| 12345678910111213141516171819202122232425262728293031323334353637383940414243 |
- {{- if .Values.networkPolicy.enabled }}
- kind: NetworkPolicy
- apiVersion: networking.k8s.io/v1
- metadata:
- name: {{ include "common.names.fullname" . }}
- namespace: {{ template "zookeeper.namespace" . }}
- labels: {{- include "common.labels.standard" . | nindent 4 }}
- {{- if .Values.commonLabels }}
- {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
- {{- end }}
- {{- if .Values.commonAnnotations }}
- annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
- {{- end }}
- spec:
- podSelector:
- matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }}
- ingress:
- # Allow inbound connections to zookeeper
- - ports:
- - port: {{ .Values.service.port }}
- from:
- {{- if not .Values.networkPolicy.allowExternal }}
- - podSelector:
- matchLabels:
- {{ include "common.names.fullname" . }}-client: "true"
- - podSelector:
- matchLabels: {{- include "common.labels.matchLabels" . | nindent 14 }}
- {{- else }}
- - podSelector:
- matchLabels: {}
- {{- end }}
- # Internal ports
- - ports: &intranodes_ports
- - port: {{ .Values.service.followerPort }}
- - port: {{ .Values.service.electionPort }}
- from:
- - podSelector:
- matchLabels: {{- include "common.labels.matchLabels" . | nindent 14 }}
- egress:
- - ports: *intranodes_ports
- # Allow outbound connections from zookeeper nodes
- {{- end }}
|
