diff options
author | Lukasz Rajewski <lukasz.rajewski@t-mobile.pl> | 2024-03-11 15:39:30 +0000 |
---|---|---|
committer | Gerrit Code Review <gerrit@onap.org> | 2024-03-11 15:39:30 +0000 |
commit | fa01ec554cfa10cb1f9ec8be0c5530dd3f3ea50a (patch) | |
tree | 0f21b55af795554e19a745a4dcb0b063eb7ff18a /kubernetes/common/mongodb/templates/networkpolicy.yaml | |
parent | 9964927d8766c5c396ef2caf6f7aeb7494db279e (diff) | |
parent | cde4a784a593555c17146635dcc25013872cabc5 (diff) |
Merge "[MONGODB] Update to latest bitnami mongodb chart"
Diffstat (limited to 'kubernetes/common/mongodb/templates/networkpolicy.yaml')
-rw-r--r-- | kubernetes/common/mongodb/templates/networkpolicy.yaml | 83 |
1 files changed, 83 insertions, 0 deletions
diff --git a/kubernetes/common/mongodb/templates/networkpolicy.yaml b/kubernetes/common/mongodb/templates/networkpolicy.yaml new file mode 100644 index 0000000000..f6d62ca867 --- /dev/null +++ b/kubernetes/common/mongodb/templates/networkpolicy.yaml @@ -0,0 +1,83 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if .Values.networkPolicy.enabled }} +kind: NetworkPolicy +apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }} +metadata: + name: {{ include "mongodb.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.labels .Values.commonLabels ) "context" . ) }} + labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: mongodb + {{- if or .Values.annotations .Values.commonAnnotation }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.annotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.podLabels .Values.commonLabels ) "context" . ) }} + podSelector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} + app.kubernetes.io/component: mongodb + policyTypes: + - Ingress + - Egress + {{- if .Values.networkPolicy.allowExternalEgress }} + egress: + - {} + {{- else }} + egress: + # Allow dns resolution + - ports: + - port: 53 + protocol: UDP + - port: 53 + protocol: TCP + # Allow connection to other cluster pods + - ports: + - port: {{ .Values.containerPorts.mongodb }} + to: + - podSelector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 14 }} + {{- if .Values.networkPolicy.extraEgress }} + {{- include "common.tplvalues.render" ( dict "value" .Values.rts.networkPolicy.extraEgress "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} + ingress: + - ports: + - port: {{ .Values.containerPorts.mongodb }} + {{- if .Values.metrics.enabled }} + - port: {{ .Values.metrics.containerPort }} + {{- end }} + {{- if not .Values.networkPolicy.allowExternal }} + from: + - podSelector: + matchLabels: + {{ template "common.names.fullname" . }}-client: "true" + - podSelector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 14 }} + app.kubernetes.io/component: mongodb + {{- $ingressNSMatchLabels := coalesce .Values.networkPolicy.ingressNSMatchLabels .Values.networkPolicy.namespaceSelector }} + {{- if $ingressNSMatchLabels }} + - namespaceSelector: + matchLabels: + {{- range $key, $value := $ingressNSMatchLabels }} + {{ $key | quote }}: {{ $value | quote }} + {{- end }} + {{- $ingressNSPodMatchLabels := coalesce .Values.networkPolicy.ingressNSPodMatchLabels .Values.networkPolicy.podSelector }} + {{- if $ingressNSPodMatchLabels }} + podSelector: + matchLabels: + {{- range $key, $value := $ingressNSPodMatchLabels }} + {{ $key | quote }}: {{ $value | quote }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- $extraIngress := coalesce .Values.networkPolicy.extraIngress .Values.networkPolicy.customRules }} + {{- if $extraIngress }} + {{- include "common.tplvalues.render" ( dict "value" $extraIngress "context" $ ) | nindent 4 }} + {{- end }} +{{- end }}
\ No newline at end of file |