Skip to content

Commit 2fbf92d

Browse files
matheuscscpmatheuscscp
committed
Add NetworkPolicy
Signed-off-by: Matheus Pimenta <[email protected]>
1 parent a457c15 commit 2fbf92d

File tree

3 files changed

+45
-0
lines changed

3 files changed

+45
-0
lines changed

helm/oauth2-proxy/README.md

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -181,6 +181,8 @@ The following table lists the configurable parameters of the oauth2-proxy chart
181181
| `livenessProbe.initialDelaySeconds` | number of seconds | 0 |
182182
| `livenessProbe.timeoutSeconds` | number of seconds | 1 |
183183
| `namespaceOverride` | Override the deployment namespace | `""` |
184+
| `networkPolicy.create` | Create a NetworkPolicy resource | `false` |
185+
| `networkPolicy.ingress.namespaces` | Namespaces to allow ingress from (if empty, allows only from the release namespace) | `[]` |
184186
| `nodeSelector` | node labels for pod assignment | `{}` |
185187
| `deploymentAnnotations` | annotations to add to the deployment | `{}` |
186188
| `podAnnotations` | annotations to add to each pod | `{}` |

helm/oauth2-proxy/templates/networkpolicy.yaml

Lines changed: 35 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,35 @@
1+
{{- if .Values.networkPolicy.create }}
2+
apiVersion: networking.k8s.io/v1
3+
kind: NetworkPolicy
4+
metadata:
5+
name: {{ include "oauth2-proxy.fullname" . }}
6+
namespace: {{ .Release.Namespace }}
7+
labels:
8+
{{- include "oauth2-proxy.labels" . | nindent 4 }}
9+
{{- with .Values.commonLabels }}
10+
{{- toYaml . | nindent 4 }}
11+
{{- end }}
12+
{{- with .Values.commonAnnotations }}
13+
annotations:
14+
{{- toYaml . | nindent 4 }}
15+
{{- end }}
16+
spec:
17+
policyTypes:
18+
- Ingress
19+
podSelector:
20+
matchLabels:
21+
{{- include "oauth2-proxy.selectorLabels" . | nindent 6 }}
22+
ingress:
23+
- from:
24+
- namespaceSelector:
25+
matchLabels:
26+
kubernetes.io/metadata.name: {{ .Release.Namespace }}
27+
{{- range $ns := .Values.networkPolicy.ingress.namespaces }}
28+
- namespaceSelector:
29+
matchLabels:
30+
kubernetes.io/metadata.name: {{ $ns }}
31+
{{- end }}
32+
ports:
33+
- protocol: TCP
34+
port: {{ .Values.httpScheme }}
35+
{{- end }}

helm/oauth2-proxy/values.yaml

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -177,6 +177,14 @@ serviceAccount:
177177
automountServiceAccountToken: true
178178
annotations: {}
179179

180+
# Network policy settings.
181+
networkPolicy:
182+
create: false
183+
ingress:
184+
namespaces: []
185+
# - my-namespace-1
186+
# - my-namespace-2
187+
180188
ingress:
181189
enabled: false
182190
# className: nginx

0 commit comments

Comments
 (0)