Gitiles
Code Review Sign In
code.v1.dodo.cloud / pcloud / f9f0beec8492e05a459bd7080ad095b4cf9292bc / . / charts / gerrit / templates / netpol.yaml
blob: c0cbc4df5ec40d4518cfe25f46fefa51047e07ea [file] [log] [blame]
Giorgi Lekveishviliee15ee22024-03-28 12:35:10 +0400[diff] [blame]1{{ if .Values.networkPolicies.enabled -}}
2kind: NetworkPolicy
3apiVersion: networking.k8s.io/v1
4metadata:
5 name: {{ .Release.Name }}-default-deny-all
6 labels:
7 chart: {{ template "gerrit.chart" . }}
8 heritage: {{ .Release.Service }}
9 release: {{ .Release.Name }}
10 {{- if .Values.networkPolicies.additionalLabels }}
11{{ toYaml .Values.networkPolicies.additionalLabels | indent 4 }}
12 {{- end }}
13spec:
14 podSelector:
15 matchLabels:
16 chart: {{ template "gerrit.chart" . }}
17 release: {{ .Release.Name }}
18 policyTypes:
19 - Ingress
20 - Egress
21 ingress: []
22 egress: []
23---
24{{ if .Values.networkPolicies.dnsPorts -}}
25apiVersion: networking.k8s.io/v1
26kind: NetworkPolicy
27metadata:
28 name: {{ .Release.Name }}-allow-dns-access
29 labels:
30 chart: {{ template "gerrit.chart" . }}
31 heritage: {{ .Release.Service }}
32 release: {{ .Release.Name }}
33 {{- if .Values.networkPolicies.additionalLabels }}
34{{ toYaml .Values.networkPolicies.additionalLabels | indent 4 }}
35 {{- end }}
36spec:
37 podSelector:
38 matchLabels:
39 chart: {{ template "gerrit.chart" . }}
40 release: {{ .Release.Name }}
41 policyTypes:
42 - Egress
43 egress:
44 - ports:
45 {{ range .Values.networkPolicies.dnsPorts -}}
46 - port: {{ . }}
47 protocol: UDP
48 - port: {{ . }}
49 protocol: TCP
50 {{ end }}
51{{- end }}
52---
53kind: NetworkPolicy
54apiVersion: networking.k8s.io/v1
55metadata:
56 name: gerrit-allow-external
57 labels:
58 app.kubernetes.io/component: gerrit
59 app.kubernetes.io/instance: {{ .Release.Name }}
60 chart: {{ template "gerrit.chart" . }}
61 heritage: {{ .Release.Service }}
62 release: {{ .Release.Name }}
63spec:
64 podSelector:
65 matchLabels:
66 chart: {{ template "gerrit.chart" . }}
67 release: {{ .Release.Name }}
68 app.kubernetes.io/component: gerrit
69 app.kubernetes.io/instance: {{ .Release.Name }}
70 ingress:
71 - ports:
72 - port: 8080
73 from: []
74---
75{{ if or .Values.gerrit.networkPolicy.ingress -}}
76kind: NetworkPolicy
77apiVersion: networking.k8s.io/v1
78metadata:
79 name: gerrit-custom-ingress-policies
80 labels:
81 app.kubernetes.io/component: gerrit
82 app.kubernetes.io/instance: {{ .Release.Name }}
83 chart: {{ template "gerrit.chart" . }}
84 heritage: {{ .Release.Service }}
85 release: {{ .Release.Name }}
86spec:
87 policyTypes:
88 - Ingress
89 podSelector:
90 matchLabels:
91 chart: {{ template "gerrit.chart" . }}
92 release: {{ .Release.Name }}
93 app.kubernetes.io/component: gerrit
94 app.kubernetes.io/instance: {{ .Release.Name }}
95 ingress:
96{{ toYaml .Values.gerrit.networkPolicy.ingress | indent 2 }}
97{{- end }}
98---
99{{ if or .Values.gerrit.networkPolicy.egress -}}
100kind: NetworkPolicy
101apiVersion: networking.k8s.io/v1
102metadata:
103 name: gerrit-custom-egress-policies
104 labels:
105 app.kubernetes.io/component: gerrit
106 app.kubernetes.io/instance: {{ .Release.Name }}
107 chart: {{ template "gerrit.chart" . }}
108 heritage: {{ .Release.Service }}
109 release: {{ .Release.Name }}
110spec:
111 policyTypes:
112 - Egress
113 podSelector:
114 matchLabels:
115 chart: {{ template "gerrit.chart" . }}
116 release: {{ .Release.Name }}
117 app.kubernetes.io/component: gerrit
118 app.kubernetes.io/instance: {{ .Release.Name }}
119 egress:
120{{ toYaml .Values.gerrit.networkPolicy.egress | indent 2 }}
121{{- end }}
122{{- end }}