||
|
- port: {{ .Values.containerPorts.restAPI }}
|
||||||
|
- port: {{ .Values.containerPorts.transport }}
|
||||||
- port: {{ .Values.dashboards.service.ports.http }}
|
- port: {{ .Values.dashboards.service.ports.http }}
|
||||||
to:
|
to:
|
||||||
- podSelector:
|
- podSelector:
|
||||||
@@ -41,10 +47,10 @@ spec:
|
|||||||
{{- if .Values.dashboards.networkPolicy.extraEgress }}
|
{{- if .Values.dashboards.networkPolicy.extraEgress }}
|
||||||
{{- include "common.tplvalues.render" ( dict "value" .Values.dashboards.networkPolicy.extraEgress "context" $ ) | nindent 4 }}
|
{{- include "common.tplvalues.render" ( dict "value" .Values.dashboards.networkPolicy.extraEgress "context" $ ) | nindent 4 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
ingress:
|
ingress:
|
||||||
- ports:
|
- ports:
|
||||||
- port: {{ .Values.service.ports.restAPI }}
|
- port: {{ .Values.dashboards.containerPorts.http }}
|
||||||
- port: {{ .Values.service.ports.transport }}
|
|
||||||
{{- if not .Values.dashboards.networkPolicy.allowExternal }}
|
{{- if not .Values.dashboards.networkPolicy.allowExternal }}
|
||||||
from:
|
from:
|
||||||
- podSelector:
|
- podSelector:
|
||||||
|
|||||||
@@ -23,6 +23,10 @@ spec:
|
|||||||
policyTypes:
|
policyTypes:
|
||||||
- Ingress
|
- Ingress
|
||||||
- Egress
|
- Egress
|
||||||
|
{{- if .Values.data.networkPolicy.allowExternalEgress }}
|
||||||
|
egress:
|
||||||
|
- {}
|
||||||
|
{{- else }}
|
||||||
egress:
|
egress:
|
||||||
# Allow dns resolution
|
# Allow dns resolution
|
||||||
- ports:
|
- ports:
|
||||||
@@ -34,6 +38,8 @@ spec:
|
|||||||
- ports:
|
- ports:
|
||||||
- port: {{ .Values.service.ports.restAPI }}
|
- port: {{ .Values.service.ports.restAPI }}
|
||||||
- port: {{ .Values.service.ports.transport }}
|
- port: {{ .Values.service.ports.transport }}
|
||||||
|
- port: {{ .Values.containerPorts.restAPI }}
|
||||||
|
- port: {{ .Values.containerPorts.transport }}
|
||||||
- port: {{ .Values.dashboards.service.ports.http }}
|
- port: {{ .Values.dashboards.service.ports.http }}
|
||||||
to:
|
to:
|
||||||
- podSelector:
|
- podSelector:
|
||||||
@@ -41,10 +47,11 @@ spec:
|
|||||||
{{- if .Values.data.networkPolicy.extraEgress }}
|
{{- if .Values.data.networkPolicy.extraEgress }}
|
||||||
{{- include "common.tplvalues.render" ( dict "value" .Values.data.networkPolicy.extraEgress "context" $ ) | nindent 4 }}
|
{{- include "common.tplvalues.render" ( dict "value" .Values.data.networkPolicy.extraEgress "context" $ ) | nindent 4 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
ingress:
|
ingress:
|
||||||
- ports:
|
- ports:
|
||||||
- port: {{ .Values.service.ports.restAPI }}
|
- port: {{ .Values.containerPorts.restAPI }}
|
||||||
- port: {{ .Values.service.ports.transport }}
|
- port: {{ .Values.containerPorts.transport }}
|
||||||
{{- if not .Values.data.networkPolicy.allowExternal }}
|
{{- if not .Values.data.networkPolicy.allowExternal }}
|
||||||
from:
|
from:
|
||||||
- podSelector:
|
- podSelector:
|
||||||
|
|||||||
@@ -23,6 +23,10 @@ spec:
|
|||||||
policyTypes:
|
policyTypes:
|
||||||
- Ingress
|
- Ingress
|
||||||
- Egress
|
- Egress
|
||||||
|
{{- if .Values.ingest.networkPolicy.allowExternalEgress }}
|
||||||
|
egress:
|
||||||
|
- {}
|
||||||
|
{{- else }}
|
||||||
egress:
|
egress:
|
||||||
# Allow dns resolution
|
# Allow dns resolution
|
||||||
- ports:
|
- ports:
|
