Skip to content

Commit 7a8eb13

Browse files
matheuscscpmatheuscscp
committed
feat: add NetworkPolicy
Signed-off-by: Matheus Pimenta <[email protected]>
1 parent 0ea7b02 commit 7a8eb13

File tree

3 files changed

+43
-0
lines changed

3 files changed

+43
-0
lines changed

helm/oauth2-proxy/README.md

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -181,6 +181,8 @@ The following table lists the configurable parameters of the oauth2-proxy chart
181181
| `livenessProbe.initialDelaySeconds` | number of seconds | 0 |
182182
| `livenessProbe.timeoutSeconds` | number of seconds | 1 |
183183
| `namespaceOverride` | Override the deployment namespace | `""` |
184+
| `networkPolicy.create` | Create a NetworkPolicy resource | `false` |
185+
| `networkPolicy.ingress.namespaces` | Namespaces to allow ingress from (if empty, allows only from the release namespace) | `[]` |
184186
| `nodeSelector` | node labels for pod assignment | `{}` |
185187
| `deploymentAnnotations` | annotations to add to the deployment | `{}` |
186188
| `podAnnotations` | annotations to add to each pod | `{}` |

helm/oauth2-proxy/templates/networkpolicy.yaml

Lines changed: 35 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,35 @@
1+
{{- if .Values.networkPolicy.create }}
2+
apiVersion: networking.k8s.io/v1
3+
kind: NetworkPolicy
4+
metadata:
5+
name: {{ include "oauth2-proxy.fullname" . }}
6+
namespace: {{ .Release.Namespace }}
7+
labels:
8+
{{- include "oauth2-proxy.labels" . | nindent 4 }}
9+
{{- with .Values.commonLabels }}
10+
{{- toYaml . | nindent 4 }}
11+
{{- end }}
12+
{{- with .Values.commonAnnotations }}
13+
annotations:
14+
{{- toYaml . | nindent 4 }}
15+
{{- end }}
16+
spec:
17+
policyTypes:
18+
{{- if .Values.networkPolicy.ingress }}
19+
- Ingress
20+
{{- end }}
21+
{{- if .Values.networkPolicy.egress }}
22+
- Egress
23+
{{- end }}
24+
podSelector:
25+
matchLabels:
26+
{{- include "oauth2-proxy.selectorLabels" . | nindent 6 }}
27+
{{- if .Values.networkPolicy.ingress }}
28+
ingress:
29+
{{- toYaml .Values.networkPolicy.ingress | nindent 4 }}
30+
{{- end }}
31+
{{- if .Values.networkPolicy.egress }}
32+
egress:
33+
{{- toYaml .Values.networkPolicy.egress | nindent 4 }}
34+
{{- end }}
35+
{{- end }}

helm/oauth2-proxy/values.yaml

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -177,6 +177,12 @@ serviceAccount:
177177
automountServiceAccountToken: true
178178
annotations: {}
179179

180+
# Network policy settings.
181+
networkPolicy:
182+
create: false
183+
ingress: []
184+
egress: []
185+
180186
ingress:
181187
enabled: false
182188
# className: nginx

0 commit comments

Comments
 (0)