디렉토리 구조 및 각 서비스 추가

2024-01-03 17:29:11 +09:00
parent 98de2a7627
commit d601d0f259
1632 changed files with 207616 additions and 1 deletions
--- a/helm/sonarqube/templates/networkpolicy.yaml
+++ b/helm/sonarqube/templates/networkpolicy.yaml
@@ -0,0 +1,114 @@
+{{- if .Values.networkPolicy.enabled }}
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "sonarqube.fullname" . }}-network-policy
+  labels:
+    app: {{ template "sonarqube.name" . }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+spec:
+  podSelector:
+    matchLabels:
+      app: {{ template "sonarqube.name" . }}
+  policyTypes:
+    - Ingress
+    - Egress
+  ingress:
+    - from:
+        - podSelector:
+            matchLabels:
+              app: {{ template "sonarqube.name" . }}
+              release: {{ .Release.Name }}
+      ports:
+        - port: {{ .Values.service.internalPort }}
+{{ if .Values.prometheusExporter.enabled }}
+    - from:
+        - namespaceSelector:
+            matchLabels:
+              networking/namespace: {{ .Values.networkPolicy.prometheusNamespace }}
+      ports:
+        - port: {{ .Values.prometheusExporter.ceBeanPort }}
+          protocol: TCP
+        - port: {{ .Values.prometheusExporter.webBeanPort }}
+          protocol: TCP
+{{ end }}
+  egress:
+    - to:
+        - namespaceSelector:
+            matchLabels:
+              networking/namespace: kube-system
+          podSelector:
+            matchLabels:
+              k8s-app: kube-dns
+      ports:
+        - port: 53
+          protocol: UDP
+{{- if .Values.postgresql.enabled }}
+    - to:
+        - podSelector:
+            matchLabels:
+              app.kubernetes.io/name: postgresql
+      ports:
+        - port: 5432
+          protocol: TCP
+{{- end }}
+    - to:
+        - ipBlock:
+            cidr: 0.0.0.0/0
+{{- end -}}
+
+{{ if and .Values.postgresql.enabled .Values.networkPolicy.enabled }}
+---
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+  name: {{ template "sonarqube.fullname" . }}-database
+  labels:
+    app: {{ template "sonarqube.name" . }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: postgresql
+  policyTypes:
+    - Ingress
+    - Egress
+  ingress:
+    - from:
+        - podSelector:
+            matchLabels:
+              app: {{ template "sonarqube.name" . }}
+      ports:
+        - port: 5432
+  egress:
+    - to:
+        - namespaceSelector: {}
+          podSelector:
+            matchLabels:
+              k8s-app: kube-dns
+      ports:
+        - port: 53
+          protocol: UDP
+{{- end }}
+
+{{- if and .Values.networkPolicy.enabled .Values.networkPolicy.additionalNetworkPolicys }}
+---
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+  name: {{ template "sonarqube.fullname" . }}-additional-network-policy
+  labels:
+    app: {{ template "sonarqube.name" . }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+spec:
+{{- with .Values.networkPolicy.additionalNetworkPolicys -}}
+{{ toYaml . | nindent 2 }}
+{{- end }}
+{{- end -}}