||||||
@@ -34,6 +38,8 @@ spec:
|
|||||||
- ports:
|
- ports:
|
||||||
- port: {{ .Values.service.ports.restAPI }}
|
- port: {{ .Values.service.ports.restAPI }}
|
||||||
- port: {{ .Values.service.ports.transport }}
|
- port: {{ .Values.service.ports.transport }}
|
||||||
|
- port: {{ .Values.containerPorts.restAPI }}
|
||||||
|
- port: {{ .Values.containerPorts.transport }}
|
||||||
- port: {{ .Values.dashboards.service.ports.http }}
|
- port: {{ .Values.dashboards.service.ports.http }}
|
||||||
to:
|
to:
|
||||||
- podSelector:
|
- podSelector:
|
||||||
@@ -41,10 +47,11 @@ spec:
|
|||||||
{{- if .Values.ingest.networkPolicy.extraEgress }}
|
{{- if .Values.ingest.networkPolicy.extraEgress }}
|
||||||
{{- include "common.tplvalues.render" ( dict "value" .Values.ingest.networkPolicy.extraEgress "context" $ ) | nindent 4 }}
|
{{- include "common.tplvalues.render" ( dict "value" .Values.ingest.networkPolicy.extraEgress "context" $ ) | nindent 4 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
ingress:
|
ingress:
|
||||||
- ports:
|
- ports:
|
||||||
- port: {{ .Values.service.ports.restAPI }}
|
- port: {{ .Values.containerPorts.restAPI }}
|
||||||
- port: {{ .Values.service.ports.transport }}
|
- port: {{ .Values.containerPorts.transport }}
|
||||||
{{- if not .Values.ingest.networkPolicy.allowExternal }}
|
{{- if not .Values.ingest.networkPolicy.allowExternal }}
|
||||||
from:
|
from:
|
||||||
- podSelector:
|
- podSelector:
|
||||||
|
|||||||
@@ -23,6 +23,10 @@ spec:
|
|||||||
policyTypes:
|
policyTypes:
|
||||||
- Ingress
|
- Ingress
|
||||||
- Egress
|
- Egress
|
||||||
|
{{- if .Values.master.networkPolicy.allowExternalEgress }}
|
||||||
|
egress:
|
||||||
|
- {}
|
||||||
|
{{- else }}
|
||||||
egress:
|
egress:
|
||||||
# Allow dns resolution
|
# Allow dns resolution
|
||||||
- ports:
|
- ports:
|
||||||
@@ -34,6 +38,8 @@ spec:
|
|||||||
- ports:
|
- ports:
|
||||||
- port: {{ .Values.service.ports.restAPI }}
|
- port: {{ .Values.service.ports.restAPI }}
|
||||||
- port: {{ .Values.service.ports.transport }}
|
- port: {{ .Values.service.ports.transport }}
|
||||||
|
- port: {{ .Values.containerPorts.restAPI }}
|
||||||
|
- port: {{ .Values.containerPorts.transport }}
|
||||||
- port: {{ .Values.dashboards.service.ports.http }}
|
- port: {{ .Values.dashboards.service.ports.http }}
|
||||||
to:
|
to:
|
||||||
- podSelector:
|
- podSelector:
|
||||||
@@ -41,10 +47,11 @@ spec:
|
|||||||
{{- if .Values.master.networkPolicy.extraEgress }}
|
{{- if .Values.master.networkPolicy.extraEgress }}
|
||||||
{{- include "common.tplvalues.render" ( dict "value" .Values.master.networkPolicy.extraEgress "context" $ ) | nindent 4 }}
|
{{- include "common.tplvalues.render" ( dict "value" .Values.master.networkPolicy.extraEgress "context" $ ) | nindent 4 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
ingress:
|
ingress:
|
||||||
- ports:
|
- ports:
|
||||||
- port: {{ .Values.service.ports.restAPI }}
|
- port: {{ .Values.containerPorts.restAPI }}
|
||||||
- port: {{ .Values.service.ports.transport }}
|
- port: {{ .Values.containerPorts.transport }}
|
||||||
{{- if not .Values.master.networkPolicy.allowExternal }}
|
{{- if not .Values.master.networkPolicy.allowExternal }}
|
||||||
from:
|
from:
|
||||||
- podSelector:
|
- podSelector:
|
||||||
|
|||||||
@@ -840,12 +840,15 @@ master:
|
|||||||
networkPolicy:
|
networkPolicy:
