sa_8001/dsk-devops-toolchains
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
8ba8012f68e27b236ac88bc42f0c5004a40bf6aa
dsk-devops-toolchains/helm/sonarqube/templates/networkpolicy.yaml
dsk-minchulahn d601d0f259 디렉토리 구조 및 각 서비스 추가
2024-01-03 17:29:11 +09:00

115 lines
3.0 KiB
YAML
Raw Blame History

{{- if .Values.networkPolicy.enabled }}
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: {{ template "sonarqube.fullname" . }}-network-policy
labels:
app: {{ template "sonarqube.name" . }}
chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
spec:
podSelector:
matchLabels:
app: {{ template "sonarqube.name" . }}
policyTypes:
- Ingress
- Egress
ingress:
- from:
- podSelector:
matchLabels:
app: {{ template "sonarqube.name" . }}
release: {{ .Release.Name }}
ports:
- port: {{ .Values.service.internalPort }}
{{ if .Values.prometheusExporter.enabled }}
- from:
- namespaceSelector:
matchLabels:
networking/namespace: {{ .Values.networkPolicy.prometheusNamespace }}
ports:
- port: {{ .Values.prometheusExporter.ceBeanPort }}
protocol: TCP
- port: {{ .Values.prometheusExporter.webBeanPort }}
protocol: TCP
{{ end }}
egress:
- to:
- namespaceSelector:
matchLabels:
networking/namespace: kube-system
podSelector:
matchLabels:
k8s-app: kube-dns
ports:
- port: 53
protocol: UDP
{{- if .Values.postgresql.enabled }}
- to:
- podSelector:
matchLabels:
app.kubernetes.io/name: postgresql
ports:
- port: 5432
protocol: TCP
{{- end }}
- to:
- ipBlock:
cidr: 0.0.0.0/0
{{- end -}}
{{ if and .Values.postgresql.enabled .Values.networkPolicy.enabled }}
---
kind: NetworkPolicy
apiVersion: networking.k8s.io/v1
metadata:
name: {{ template "sonarqube.fullname" . }}-database
labels:
app: {{ template "sonarqube.name" . }}
chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
spec:
podSelector:
matchLabels:
app.kubernetes.io/name: postgresql
policyTypes:
- Ingress
- Egress
ingress:
- from:
- podSelector:
matchLabels:
app: {{ template "sonarqube.name" . }}
ports:
- port: 5432
egress:
- to:
- namespaceSelector: {}
podSelector:
matchLabels:
k8s-app: kube-dns
ports:
- port: 53
protocol: UDP
{{- end }}
{{- if and .Values.networkPolicy.enabled .Values.networkPolicy.additionalNetworkPolicys }}
---
kind: NetworkPolicy
apiVersion: networking.k8s.io/v1
metadata:
name: {{ template "sonarqube.fullname" . }}-additional-network-policy
labels:
app: {{ template "sonarqube.name" . }}
chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
spec:
{{- with .Values.networkPolicy.additionalNetworkPolicys -}}
{{ toYaml . | nindent 2 }}
{{- end }}
{{- end -}}
Reference in New Issue View Git Blame Copy Permalink