Blame - charts/jenkins/templates/jenkins-controller-networkpolicy.yaml - pcloud

blob: 82835f2bdad9fb132dea56baf70e5b24b3c3704f [file] [log] [blame]

Giorgi Lekveishvili	3598266	2024-04-05 13:05:40 +0400	[diff] [blame]	1	{{- if .Values.networkPolicy.enabled }}
				2	kind: NetworkPolicy
				3	apiVersion: {{ .Values.networkPolicy.apiVersion }}
				4	metadata:
				5	name: "{{ .Release.Name }}-{{ .Values.controller.componentName }}"
				6	namespace: {{ template "jenkins.namespace" . }}
				7	labels:
				8	"app.kubernetes.io/name": '{{ template "jenkins.name" .}}'
				9	{{- if .Values.renderHelmLabels }}
				10	"helm.sh/chart": "{{ template "jenkins.label" .}}"
				11	{{- end }}
				12	"app.kubernetes.io/managed-by": "{{ .Release.Service }}"
				13	"app.kubernetes.io/instance": "{{ .Release.Name }}"
				14	"app.kubernetes.io/component": "{{ .Values.controller.componentName }}"
				15	spec:
				16	podSelector:
				17	matchLabels:
				18	"app.kubernetes.io/component": "{{ .Values.controller.componentName }}"
				19	"app.kubernetes.io/instance": "{{ .Release.Name }}"
				20	ingress:
				21	# Allow web access to the UI
				22	- ports:
				23	- port: {{ .Values.controller.targetPort }}
				24	{{- if .Values.controller.agentListenerEnabled }}
				25	# Allow inbound connections from agents
				26	- from:
				27	{{- if .Values.networkPolicy.internalAgents.allowed }}
				28	- podSelector:
				29	matchLabels:
				30	"jenkins/{{ .Release.Name }}-{{ .Values.agent.componentName }}": "true"
				31	{{- range $k,$v:= .Values.networkPolicy.internalAgents.podLabels }}
				32	{{ $k }}: {{ $v }}
				33	{{- end }}
				34	{{- if .Values.networkPolicy.internalAgents.namespaceLabels }}
				35	namespaceSelector:
				36	matchLabels:
				37	{{- range $k,$v:= .Values.networkPolicy.internalAgents.namespaceLabels }}
				38	{{ $k }}: {{ $v }}
				39	{{- end }}
				40	{{- end }}
				41	{{- end }}
				42	{{- if or .Values.networkPolicy.externalAgents.ipCIDR .Values.networkPolicy.externalAgents.except }}
				43	- ipBlock:
				44	cidr: {{ required "ipCIDR is required if you wish to allow external agents to connect to Jenkins Controller." .Values.networkPolicy.externalAgents.ipCIDR }}
				45	{{- if .Values.networkPolicy.externalAgents.except }}
				46	except:
				47	{{- range .Values.networkPolicy.externalAgents.except }}
				48	- {{ . }}
				49	{{- end }}
				50	{{- end }}
				51	{{- end }}
				52	ports:
				53	- port: {{ .Values.controller.agentListenerPort }}
				54	{{- end }}
				55	{{- if .Values.agent.enabled }}
				56	---
				57	kind: NetworkPolicy
				58	apiVersion: {{ .Values.networkPolicy.apiVersion }}
				59	metadata:
				60	name: "{{ .Release.Name }}-{{ .Values.agent.componentName }}"
				61	namespace: {{ template "jenkins.namespace" . }}
				62	labels:
				63	"app.kubernetes.io/name": '{{ template "jenkins.name" .}}'
				64	{{- if .Values.renderHelmLabels }}
				65	"helm.sh/chart": "{{ template "jenkins.label" .}}"
				66	{{- end }}
				67	"app.kubernetes.io/managed-by": "{{ .Release.Service }}"
				68	"app.kubernetes.io/instance": "{{ .Release.Name }}"
				69	"app.kubernetes.io/component": "{{ .Values.controller.componentName }}"
				70	spec:
				71	podSelector:
				72	matchLabels:
				73	# DefaultDeny
				74	"jenkins/{{ .Release.Name }}-{{ .Values.agent.componentName }}": "true"
				75	{{- end }}
				76	{{- end }}