added configurable ingress network policy to helm chart

imuni4fun · Dec 20, 2024 · b7f200a · b7f200a
1 parent f2eb0cb
commit b7f200a
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 6 deletions.
diff --git a/charts/oneShotMetricsServer/templates/networkpolicy.yaml b/charts/oneShotMetricsServer/templates/networkpolicy.yaml
@@ -1,4 +1,4 @@
-{{ if .Values.netpol.generate }}
+{{ if ((.Values.netpol).generate) | default false }}
 apiVersion: networking.k8s.io/v1
 kind: NetworkPolicy
 metadata:
@@ -12,9 +12,16 @@ spec:
     - namespaceSelector:
         matchLabels:
           name: {{ .Values.serviceNamespace | required "serviceNamespace is required" }}
-  podSelector:
-    matchLabels:
-      app.kubernetes.io/name: {{ .Values.serviceName | required "serviceName is required" }}
+    {{- range $ns := (.Values.netpol.ingress).allowedNamespaceMatchLabels }}
+    - namespaceSelector:
+        matchLabels:
+          name: {{ $ns | required "netpol.ingress.allowedNamespaceMatchLabels must be valid" }}
+    {{- end }}
+    {{- range $ns := (.Values.netpol.ingress).allowedPodMatchLabels }}
+    - podSelector:
+        matchLabels:
+          name: {{ $ns | required "netpol.ingress.allowedPodMatchLabels must be valid" }}
+    {{- end }}
   policyTypes:
   - Ingress
 {{ end }}
diff --git a/charts/oneShotMetricsServer/values.yaml b/charts/oneShotMetricsServer/values.yaml
@@ -24,5 +24,7 @@ service:
 
 netpol:
   generate: true
-  from:
-
+  ingress:
+    allowedNamespaceMatchLabels: []
+    allowedPodMatchLabels: []
+