Home Explore Help
Sign In
dotbalo
/
k8s
mirror of https://github.com/dotbalo/k8s.git
2
0
Fork 0
Files Issues 0 Wiki
Tree: 8f7d6003a6
Branches Tags
k8s
/
loki
/
loki-stack
/
charts
/
grafana
/
templates
/
networkpolicy.yaml

networkpolicy.yaml 1.4 KB
History Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152 
  1. {{- if .Values.networkPolicy.enabled }}
    2. 

  2. apiVersion: networking.k8s.io/v1
    3. 

  3. kind: NetworkPolicy
    4. 

  4. metadata:
    5. 

  5.   name: {{ template "grafana.fullname" . }}
    6. 

  6.   namespace: {{ template "grafana.namespace" . }}
    7. 

  7.   labels:
    8. 

  8.     {{- include "grafana.labels" . | nindent 4 }}
    9. 

  9.     {{- with .Values.labels }}
    10. 

  10.     {{ toYaml . | nindent 4 }}
    11. 

  11.     {{- end }}
    12. 

  12.   {{- with .Values.annotations }}
    13. 

  13.   annotations:
    14. 

  14.     {{- toYaml . | nindent 4 }}
    15. 

  15.   {{- end }}
    16. 

  16. spec:
    17. 

  17.   policyTypes:
    18. 

  18.     {{- if .Values.networkPolicy.ingress }}
    19. 

  19.     - Ingress
    20. 

  20.     {{- end }}
    21. 

  21.     {{- if .Values.networkPolicy.egress.enabled }}
    22. 

  22.     - Egress
    23. 

  23.     {{- end }}
    24. 

  24.   podSelector:
    25. 

  25.     matchLabels:
    26. 

  26.     {{- include "grafana.selectorLabels" . | nindent 6 }}
    27. 

  27. 

  28.   {{- if .Values.networkPolicy.egress.enabled }}
    29. 

  29.   egress:
    30. 

  30.     - ports:
    31. 

  31.         {{ .Values.networkPolicy.egress.ports | toJson }}
    32. 

  32.   {{- end }}
    33. 

  33.   {{- if .Values.networkPolicy.ingress }}
    34. 

  34.   ingress:
    35. 

  35.     - ports:
    36. 

  36.       - port: {{ .Values.service.targetPort }}
    37. 

  37.       {{- if not .Values.networkPolicy.allowExternal }}
    38. 

  38.       from:
    39. 

  39.         - podSelector:
    40. 

  40.             matchLabels:
    41. 

  41.               {{ template "grafana.fullname" . }}-client: "true"
    42. 

  42.         {{- with .Values.networkPolicy.explicitNamespacesSelector }}
    43. 

  43.         - namespaceSelector:
    44. 

  44.             {{- toYaml . | nindent 12 }}
    45. 

  45.         {{- end }}
    46. 

  46.         - podSelector:
    47. 

  47.             matchLabels:
    48. 

  48.               {{- include "grafana.labels" . | nindent 14 }}
    49. 

  49.               role: read
    50. 

  50.       {{- end }}
    51. 

  51.   {{- end }}
    52. 

  52. {{- end }}
    53.