maabara/manifests/argo-cd/charts/redis-ha/templates/redis-haproxy-network-policy.yaml

{{- if and .Values.haproxy.enabled .Values.haproxy.networkPolicy.enabled }}
{{- $root := . }}
kind: NetworkPolicy
apiVersion: networking.k8s.io/v1
metadata:
  name: {{ template "redis-ha.fullname" . }}-haproxy-network-policy
  namespace: {{ .Release.Namespace | quote }}
  {{- if .Values.haproxy.networkPolicy.annotations }}
  annotations:
    {{- range $key, $value := .Values.haproxy.networkPolicy.annotations }}
    {{ $key }}: {{ $value | quote }}
    {{- end }}
  {{- end }}
  labels:
    {{- include "labels.standard" . | nindent 4 }}
    {{- range $key, $value := .Values.haproxy.networkPolicy.labels }}
    {{ $key }}: {{ $value | quote }}
    {{- end }}
spec:
  podSelector:
    matchLabels:
      release: {{ .Release.Name }}
      app: {{ template "redis-ha.name" . }}-haproxy
  policyTypes:
    - Ingress
    - Egress
  egress:
    - to:
        - podSelector:
            matchLabels:
              release: {{ .Release.Name }}
              app: {{ template "redis-ha.name" . }}
      ports:
        - port: {{ .Values.redis.port }}
          protocol: TCP
        - port: {{ .Values.sentinel.port }}
          protocol: TCP
    - to:
        - namespaceSelector: {}
      ports:
        - port: 53
          protocol: UDP
        - port: 53
          protocol: TCP
    {{-  range $rule := .Values.haproxy.networkPolicy.egressRules }}
    - to:
        {{- (tpl (toYaml $rule.selectors) $) | nindent 8 }}
      ports:
        {{- toYaml $rule.ports | nindent 8 }}
    {{- end }}
  ingress:
    - from:
        - podSelector:
            matchLabels:
              release: {{ .Release.Name }}
              app: {{ template "redis-ha.name" . }}
      ports:
        - port: {{ .Values.redis.port }}
          protocol: TCP
        - port: {{ .Values.sentinel.port }}
          protocol: TCP
    {{-  range $rule := .Values.haproxy.networkPolicy.ingressRules }}
    - from:
        {{- (tpl (toYaml $rule.selectors) $) | nindent 8 }}
      ports:
        {{- if $rule.ports }}
        {{- toYaml $rule.ports | nindent 8 }}
        {{- end }}
        - port: {{ $root.Values.redis.port }}
          protocol: TCP
        - port: {{ $root.Values.sentinel.port }}
          protocol: TCP
    {{- end }}
{{- end }}
manifests -> helm charts for argocd 2025-01-01 04:04:39 +00:00			`{{- if and .Values.haproxy.enabled .Values.haproxy.networkPolicy.enabled }}`
			`{{- $root := . }}`
			`kind: NetworkPolicy`
			`apiVersion: networking.k8s.io/v1`
			`metadata:`
			`name: {{ template "redis-ha.fullname" . }}-haproxy-network-policy`
			`namespace: {{ .Release.Namespace \| quote }}`
			`{{- if .Values.haproxy.networkPolicy.annotations }}`
			`annotations:`
			`{{- range $key, $value := .Values.haproxy.networkPolicy.annotations }}`
			`{{ $key }}: {{ $value \| quote }}`
			`{{- end }}`
			`{{- end }}`
			`labels:`
			`{{- include "labels.standard" . \| nindent 4 }}`
			`{{- range $key, $value := .Values.haproxy.networkPolicy.labels }}`
			`{{ $key }}: {{ $value \| quote }}`
			`{{- end }}`
			`spec:`
			`podSelector:`
			`matchLabels:`
			`release: {{ .Release.Name }}`
			`app: {{ template "redis-ha.name" . }}-haproxy`
			`policyTypes:`
			`- Ingress`
			`- Egress`
			`egress:`
			`- to:`
			`- podSelector:`
			`matchLabels:`
			`release: {{ .Release.Name }}`
			`app: {{ template "redis-ha.name" . }}`
			`ports:`
			`- port: {{ .Values.redis.port }}`
			`protocol: TCP`
			`- port: {{ .Values.sentinel.port }}`
			`protocol: TCP`
			`- to:`
			`- namespaceSelector: {}`
			`ports:`
			`- port: 53`
			`protocol: UDP`
			`- port: 53`
			`protocol: TCP`
			`{{- range $rule := .Values.haproxy.networkPolicy.egressRules }}`
			`- to:`
			`{{- (tpl (toYaml $rule.selectors) $) \| nindent 8 }}`
			`ports:`
			`{{- toYaml $rule.ports \| nindent 8 }}`
			`{{- end }}`
			`ingress:`
			`- from:`
			`- podSelector:`
			`matchLabels:`
			`release: {{ .Release.Name }}`
			`app: {{ template "redis-ha.name" . }}`
			`ports:`
			`- port: {{ .Values.redis.port }}`
			`protocol: TCP`
			`- port: {{ .Values.sentinel.port }}`
			`protocol: TCP`
			`{{- range $rule := .Values.haproxy.networkPolicy.ingressRules }}`
			`- from:`
			`{{- (tpl (toYaml $rule.selectors) $) \| nindent 8 }}`
			`ports:`
			`{{- if $rule.ports }}`
			`{{- toYaml $rule.ports \| nindent 8 }}`
			`{{- end }}`
			`- port: {{ $root.Values.redis.port }}`
			`protocol: TCP`
			`- port: {{ $root.Values.sentinel.port }}`
			`protocol: TCP`
			`{{- end }}`
			`{{- end }}`