62 lines
1.7 KiB
YAML
62 lines
1.7 KiB
YAML
|
{{- if .Values.networkPolicy.enabled }}
|
||
|
|
apiVersion: networking.k8s.io/v1
|
||
|
|
kind: NetworkPolicy
|
||
|
|
metadata:
|
||
|
|
name: {{ include "grafana.fullname" . }}
|
||
|
|
namespace: {{ include "grafana.namespace" . }}
|
||
|
|
labels:
|
||
|
|
{{- include "grafana.labels" . | nindent 4 }}
|
||
|
|
{{- with .Values.labels }}
|
||
|
|
{{- toYaml . | nindent 4 }}
|
||
|
|
{{- end }}
|
||
|
|
{{- with .Values.annotations }}
|
||
|
|
annotations:
|
||
|
|
{{- toYaml . | nindent 4 }}
|
||
|
|
{{- end }}
|
||
|
|
spec:
|
||
|
|
policyTypes:
|
||
|
|
{{- if .Values.networkPolicy.ingress }}
|
||
|
|
- Ingress
|
||
|
|
{{- end }}
|
||
|
|
{{- if .Values.networkPolicy.egress.enabled }}
|
||
|
|
- Egress
|
||
|
|
{{- end }}
|
||
|
|
podSelector:
|
||
|
|
matchLabels:
|
||
|
|
{{- include "grafana.selectorLabels" . | nindent 6 }}
|
||
|
|
|
||
|
|
{{- if .Values.networkPolicy.egress.enabled }}
|
||
|
|
egress:
|
||
|
|
{{- if not .Values.networkPolicy.egress.blockDNSResolution }}
|
||
|
|
- ports:
|
||
|
|
- port: 53
|
||
|
|
protocol: UDP
|
||
|
|
{{- end }}
|
||
|
|
- ports:
|
||
|
|
{{ .Values.networkPolicy.egress.ports | toJson }}
|
||
|
|
{{- with .Values.networkPolicy.egress.to }}
|
||
|
|
to:
|
||
|
|
{{- toYaml . | nindent 12 }}
|
||
|
|
{{- end }}
|
||
|
|
{{- end }}
|
||
|
|
{{- if .Values.networkPolicy.ingress }}
|
||
|
|
ingress:
|
||
|
|
- ports:
|
||
|
|
- port: {{ .Values.service.targetPort }}
|
||
|
|
{{- if not .Values.networkPolicy.allowExternal }}
|
||
|
|
from:
|
||
|
|
- podSelector:
|
||
|
|
matchLabels:
|
||
|
|
{{ include "grafana.fullname" . }}-client: "true"
|
||
|
|
{{- with .Values.networkPolicy.explicitNamespacesSelector }}
|
||
|
|
- namespaceSelector:
|
||
|
|
{{- toYaml . | nindent 12 }}
|
||
|
|
{{- end }}
|
||
|
|
- podSelector:
|
||
|
|
matchLabels:
|
||
|
|
{{- include "grafana.labels" . | nindent 14 }}
|
||
|
|
role: read
|
||
|
|
{{- end }}
|
||
|
|
{{- end }}
|
||
|
|
{{- end }}
|