Skip to content

Commit db4b048

Browse files
matheuscscpmatheuscscp
authored
feat: add NetworkPolicy (#357)
Signed-off-by: Matheus Pimenta <[email protected]>
1 parent 0ea7b02 commit db4b048

File tree

4 files changed

+48
-4
lines changed

4 files changed

+48
-4
lines changed

helm/oauth2-proxy/Chart.yaml

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
name: oauth2-proxy
2-
version: 8.2.2
2+
version: 8.3.0
33
apiVersion: v2
44
appVersion: 7.12.0
55
home: https://oauth2-proxy.github.io/oauth2-proxy/
@@ -31,8 +31,8 @@ maintainers:
3131
kubeVersion: ">=1.16.0-0"
3232
annotations:
3333
artifacthub.io/changes: |
34-
- kind: security
35-
description: Adding cosign keyless signing for helm chart artifact
34+
- kind: added
35+
description: Add NetworkPolicy manifest to the helm chart
3636
links:
3737
- name: Github PR
38-
url: https://github.com/oauth2-proxy/manifests/pull/356
38+
url: https://github.com/oauth2-proxy/manifests/pull/357

helm/oauth2-proxy/README.md

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -181,6 +181,9 @@ The following table lists the configurable parameters of the oauth2-proxy chart
181181
| `livenessProbe.initialDelaySeconds` | number of seconds | 0 |
182182
| `livenessProbe.timeoutSeconds` | number of seconds | 1 |
183183
| `namespaceOverride` | Override the deployment namespace | `""` |
184+
| `networkPolicy.create` | Create a NetworkPolicy resource | `false` |
185+
| `networkPolicy.ingress` | List of ingress configuration objects | `[]` |
186+
| `networkPolicy.egress` | List of egress configuration objects | `[]` |
184187
| `nodeSelector` | node labels for pod assignment | `{}` |
185188
| `deploymentAnnotations` | annotations to add to the deployment | `{}` |
186189
| `podAnnotations` | annotations to add to each pod | `{}` |

helm/oauth2-proxy/templates/networkpolicy.yaml

Lines changed: 35 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,35 @@
1+
{{- if .Values.networkPolicy.create }}
2+
apiVersion: networking.k8s.io/v1
3+
kind: NetworkPolicy
4+
metadata:
5+
name: {{ include "oauth2-proxy.fullname" . }}
6+
namespace: {{ .Release.Namespace }}
7+
labels:
8+
{{- include "oauth2-proxy.labels" . | nindent 4 }}
9+
{{- with .Values.commonLabels }}
10+
{{- toYaml . | nindent 4 }}
11+
{{- end }}
12+
{{- with .Values.commonAnnotations }}
13+
annotations:
14+
{{- toYaml . | nindent 4 }}
15+
{{- end }}
16+
spec:
17+
policyTypes:
18+
{{- if .Values.networkPolicy.ingress }}
19+
- Ingress
20+
{{- end }}
21+
{{- if .Values.networkPolicy.egress }}
22+
- Egress
23+
{{- end }}
24+
podSelector:
25+
matchLabels:
26+
{{- include "oauth2-proxy.selectorLabels" . | nindent 6 }}
27+
{{- if .Values.networkPolicy.ingress }}
28+
ingress:
29+
{{- toYaml .Values.networkPolicy.ingress | nindent 4 }}
30+
{{- end }}
31+
{{- if .Values.networkPolicy.egress }}
32+
egress:
33+
{{- toYaml .Values.networkPolicy.egress | nindent 4 }}
34+
{{- end }}
35+
{{- end }}

helm/oauth2-proxy/values.yaml

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -177,6 +177,12 @@ serviceAccount:
177177
automountServiceAccountToken: true
178178
annotations: {}
179179

180+
# Network policy settings.
181+
networkPolicy:
182+
create: false
183+
ingress: []
184+
egress: []
185+
180186
ingress:
181187
enabled: false
182188
# className: nginx

0 commit comments

Comments
 (0)