|
||||||
## @param master.networkPolicy.enabled Enable creation of NetworkPolicy resources
|
## @param master.networkPolicy.enabled Enable creation of NetworkPolicy resources
|
||||||
##
|
##
|
||||||
enabled: false
|
enabled: true
|
||||||
## @param master.networkPolicy.allowExternal The Policy model to apply
|
## @param master.networkPolicy.allowExternal The Policy model to apply
|
||||||
## When set to false, only pods with the correct client label will have network access to the ports Keycloak is
|
## When set to false, only pods with the correct client label will have network access to the ports Keycloak is
|
||||||
## listening on. When true, Keycloak will accept connections from any source (with the correct destination port).
|
## listening on. When true, Keycloak will accept connections from any source (with the correct destination port).
|
||||||
##
|
##
|
||||||
allowExternal: true
|
allowExternal: true
|
||||||
|
## @param master.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations.
|
||||||
|
##
|
||||||
|
allowExternalEgress: true
|
||||||
## @param master.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy
|
## @param master.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy
|
||||||
## e.g:
|
## e.g:
|
||||||
## extraIngress:
|
## extraIngress:
|
||||||
@@ -1251,12 +1254,15 @@ data:
|
|||||||
networkPolicy:
|
networkPolicy:
|
||||||
## @param data.networkPolicy.enabled Enable creation of NetworkPolicy resources
|
## @param data.networkPolicy.enabled Enable creation of NetworkPolicy resources
|
||||||
##
|
##
|
||||||
enabled: false
|
enabled: true
|
||||||
## @param data.networkPolicy.allowExternal The Policy model to apply
|
## @param data.networkPolicy.allowExternal The Policy model to apply
|
||||||
## When set to false, only pods with the correct client label will have network access to the ports Keycloak is
|
## When set to false, only pods with the correct client label will have network access to the ports Keycloak is
|
||||||
## listening on. When true, Keycloak will accept connections from any source (with the correct destination port).
|
## listening on. When true, Keycloak will accept connections from any source (with the correct destination port).
|
||||||
##
|
##
|
||||||
allowExternal: true
|
allowExternal: true
|
||||||
|
## @param data.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations.
|
||||||
|
##
|
||||||
|
allowExternalEgress: true
|
||||||
## @param data.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy
|
## @param data.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy
|
||||||
## e.g:
|
## e.g:
|
||||||
## extraIngress:
|
## extraIngress:
|
||||||
@@ -1624,12 +1630,15 @@ coordinating:
|
|||||||
networkPolicy:
|
networkPolicy:
|
||||||
## @param coordinating.networkPolicy.enabled Enable creation of NetworkPolicy resources
|
## @param coordinating.networkPolicy.enabled Enable creation of NetworkPolicy resources
|
||||||
##
|
##
|
||||||
enabled: false
|
enabled: true
|
||||||
## @param coordinating.networkPolicy.allowExternal The Policy model to apply
|
## @param coordinating.networkPolicy.allowExternal The Policy model to apply
|
||||||
## When set to false, only pods with the correct client label will have network access to the ports Keycloak is
|
## When set to false, only pods with the correct client label will have network access to the ports Keycloak is
|
||||||
## listening on. When true, Keycloak will accept connections from any source (with the correct destination port).
|
## listening on. When true, Keycloak will accept connections from any source (with the correct destination port).
|
||||||
##
|
##
|
||||||
allowExternal: true
|
allowExternal: true
|
||||||
|
## @param coordinating.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations.
|
||||||
|
##
|
||||||
|
allowExternalEgress: true
|
||||||
## @param coordinating.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy
|
## @param coordinating.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy
|
||||||
## e.g:
|
## e.g:
|
||||||
## extraIngress:
|
## extraIngress:
|
||||||
@@ -1999,12 +2008,15 @@ ingest:
|
|||||||
networkPolicy:
|
networkPolicy:
|
||||||
## @param ingest.networkPolicy.enabled Enable creation of NetworkPolicy resources
|
## @param ingest.networkPolicy.enabled Enable creation of NetworkPolicy resources
|
||||||
##
|
##
|
||||||
enabled: false
|
enabled: true
|
||||||
## @param ingest.networkPolicy.allowExternal The Policy model to apply
|
## @param ingest.networkPolicy.allowExternal The Policy model to apply
|
||||||
## When set to false, only pods with the correct client label will have network access to the ports Keycloak is
|
## When set to false, only pods with the correct client label will have network access to the ports Keycloak is
|
||||||
## listening on. When true, Keycloak will accept connections from any source (with the correct destination port).
|
## listening on. When true, Keycloak will accept connections from any source (with the correct destination port).
|
||||||
##
|
##
|
||||||
allowExternal: true
|
allowExternal: true
|
||||||
|
## @param ingest.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations.
|
||||||
|
##
|
||||||
|
allowExternalEgress: true
|
||||||
## @param ingest.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy
|
## @param ingest.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy
|
||||||
## e.g:
|
## e.g:
|
||||||
## extraIngress:
|
## extraIngress:
|
||||||
@@ -2825,12 +2837,15 @@ dashboards:
|
|||||||
networkPolicy:
|
networkPolicy:
|
||||||
## @param dashboards.networkPolicy.enabled Enable creation of NetworkPolicy resources
|
## @param dashboards.networkPolicy.enabled Enable creation of NetworkPolicy resources
|
||||||
##
|
##
|
||||||
enabled: false
|
enabled: true
|
||||||
## @param dashboards.networkPolicy.allowExternal The Policy model to apply
|
## @param dashboards.networkPolicy.allowExternal The Policy model to apply
|
||||||
## When set to false, only pods with the correct client label will have network access to the ports Keycloak is
|
## When set to false, only pods with the correct client label will have network access to the ports Keycloak is
|
||||||
## listening on. When true, Keycloak will accept connections from any source (with the correct destination port).
|
## listening on. When true, Keycloak will accept connections from any source (with the correct destination port).
|
||||||
##
|
##
|
||||||
allowExternal: true
|
allowExternal: true
|
||||||
|
## @param dashboards.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations.
|
||||||
|
##
|
||||||
|
allowExternalEgress: true
|
||||||
## @param dashboards.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy
|
## @param dashboards.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy
|
||||||
## e.g:
|
## e.g:
|
||||||
## extraIngress:
|
## extraIngress:
|
||||||
|
|||||||
Reference in New Issue
Block a user