diff --git a/charts/motive-service/Chart.yaml b/charts/motive-service/Chart.yaml index cdea386..40d56cc 100644 --- a/charts/motive-service/Chart.yaml +++ b/charts/motive-service/Chart.yaml @@ -4,6 +4,6 @@ description: A Helm chart for Kubernetes type: application -version: 2.1.3 +version: 2.2.0 appVersion: "1.0.0" diff --git a/charts/motive-service/README.md b/charts/motive-service/README.md index 82a3cc8..27d1953 100644 --- a/charts/motive-service/README.md +++ b/charts/motive-service/README.md @@ -1,6 +1,6 @@ # motive-service -![Version: 2.1.3](https://img.shields.io/badge/Version-2.1.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.0.0](https://img.shields.io/badge/AppVersion-1.0.0-informational?style=flat-square) +![Version: 2.2.0](https://img.shields.io/badge/Version-2.2.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.0.0](https://img.shields.io/badge/AppVersion-1.0.0-informational?style=flat-square) A Helm chart for Kubernetes @@ -61,6 +61,11 @@ A Helm chart for Kubernetes | metrics.serviceMonitor.scrapeTimeout | string | `"10s"` | | | metrics.serviceMonitor.targetLabels | list | `[]` | | | nameOverride | string | `""` | | +| networkPolicies.annotations | object | `{}` | | +| networkPolicies.egressRules | list | `[]` | Egress rules | +| networkPolicies.enabled | bool | false | Specify network policy enablement | +| networkPolicies.ingressRules | list | `[]` | Ingress rules | +| networkPolicies.labels | object | `{}` | | | rbac.bindings | list | `[]` | List of role bindings to create | | rbac.enabled | bool | `false` | Specifies whether RBAC resources should be created | | rbac.roles | list | `[]` | List of roles to create | diff --git a/charts/motive-service/templates/networkpolicy-allow-all.yaml b/charts/motive-service/templates/networkpolicy-allow-all.yaml new file mode 100644 index 0000000..4bdf090 --- /dev/null +++ b/charts/motive-service/templates/networkpolicy-allow-all.yaml @@ -0,0 +1,19 @@ +{{- if not .Values.networkPolicies.enabled }} +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: {{ include "motive-service.fullname" . }}-allow-all + labels: + {{- include "motive-service.labels" . | nindent 4 }} +spec: + podSelector: + matchLabels: + {{- include "motive-service.serviceSelectorLabels" . | nindent 6 }} + policyTypes: + - Ingress + - Egress + ingress: + - {} + egress: + - {} +{{- end }} \ No newline at end of file diff --git a/charts/motive-service/templates/networkpolicy.yaml b/charts/motive-service/templates/networkpolicy.yaml index 15435f2..b3cb99c 100644 --- a/charts/motive-service/templates/networkpolicy.yaml +++ b/charts/motive-service/templates/networkpolicy.yaml @@ -1,13 +1,48 @@ +{{- with .Values.networkPolicies }} +{{- if .enabled }} apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: - name: {{ include "motive-service.fullname" . }}-allow-all + name: {{ include "motive-service.fullname" $ }} + labels: + {{- include "motive-service.labels" $ | nindent 4 }} + {{- with .labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} spec: - podSelector: {} + podSelector: + matchLabels: + {{- include "motive-service.serviceSelectorLabels" . | nindent 6 }} + {{- if or .ingressRules .egressRules }} policyTypes: + {{- if .ingressRules }} - Ingress + {{- end }} + {{- if .egressRules }} - Egress + {{- end }} + {{- end }} + {{- if .ingressRules }} ingress: - - {} + {{- range $rule := .ingressRules }} + - from: + {{- toYaml $rule.selectors | nindent 8 }} + ports: + {{- toYaml $rule.ports | nindent 8 }} + {{- end }} + {{- end }} + {{- if .egressRules }} egress: - - {} \ No newline at end of file + {{- range $rule := .egressRules }} + - to: + {{- toYaml $rule.selectors | nindent 8 }} + ports: + {{- toYaml $rule.ports | nindent 8 }} + {{- end }} + {{- end }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/motive-service/values.yaml b/charts/motive-service/values.yaml index 69cdd7d..ab1c925 100644 --- a/charts/motive-service/values.yaml +++ b/charts/motive-service/values.yaml @@ -801,4 +801,39 @@ rollouts: args: ingress: "" - slo: "" \ No newline at end of file + slo: "" + + + +# -- -------------- +# Network Policies +# -- -------------- + +networkPolicies: + # -- Specify network policy enablement + # @default -- false + enabled: false + + labels: {} + + annotations: {} + + # -- Ingress rules + ingressRules: [] + # - selectors: + # - podSelector: {} + # ports: + # - port: 8080 + # protocol: TCP + # - port: 8081 + # protocol: TCP + + # -- Egress rules + egressRules: [] + # - selectors: + # - podSelector: {} + # ports: + # - port: 8080 + # protocol: TCP + # - port: 8081 + # protocol: TCP