From 8b2e79e05c5a2e95e9976e8d555d78ba7c827af8 Mon Sep 17 00:00:00 2001 From: Kjeld Schouten-Lebbing Date: Thu, 29 Dec 2022 21:38:50 +0100 Subject: [PATCH] feat(common): Add simplified networkPolicy alternative for use in SCALE GUI --- charts/common/templates/SCALE/_allowedcon.tpl | 25 +++++++++++++++++++ charts/common/templates/loader/_apply.tpl | 2 ++ charts/common/values.yaml | 3 +++ 3 files changed, 30 insertions(+) create mode 100644 charts/common/templates/SCALE/_allowedcon.tpl diff --git a/charts/common/templates/SCALE/_allowedcon.tpl b/charts/common/templates/SCALE/_allowedcon.tpl new file mode 100644 index 00000000..0db403fe --- /dev/null +++ b/charts/common/templates/SCALE/_allowedcon.tpl @@ -0,0 +1,25 @@ +{{- define "tc.common.scale.allowedcon" -}} +--- +kind: NetworkPolicy +apiVersion: networking.k8s.io/v1 +metadata: + name: allowedCon + {{- with (include "tc.common.labels" $ | fromYaml) }} + labels: {{- toYaml . | nindent 4 }} + {{- end }} + {{- with (include "tc.common.annotations" $ | fromYaml) }} + annotations: + {{- tpl ( toYaml . ) $ | nindent 4 }} + {{- end }} +spec: + policyTypes: ["Ingress"] +{{- if .Values.allowedCon }} + ingress: + - from: + {{- range .Values.allowedCon }} + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: {{ . }} + {{- end -}} +{{- end }} +{{- end -}} diff --git a/charts/common/templates/loader/_apply.tpl b/charts/common/templates/loader/_apply.tpl index 45931203..b4f1f1e5 100644 --- a/charts/common/templates/loader/_apply.tpl +++ b/charts/common/templates/loader/_apply.tpl @@ -49,6 +49,8 @@ Secondary entrypoint and primary loader for the common chart {{ include "tc.common.scale.portal" . | nindent 0 }} + {{ include "tc.common.scale.allowedcon" . | nindent 0 }} + {{ include "tc.common.spawner.networkpolicy" . | nindent 0 }} {{- end -}} diff --git a/charts/common/values.yaml b/charts/common/values.yaml index 763b2b63..90a7c306 100644 --- a/charts/common/values.yaml +++ b/charts/common/values.yaml @@ -1124,6 +1124,9 @@ addons: pathType: Prefix tls: [] +# -- A list of Apps/Namespace names allowed to communicate with this App/Chart +allowedCon: [] + ## # This section contains some-preconfig for frequently used dependencies ##