diff --git a/charts/nginx-ingress/templates/controller-networkpolicy.yaml b/charts/nginx-ingress/templates/controller-networkpolicy.yaml new file mode 100644 index 000000000..31080e266 --- /dev/null +++ b/charts/nginx-ingress/templates/controller-networkpolicy.yaml @@ -0,0 +1,23 @@ +{{- if .Values.networkPolicy.enabled }} +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: {{ include "nginx-ingress.fullname" . }}-network-policy + labels: + {{- include "nginx-ingress.labels" . | nindent 4 }} +spec: + podSelector: + {{- toYaml .Values.networkPolicy.podSelector | nindent 4 }} + policyTypes: + {{- toYaml .Values.networkPolicy.policyTypes | nindent 4 }} + + {{- if has "Ingress" .Values.networkPolicy.policyTypes }} + ingress: + {{- toYaml .Values.networkPolicy.ingress | nindent 4 }} + {{- end }} + + {{- if has "Egress" .Values.networkPolicy.policyTypes }} + egress: + {{- toYaml .Values.networkPolicy.egress | nindent 4 }} + {{- end }} +{{- end }} diff --git a/charts/nginx-ingress/values.yaml b/charts/nginx-ingress/values.yaml index 8dc7579c2..fac0e5f3f 100644 --- a/charts/nginx-ingress/values.yaml +++ b/charts/nginx-ingress/values.yaml @@ -724,3 +724,23 @@ nginxAgent: processorBufferSize: 50000 ## The name of a custom ConfigMap to use instead of the one provided by default customConfigMap: "" + +# Default values for nginx-ingress with optional NetworkPolicy +networkPolicy: + enabled: false # Set to true to enable the NetworkPolicy + policyTypes: # Types of policy to create + - Ingress + - Egress + podSelector: {} # Label selector for pods (defaults to ingress controller pods) + ingress: # Ingress rules + - from: [] # List of peer selectors (e.g. namespaces, pods) + ports: + - protocol: TCP + port: 80 + - protocol: TCP + port: 443 + egress: # Egress rules + - to: [] # List of peer selectors + ports: + - protocol: UDP + port: 53