صفحهٔ اصلی گشت‌و‌گذار راهنما
ورود
cecf
/
deploy
5
0
انشعاب 0
پرونده‌ها مشکلات 0 درخواست واکشی 0 ویکی
درخت: e4538f3d9b
شاخه‌ها تگ‌ها
deploy
/
superset
/
charts
/
redis
/
templates
/
networkpolicy.yaml

networkpolicy.yaml 3.2 KB
تاريخچه خام

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182 
  1. {{- if .Values.networkPolicy.enabled }}
    2. 

  2. kind: NetworkPolicy
    3. 

  3. apiVersion: {{ template "networkPolicy.apiVersion" . }}
    4. 

  4. metadata:
    5. 

  5.   name: {{ template "common.names.fullname" . }}
    6. 

  6.   namespace: {{ .Release.Namespace | quote }}
    7. 

  7.   labels: {{- include "common.labels.standard" . | nindent 4 }}
    8. 

  8.     {{- if .Values.commonLabels }}
    9. 

  9.     {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
    10. 

  10.     {{- end }}
    11. 

  11.   {{- if .Values.commonAnnotations }}
    12. 

  12.   annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
    13. 

  13.   {{- end }}
    14. 

  14. spec:
    15. 

  15.   podSelector:
    16. 

  16.     matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }}
    17. 

  17.   policyTypes:
    18. 

  18.     - Ingress
    19. 

  19.   {{- if or (eq .Values.architecture "replication") .Values.networkPolicy.extraEgress }}
    20. 

  20.     - Egress
    21. 

  21.   egress:
    22. 

  22.     {{- if eq .Values.architecture "replication" }}
    23. 

  23.     # Allow dns resolution
    24. 

  24.     - ports:
    25. 

  25.         - port: 53
    26. 

  26.           protocol: UDP
    27. 

  27.     # Allow outbound connections to other cluster pods
    28. 

  28.     - ports:
    29. 

  29.         - port: {{ .Values.master.containerPorts.redis }}
    30. 

  30.         {{- if .Values.sentinel.enabled }}
    31. 

  31.         - port: {{ .Values.sentinel.containerPorts.sentinel }}
    32. 

  32.         {{- end }}
    33. 

  33.       to:
    34. 

  34.         - podSelector:
    35. 

  35.             matchLabels: {{- include "common.labels.matchLabels" . | nindent 14 }}
    36. 

  36.     {{- end }}
    37. 

  37.     {{- if .Values.networkPolicy.extraEgress }}
    38. 

  38.     {{- include "common.tplvalues.render" ( dict "value" .Values.networkPolicy.extraEgress "context" $ ) | nindent 4 }}
    39. 

  39.     {{- end }}
    40. 

  40.   {{- end }}
    41. 

  41.   ingress:
    42. 

  42.     # Allow inbound connections
    43. 

  43.     - ports:
    44. 

  44.         - port: {{ .Values.master.containerPorts.redis }}
    45. 

  45.         {{- if .Values.sentinel.enabled }}
    46. 

  46.         - port: {{ .Values.sentinel.containerPorts.sentinel }}
    47. 

  47.         {{- end }}
    48. 

  48.       {{- if not .Values.networkPolicy.allowExternal }}
    49. 

  49.       from:
    50. 

  50.         - podSelector:
    51. 

  51.             matchLabels:
    52. 

  52.               {{ template "common.names.fullname" . }}-client: "true"
    53. 

  53.         - podSelector:
    54. 

  54.             matchLabels: {{- include "common.labels.matchLabels" . | nindent 14 }}
    55. 

  55.         {{- if or .Values.networkPolicy.ingressNSMatchLabels .Values.networkPolicy.ingressNSPodMatchLabels }}
    56. 

  56.         - namespaceSelector:
    57. 

  57.             matchLabels:
    58. 

  58.               {{- if .Values.networkPolicy.ingressNSMatchLabels }}
    59. 

  59.                 {{- range $key, $value := .Values.networkPolicy.ingressNSMatchLabels }}
    60. 

  60.                 {{ $key | quote }}: {{ $value | quote }}
    61. 

  61.                 {{- end }}
    62. 

  62.               {{ else }}
    63. 

  63.                 {}
    64. 

  64.               {{- end }}
    65. 

  65.           {{- if .Values.networkPolicy.ingressNSPodMatchLabels }}
    66. 

  66.           podSelector:
    67. 

  67.             matchLabels:
    68. 

  68.               {{- range $key, $value := .Values.networkPolicy.ingressNSPodMatchLabels }}
    69. 

  69.               {{ $key | quote }}: {{ $value | quote }}
    70. 

  70.               {{- end }}
    71. 

  71.           {{- end }}
    72. 

  72.         {{- end }}
    73. 

  73.       {{- end }}
    74. 

  74.     {{- if .Values.metrics.enabled }}
    75. 

  75.     # Allow prometheus scrapes for metrics
    76. 

  76.     - ports:
    77. 

  77.         - port: 9121
    78. 

  78.     {{- end }}
    79. 

  79.     {{- if .Values.networkPolicy.extraIngress }}
    80. 

  80.     {{- include "common.tplvalues.render" ( dict "value" .Values.networkPolicy.extraIngress "context" $ ) | nindent 4 }}
    81. 

  81.     {{- end }}
    82. 

  82. {{- end }}
    83.