mirror of
https://github.com/bitnami/charts.git
synced 2026-03-29 16:27:11 +08:00
9a2eba284f
* Fixed bug/typo in datanode networkpolicy.yaml for egress Fixed typo in the datanode networkpolicy.yaml, which is missing the networkPolicy key in the hierarchical key structure for getting the allowExternalEgress value from the milvus values.yaml file, for setting egress network policy in datanode pod. Signed-off-by: rakesh-upadhyay1 <rakesh.upadhyay1@ibm.com> * Updated milvus chart version to 9.0.8 in Chart.yaml Updated milvus chart version to 9.0.8 in Chart.yaml Signed-off-by: rakesh-upadhyay1 <rakesh.upadhyay1@ibm.com> * Update CHANGELOG.md Signed-off-by: Bitnami Containers <bitnami-bot@vmware.com> * Update Chart.yaml Release 9.0.9 Update Chart.yaml Release 9.0.9 Signed-off-by: rakesh-upadhyay1 <rakesh.upadhyay1@ibm.com> * Update CHANGELOG.md Signed-off-by: Bitnami Containers <bitnami-bot@vmware.com> * Update CHANGELOG.md Signed-off-by: Bitnami Containers <bitnami-bot@vmware.com> --------- Signed-off-by: rakesh-upadhyay1 <rakesh.upadhyay1@ibm.com> Signed-off-by: Bitnami Containers <bitnami-bot@vmware.com> Co-authored-by: Bitnami Containers <bitnami-bot@vmware.com>
120 lines
4.8 KiB
YAML
120 lines
4.8 KiB
YAML
{{- /*
|
|
Copyright Broadcom, Inc. All Rights Reserved.
|
|
SPDX-License-Identifier: APACHE-2.0
|
|
*/}}
|
|
|
|
{{- if .Values.dataNode.networkPolicy.enabled }}
|
|
kind: NetworkPolicy
|
|
apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }}
|
|
metadata:
|
|
name: {{ template "milvus.data-node.fullname" . }}
|
|
namespace: {{ include "common.names.namespace" . | quote }}
|
|
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
|
|
app.kubernetes.io/part-of: milvus
|
|
app.kubernetes.io/component: data-node
|
|
{{- if .Values.commonAnnotations }}
|
|
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
|
|
{{- end }}
|
|
spec:
|
|
{{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.dataNode.podLabels .Values.commonLabels ) "context" . ) }}
|
|
podSelector:
|
|
matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }}
|
|
app.kubernetes.io/part-of: milvus
|
|
app.kubernetes.io/component: data-node
|
|
policyTypes:
|
|
- Ingress
|
|
- Egress
|
|
{{- if .Values.dataNode.networkPolicy.allowExternalEgress }}
|
|
egress:
|
|
- {}
|
|
{{- else }}
|
|
egress:
|
|
# Allow dns resolution
|
|
- ports:
|
|
- port: 53
|
|
protocol: UDP
|
|
- port: 53
|
|
protocol: TCP
|
|
# Allow outbound connections to other cluster pods
|
|
- ports:
|
|
- port: {{ .Values.queryCoord.containerPorts.grpc }}
|
|
- port: {{ .Values.dataCoord.containerPorts.grpc }}
|
|
- port: {{ .Values.indexCoord.containerPorts.grpc }}
|
|
- port: {{ .Values.rootCoord.containerPorts.grpc }}
|
|
- port: {{ .Values.queryNode.containerPorts.grpc }}
|
|
- port: {{ .Values.dataNode.containerPorts.grpc }}
|
|
- port: {{ .Values.indexNode.containerPorts.grpc }}
|
|
- port: {{ .Values.proxy.containerPorts.grpc }}
|
|
- port: {{ .Values.proxy.containerPorts.grpcInternal }}
|
|
to:
|
|
- podSelector:
|
|
matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 14 }}
|
|
# Allow outbound connections to S3
|
|
- ports:
|
|
- port: {{ include "milvus.s3.port" . }}
|
|
{{- if .Values.minio.enabled }}
|
|
- port: {{ .Values.minio.containerPorts.api }}
|
|
to:
|
|
- podSelector:
|
|
matchLabels:
|
|
app.kubernetes.io/name: minio
|
|
app.kubernetes.io/instance: {{ .Release.Name }}
|
|
{{- end }}
|
|
# Allow outbound connections to etcd
|
|
- ports:
|
|
- port: {{ include "milvus.etcd.port" . }}
|
|
to:
|
|
{{- if .Values.etcd.enabled }}
|
|
- podSelector:
|
|
matchLabels:
|
|
app.kubernetes.io/name: etcd
|
|
app.kubernetes.io/instance: {{ .Release.Name }}
|
|
{{- end }}
|
|
# Allow outbound connections to kafka
|
|
- ports:
|
|
- port: {{ include "milvus.kafka.port" . }}
|
|
to:
|
|
{{- if .Values.kafka.enabled }}
|
|
- podSelector:
|
|
matchLabels:
|
|
app.kubernetes.io/name: kafka
|
|
app.kubernetes.io/instance: {{ .Release.Name }}
|
|
{{- end }}
|
|
{{- if .Values.dataNode.networkPolicy.extraEgress }}
|
|
{{- include "common.tplvalues.render" ( dict "value" .Values.dataNode.networkPolicy.extraEgress "context" $ ) | nindent 4 }}
|
|
{{- end }}
|
|
{{- end }}
|
|
ingress:
|
|
- ports:
|
|
- port: {{ .Values.dataNode.containerPorts.grpc }}
|
|
{{- if .Values.dataNode.metrics.enabled }}
|
|
- port: {{ .Values.dataNode.containerPorts.metrics }}
|
|
{{- end }}
|
|
{{- if not .Values.dataNode.networkPolicy.allowExternal }}
|
|
from:
|
|
- podSelector:
|
|
matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 14 }}
|
|
app.kubernetes.io/part-of: milvus
|
|
- podSelector:
|
|
matchLabels:
|
|
{{ template "common.names.fullname" . }}-client: "true"
|
|
{{- if .Values.dataNode.networkPolicy.ingressNSMatchLabels }}
|
|
- namespaceSelector:
|
|
matchLabels:
|
|
{{- range $key, $value := .Values.dataNode.networkPolicy.ingressNSMatchLabels }}
|
|
{{ $key | quote }}: {{ $value | quote }}
|
|
{{- end }}
|
|
{{- if .Values.dataNode.networkPolicy.ingressNSPodMatchLabels }}
|
|
podSelector:
|
|
matchLabels:
|
|
{{- range $key, $value := .Values.dataNode.networkPolicy.ingressNSPodMatchLabels }}
|
|
{{ $key | quote }}: {{ $value | quote }}
|
|
{{- end }}
|
|
{{- end }}
|
|
{{- end }}
|
|
{{- end }}
|
|
{{- if .Values.dataNode.networkPolicy.extraIngress }}
|
|
{{- include "common.tplvalues.render" ( dict "value" .Values.dataNode.networkPolicy.extraIngress "context" $ ) | nindent 4 }}
|
|
{{- end }}
|
|
{{- end }}
|