{{- if and .Values.networkPolicy.enabled }} --- apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }} kind: NetworkPolicy metadata: name: {{ printf "%s-default-deny" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" }} namespace: {{ .Release.Namespace }} labels: {{- include "common.labels.standard" . | nindent 4 }} {{- if .Values.commonLabels }} {{- include "common.tplvalues.render" (dict "value" .Values.commonLabels "context" $) | nindent 4 }} {{- end }} {{- if .Values.commonAnnotations }} annotations: {{- include "common.tplvalues.render" (dict "value" .Values.commonAnnotations "context" $) | nindent 4 }} {{- end }} spec: podSelector: matchLabels: app.kubernetes.io/instance: {{ .Release.Name }} policyTypes: - Ingress - Egress ingress: [] egress: [] --- apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }} kind: NetworkPolicy metadata: name: {{ printf "%s-allow-egress-all" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" }} namespace: {{ .Release.Namespace }} labels: {{- include "common.labels.standard" . | nindent 4 }} {{- if .Values.commonLabels }} {{- include "common.tplvalues.render" (dict "value" .Values.commonLabels "context" $) | nindent 4 }} {{- end }} {{- if .Values.commonAnnotations }} annotations: {{- include "common.tplvalues.render" (dict "value" .Values.commonAnnotations "context" $) | nindent 4 }} {{- end }} spec: podSelector: matchLabels: app.kubernetes.io/instance: {{ .Release.Name }} policyTypes: - Egress egress: - {} --- --- apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }} kind: NetworkPolicy metadata: name: {{ printf "%s-allow-front" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" }} namespace: {{ .Release.Namespace }} labels: {{- include "common.labels.standard" . | nindent 4 }} {{- if .Values.commonLabels }} {{- include "common.tplvalues.render" (dict "value" .Values.commonLabels "context" $) | nindent 4 }} {{- end }} {{- if .Values.commonAnnotations }} annotations: {{- include "common.tplvalues.render" (dict "value" .Values.commonAnnotations "context" $) | nindent 4 }} {{- end }} spec: podSelector: matchLabels: app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/component: front ingress: # Allow ports 80/TCP, 443/TCP for ingress controller - ports: - port: 80 protocol: TCP - port: 443 protocol: TCP from: - namespaceSelector: matchLabels: kubernetes.io/metadata.name: {{ .Values.networkPolicy.ingressController.namespace }} podSelector: {{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.ingressController.podSelector "context" $) | nindent 10 }} # Allow ports 25/TCP, 110/TCP, 143/TCP, 465/TCP, 587/TCP, 995/TCP, 993/TCP, 4190/TCP through loadbalancer - ports: - port: 25 protocol: TCP - port: 110 protocol: TCP - port: 143 protocol: TCP - port: 465 protocol: TCP - port: 587 protocol: TCP - port: 995 protocol: TCP - port: 993 protocol: TCP - port: 4190 protocol: TCP --- apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }} kind: NetworkPolicy metadata: name: {{ printf "%s-allow-internal" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" }} namespace: {{ .Release.Namespace }} labels: {{- include "common.labels.standard" . | nindent 4 }} {{- if .Values.commonLabels }} {{- include "common.tplvalues.render" (dict "value" .Values.commonLabels "context" $) | nindent 4 }} {{- end }} {{- if .Values.commonAnnotations }} annotations: {{- include "common.tplvalues.render" (dict "value" .Values.commonAnnotations "context" $) | nindent 4 }} {{- end }} spec: podSelector: matchLabels: app.kubernetes.io/instance: {{ .Release.Name }} ingress: - from: - namespaceSelector: matchLabels: kubernetes.io/metadata.name: {{ .Release.Namespace }} podSelector: matchLabels: app.kubernetes.io/instance: {{ .Release.Name }} {{- end }}