mirror of
https://github.com/bitnami/charts.git
synced 2026-03-29 16:27:11 +08:00
4c1954526f
* [bitnami/clickhouse-operator] feat: new chart Signed-off-by: juan131 <juan.ariza@broadcom.com> * Update CHANGELOG.md Signed-off-by: Bitnami Bot <bitnami.bot@broadcom.com> * Update README.md with readme-generator-for-helm Signed-off-by: Bitnami Bot <bitnami.bot@broadcom.com> * chore: add VIB skeleton Signed-off-by: juan131 <juan.ariza@broadcom.com> * feat: add parameters to customize config.d and users.d Signed-off-by: juan131 <juan.ariza@broadcom.com> * Update README.md with readme-generator-for-helm Signed-off-by: Bitnami Bot <bitnami.bot@broadcom.com> * docs: document missing README sections Signed-off-by: juan131 <juan.ariza@broadcom.com> * Update CHANGELOG.md Signed-off-by: Bitnami Bot <bitnami.bot@broadcom.com> * feat: vib runtime parameters Signed-off-by: juan131 <juan.ariza@broadcom.com> * bugfix: simplify keeper installation Signed-off-by: juan131 <juan.ariza@broadcom.com> * feat: vib with security context Signed-off-by: juan131 <juan.ariza@broadcom.com> * Update CHANGELOG.md Signed-off-by: Bitnami Bot <bitnami.bot@broadcom.com> * doc: update example in README Signed-off-by: juan131 <juan.ariza@broadcom.com> * ci: use BITNAMI_DEBUG, helpful if deployment fails Signed-off-by: juan131 <juan.ariza@broadcom.com> * feat: add suggestions from code review Signed-off-by: juan131 <juan.ariza@broadcom.com> * ci: fix expected data permissions Signed-off-by: juan131 <juan.ariza@broadcom.com> * bugfix: typos Signed-off-by: juan131 <juan.ariza@broadcom.com> --------- Signed-off-by: juan131 <juan.ariza@broadcom.com> Signed-off-by: Bitnami Bot <bitnami.bot@broadcom.com> Co-authored-by: Bitnami Bot <bitnami.bot@broadcom.com>
81 lines
3.4 KiB
YAML
81 lines
3.4 KiB
YAML
{{- /*
|
|
Copyright Broadcom, Inc. All Rights Reserved.
|
|
SPDX-License-Identifier: APACHE-2.0
|
|
*/}}
|
|
|
|
{{- if .Values.networkPolicy.enabled }}
|
|
kind: NetworkPolicy
|
|
apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }}
|
|
metadata:
|
|
name: {{ template "common.names.fullname" . }}
|
|
namespace: {{ include "common.names.namespace" . | quote }}
|
|
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
|
|
app.kubernetes.io/part-of: clickhouse-operator
|
|
app.kubernetes.io/component: operator
|
|
{{- if .Values.commonAnnotations }}
|
|
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
|
|
{{- end }}
|
|
spec:
|
|
{{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.podLabels .Values.commonLabels ) "context" . ) }}
|
|
podSelector:
|
|
matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }}
|
|
app.kubernetes.io/part-of: clickhouse-operator
|
|
app.kubernetes.io/component: operator
|
|
policyTypes:
|
|
- Ingress
|
|
- Egress
|
|
egress:
|
|
{{- if .Values.networkPolicy.allowExternalEgress }}
|
|
- {}
|
|
{{- else }}
|
|
- ports:
|
|
# Allow dns resolution
|
|
- port: 53
|
|
protocol: UDP
|
|
- port: 53
|
|
protocol: TCP
|
|
# Allow access to kube-apiserver
|
|
{{- range $port := .Values.networkPolicy.kubeAPIServerPorts }}
|
|
- port: {{ $port }}
|
|
{{- end }}
|
|
{{- if .Values.networkPolicy.extraEgress }}
|
|
{{- include "common.tplvalues.render" ( dict "value" .Values.networkPolicy.extraEgress "context" $ ) | nindent 4 }}
|
|
{{- end }}
|
|
{{- end }}
|
|
ingress:
|
|
- ports:
|
|
- port: {{ .Values.containerPorts.metrics }}
|
|
{{- if .Values.metrics.enabled }}
|
|
- port: {{ .Values.metrics.containerPorts.metrics }}
|
|
{{- end }}
|
|
{{- range .Values.extraContainerPorts }}
|
|
- port: {{ .containerPort }}
|
|
{{- end }}
|
|
{{- if not .Values.networkPolicy.allowExternal }}
|
|
from:
|
|
- podSelector:
|
|
matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 14 }}
|
|
{{- if .Values.networkPolicy.addExternalClientAccess }}
|
|
- podSelector:
|
|
matchLabels:
|
|
{{ template "common.names.fullname" . }}-client: "true"
|
|
{{- end }}
|
|
{{- if .Values.networkPolicy.ingressPodMatchLabels }}
|
|
- podSelector:
|
|
matchLabels: {{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.ingressPodMatchLabels "context" $ ) | nindent 14 }}
|
|
{{- end }}
|
|
{{- if .Values.networkPolicy.ingressNSMatchLabels }}
|
|
- namespaceSelector:
|
|
matchLabels: {{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.ingressNSMatchLabels "context" $ ) | nindent 14 }}
|
|
{{- if .Values.networkPolicy.ingressNSPodMatchLabels }}
|
|
podSelector:
|
|
matchLabels:
|
|
matchLabels: {{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.ingressNSPodMatchLabels "context" $ ) | nindent 14 }}
|
|
{{- end }}
|
|
{{- end }}
|
|
{{- end }}
|
|
{{- if .Values.networkPolicy.extraIngress }}
|
|
{{- include "common.tplvalues.render" ( dict "value" .Values.networkPolicy.extraIngress "context" $ ) | nindent 4 }}
|
|
{{- end }}
|
|
{{- end }}
|