mirror of
https://github.com/bitnami/charts.git
synced 2026-03-29 16:27:11 +08:00
44 lines
1.7 KiB
YAML
44 lines
1.7 KiB
YAML
{{- if .Values.networkPolicy.enabled }}
|
|
kind: NetworkPolicy
|
|
apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }}
|
|
metadata:
|
|
name: {{ printf "%s-controller" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" }}
|
|
namespace: {{ include "common.names.namespace" . | quote }}
|
|
labels: {{- include "common.labels.standard" . | nindent 4 }}
|
|
app.kubernetes.io/component: controller
|
|
{{- if .Values.commonLabels }}
|
|
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
|
|
{{- end }}
|
|
{{- if .Values.commonAnnotations }}
|
|
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
|
|
{{- end }}
|
|
spec:
|
|
podSelector:
|
|
matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }}
|
|
app.kubernetes.io/component: controller
|
|
policyTypes:
|
|
- Ingress
|
|
ingress:
|
|
# Allow prometheus scrapes for metrics and webhook traffic
|
|
- ports:
|
|
- port: {{ .Values.controller.containerPorts.metrics }}
|
|
protocol: TCP
|
|
- port: 9443
|
|
protocol: TCP
|
|
{{- if .Values.networkPolicy.ingressNSMatchLabels }}
|
|
from:
|
|
- namespaceSelector:
|
|
matchLabels:
|
|
{{- range $key, $value := .Values.networkPolicy.ingressNSMatchLabels }}
|
|
{{ $key | quote }}: {{ $value | quote }}
|
|
{{- end }}
|
|
{{- if .Values.networkPolicy.ingressNSPodMatchLabels }}
|
|
podSelector:
|
|
matchLabels:
|
|
{{- range $key, $value := .Values.networkPolicy.ingressNSPodMatchLabels }}
|
|
{{ $key | quote }}: {{ $value | quote }}
|
|
{{- end }}
|
|
{{- end }}
|
|
{{- end }}
|
|
{{- end }}
|