github.com/verrazzano/verrazzano@v1.7.0/platform-operator/thirdparty/charts/thanos/templates/networkpolicy.yaml

github.com/verrazzano/verrazzano@v1.7.0/platform-operator/thirdparty/charts/thanos/templates/networkpolicy.yaml (about)

     1  {{- if .Values.networkPolicy.enabled }}
     2  kind: NetworkPolicy
     3  apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }}
     4  metadata:
     5    name: {{ template "common.names.fullname" . }}
     6    labels: {{- include "common.labels.standard" . | nindent 4 }}
     7      {{- if .Values.commonLabels }}
     8      {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
     9      {{- end }}
    10    {{- if .Values.commonAnnotations }}
    11    annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
    12    {{- end }}
    13    namespace: {{ .Release.Namespace | quote }}
    14  spec:
    15    podSelector:
    16      matchLabels:
    17      {{- include "common.labels.matchLabels" . | nindent 6 }}
    18    ingress:
    19      # Allow inbound connections
    20      - ports:
    21         - port: http
    22         - port: grpc
    23        {{- if not .Values.networkPolicy.allowExternal }}
    24        from:
    25          - podSelector:
    26              matchLabels:
    27                {{ template "common.names.fullname" . }}-client: "true"
    28            {{- if .Values.networkPolicy.explicitNamespacesSelector }}
    29            namespaceSelector:
    30  {{ toYaml .Values.networkPolicy.explicitNamespacesSelector | indent 12 }}
    31            {{- end }}
    32          - podSelector:
    33              matchLabels:
    34              {{- include "common.labels.matchLabels" . | nindent 14 }}
    35                role: read
    36        {{- end }}
    37  {{- end }}