Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(helm): add support for NetworkPolicies in v2 Helm chart #3164

Merged
merged 5 commits into from
Aug 14, 2023
Merged

feat(helm): add support for NetworkPolicies in v2 Helm chart #3164

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
fcd60b1
feat(helm): add support for NetworkPolicies in v2 Helm chart
tongpu Jul 25, 2023
291a9a3
feat(helm): add MySQL and PostgreSQL ports to NetworkPolicy
tongpu Aug 11, 2023
be6ebf1
Fix typo in v2 values.yaml
tongpu Aug 11, 2023
11672eb
Fix missing camelCase for networkPolicies
tongpu Aug 11, 2023
94ffb6f
Merge branch 'main' into feat/networkpolicies-v2-chart
matthchr Aug 14, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
55 changes: 55 additions & 0 deletions v2/charts/azure-service-operator/templates/networkpolicies.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,55 @@
{{- if .Values.networkPolicies.enable }}
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: azure-service-operator-allow-ingress
namespace: {{ .Release.namespace }}
spec:
ingress:
- from:
- ipBlock:
cidr: 0.0.0.0/0
podSelector:
matchLabels:
control-plane: controller-manager
policyTypes:
- Ingress
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: azure-service-operator-allow-egress
namespace: {{ .Release.namespace }}
spec:
egress:
- ports:
# Required for communication with the Azure API
matthchr marked this conversation as resolved.
Show resolved Hide resolved
- port: 443
protocol: TCP
to:
- ipBlock:
cidr: 0.0.0.0/0
# Required for communication with the Kubernetes API
- port: {{ .Values.networkPolicies.kubernetesApiPort }}
protocol: TCP
to:
- ipBlock:
cidr: {{ .Values.networkPolicies.kubernetesApiCIDR }}
# Required for communication with MySQL servers when using MySQL user object
- port: 3306
protocol: TCP
to:
- ipBlock:
cidr: {{ .Values.networkPolicies.mysqlCIDR }}
# Required for communication with PostgreSQL servers when using PostgreSQL user object
- port: 5432
protocol: TCP
to:
- ipBlock:
cidr: {{ .Values.networkPolicies.postgresqlCIDR }}
podSelector:
matchLabels:
control-plane: controller-manager
policyTypes:
- Egress
{{- end }}
12 changes: 12 additions & 0 deletions v2/charts/azure-service-operator/values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -120,3 +120,15 @@ podAnnotations: {}
# NOTE: 'installCRDs' should be set to false while installing a tenant.
multitenant:
enable: false

# networkPolicies allows you to configure the NetworkPolicies deployed as part of the Chart
networkPolicies:
enable: true
# TCP port to be configured for talking to the Kubernetes API
kubernetesApiPort: 6443
# Destination CIDR for talking to the Kubernetes API
kubernetesApiCIDR: 0.0.0.0/0
# Destination CIDR for talking to MySQL servers
mysqlCIDR: 0.0.0.0/0
# Destination CIDR for talking to PostgreSQL servers
postgresqlCIDR: 0.0.0.0/0