| 1234567891011121314151617181920212223242526272829303132333435363738394041 |
- {{- if .Values.networkPolicy.enabled }}
- kind: NetworkPolicy
- apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }}
- metadata:
- name: {{ include "common.names.fullname" . }}
- namespace: {{ template "zookeeper.namespace" . }}
- labels: {{- include "common.labels.standard" . | nindent 4 }}
- {{- if .Values.commonLabels }}
- {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
- {{- end }}
- {{- if .Values.commonAnnotations }}
- annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
- {{- end }}
- spec:
- podSelector:
- matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }}
- policyTypes:
- - Ingress
- ingress:
- # Allow inbound connections to ZooKeeper
- - ports:
- - port: {{ .Values.containerPorts.client }}
- {{- if .Values.metrics.enabled }}
- - port: {{ .Values.metrics.containerPort }}
- {{- end }}
- {{- if not .Values.networkPolicy.allowExternal }}
- from:
- - podSelector:
- matchLabels:
- {{ include "common.names.fullname" . }}-client: "true"
- - podSelector:
- matchLabels: {{- include "common.labels.matchLabels" . | nindent 14 }}
- {{- end }}
- # Allow internal communications between nodes
- - ports:
- - port: {{ .Values.containerPorts.follower }}
- - port: {{ .Values.containerPorts.election }}
- from:
- - podSelector:
- matchLabels: {{- include "common.labels.matchLabels" . | nindent 14 }}
- {{- end }}
|
