From b7f200aa590bc80875102c835133a70654cb07f4 Mon Sep 17 00:00:00 2001 From: Jason Keller Date: Thu, 19 Dec 2024 22:02:53 -0500 Subject: [PATCH] added configurable ingress network policy to helm chart --- .../templates/networkpolicy.yaml | 15 +++++++++++---- charts/oneShotMetricsServer/values.yaml | 6 ++++-- 2 files changed, 15 insertions(+), 6 deletions(-) diff --git a/charts/oneShotMetricsServer/templates/networkpolicy.yaml b/charts/oneShotMetricsServer/templates/networkpolicy.yaml index 8f266e4..a563cb8 100644 --- a/charts/oneShotMetricsServer/templates/networkpolicy.yaml +++ b/charts/oneShotMetricsServer/templates/networkpolicy.yaml @@ -1,4 +1,4 @@ -{{ if .Values.netpol.generate }} +{{ if ((.Values.netpol).generate) | default false }} apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: @@ -12,9 +12,16 @@ spec: - namespaceSelector: matchLabels: name: {{ .Values.serviceNamespace | required "serviceNamespace is required" }} - podSelector: - matchLabels: - app.kubernetes.io/name: {{ .Values.serviceName | required "serviceName is required" }} + {{- range $ns := (.Values.netpol.ingress).allowedNamespaceMatchLabels }} + - namespaceSelector: + matchLabels: + name: {{ $ns | required "netpol.ingress.allowedNamespaceMatchLabels must be valid" }} + {{- end }} + {{- range $ns := (.Values.netpol.ingress).allowedPodMatchLabels }} + - podSelector: + matchLabels: + name: {{ $ns | required "netpol.ingress.allowedPodMatchLabels must be valid" }} + {{- end }} policyTypes: - Ingress {{ end }} \ No newline at end of file diff --git a/charts/oneShotMetricsServer/values.yaml b/charts/oneShotMetricsServer/values.yaml index 3fa9589..8dbb1a5 100644 --- a/charts/oneShotMetricsServer/values.yaml +++ b/charts/oneShotMetricsServer/values.yaml @@ -24,5 +24,7 @@ service: netpol: generate: true - from: - + ingress: + allowedNamespaceMatchLabels: [] + allowedPodMatchLabels: [] + \ No newline at end of file