mirror of
https://github.com/bitnami/charts.git
synced 2026-03-08 08:47:24 +08:00
f92cfe08ee
The scope of this work is to add namesapce into all the templates used to generate the yaml files required to deploy all the components of this chart, if enabled. This pretty much replicate the work from the redis chart, with the adjustments required and all the parts dedicated to this chart completed. We migrated from the redis chart (using sentinel) and we noticed that this one was missing the namespace in the metadata object. We added it, tested it and it is running in our dev environment for a while, so we believe that this is correctly done. Also the tests and the template generated looks ok. We have generated a template with a "test-ns" namespace and all the components enabled, not completely filled, except for the ones that were affected by the scope of this work. We hope you like this work. The engineering YData team <developers@ydata.ai> Signed-off-by: Luís Portela Afonso <luis.portela@ydata.ai>
67 lines
2.4 KiB
YAML
67 lines
2.4 KiB
YAML
{{- if .Values.networkPolicy.enabled }}
|
|
kind: NetworkPolicy
|
|
apiVersion: {{ template "networkPolicy.apiVersion" . }}
|
|
metadata:
|
|
name: {{ template "common.names.fullname" . }}
|
|
labels: {{- include "common.labels.standard" . | nindent 4 }}
|
|
namespace: {{ .Release.Namespace | quote }}
|
|
{{- if .Values.commonLabels }}
|
|
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
|
|
{{- end }}
|
|
{{- if .Values.commonAnnotations }}
|
|
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
|
|
{{- end }}
|
|
spec:
|
|
podSelector:
|
|
matchLabels:
|
|
app.kubernetes.io/name: {{ template "common.names.name" . }}
|
|
app.kubernetes.io/instance: {{ .Release.Name }}
|
|
policyTypes:
|
|
- Ingress
|
|
- Egress
|
|
egress:
|
|
# Allow dns resolution
|
|
- ports:
|
|
- port: 53
|
|
protocol: UDP
|
|
# Allow outbound connections to other cluster pods
|
|
- ports:
|
|
- port: {{ .Values.redis.containerPorts.redis }}
|
|
- port: {{ .Values.redis.containerPorts.bus }}
|
|
to:
|
|
- podSelector:
|
|
matchLabels: {{- include "common.labels.matchLabels" . | nindent 14 }}
|
|
ingress:
|
|
# Allow inbound connections
|
|
- ports:
|
|
- port: {{ .Values.redis.containerPorts.redis }}
|
|
- port: {{ .Values.redis.containerPorts.bus }}
|
|
from:
|
|
{{- if not .Values.networkPolicy.allowExternal }}
|
|
- podSelector:
|
|
matchLabels:
|
|
{{ template "common.names.fullname" . }}-client: "true"
|
|
- podSelector:
|
|
matchLabels: {{- include "common.labels.matchLabels" . | nindent 14 }}
|
|
{{- end }}
|
|
{{- if .Values.networkPolicy.ingressNSMatchLabels }}
|
|
- namespaceSelector:
|
|
matchLabels:
|
|
{{- range $key, $value := .Values.networkPolicy.ingressNSMatchLabels }}
|
|
{{ $key | quote }}: {{ $value | quote }}
|
|
{{- end }}
|
|
{{- end }}
|
|
{{- if .Values.networkPolicy.ingressNSPodMatchLabels }}
|
|
- podSelector:
|
|
matchLabels:
|
|
{{- range $key, $value := .Values.networkPolicy.ingressNSPodMatchLabels }}
|
|
{{ $key | quote }}: {{ $value | quote }}
|
|
{{- end }}
|
|
{{- end }}
|
|
{{- if .Values.metrics.enabled }}
|
|
# Allow prometheus scrapes for metrics
|
|
- ports:
|
|
- port: 9121
|
|
{{- end }}
|
|
{{- end }}
|