helm/infrastructure/subcharts/kong/charts/postgresql/templates/primary/networkpolicy.yaml

   1 {{- if and .Values.networkPolicy.enabled (or .Values.networkPolicy.metrics.enabled .Values.networkPolicy.ingressRules.primaryAccessOnlyFrom.enabled) }}
   2 apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }}
   3 kind: NetworkPolicy
   4 metadata:
   5   name: {{ printf "%s-ingress" (include "postgresql.primary.fullname" .) }}
   6   namespace: {{ .Release.Namespace | quote }}
   7   labels: {{- include "common.labels.standard" . | nindent 4 }}
   8     app.kubernetes.io/component: primary
   9     {{- if .Values.commonLabels }}
  10     {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
  11     {{- end }}
  12   {{- if .Values.commonAnnotations }}
  13   annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
  14   {{- end }}
  15 spec:
  16   podSelector:
  17     matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }}
  18       app.kubernetes.io/component: primary
  19   ingress:
  20     {{- if and .Values.metrics.enabled .Values.networkPolicy.metrics.enabled (or .Values.networkPolicy.metrics.namespaceSelector .Values.networkPolicy.metrics.podSelector) }}
  21     - from:
  22         {{- if .Values.networkPolicy.metrics.namespaceSelector }}
  23         - namespaceSelector:
  24             matchLabels: {{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.metrics.namespaceSelector "context" $) | nindent 14 }}
  25         {{- end }}
  26         {{- if .Values.networkPolicy.metrics.podSelector }}
  27         - podSelector:
  28             matchLabels: {{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.metrics.podSelector "context" $) | nindent 14 }}
  29         {{- end }}
  30       ports:
  31         - port: {{ .Values.metrics.containerPorts.metrics }}
  32     {{- end }}
  33     {{- if and .Values.networkPolicy.ingressRules.primaryAccessOnlyFrom.enabled (or .Values.networkPolicy.ingressRules.primaryAccessOnlyFrom.namespaceSelector .Values.networkPolicy.ingressRules.primaryAccessOnlyFrom.podSelector) }}
  34     - from:
  35         {{- if .Values.networkPolicy.ingressRules.primaryAccessOnlyFrom.namespaceSelector }}
  36         - namespaceSelector:
  37             matchLabels: {{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.ingressRules.primaryAccessOnlyFrom.namespaceSelector "context" $) | nindent 14 }}
  38         {{- end }}
  39         {{- if .Values.networkPolicy.ingressRules.primaryAccessOnlyFrom.podSelector }}
  40         - podSelector:
  41             matchLabels: {{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.ingressRules.primaryAccessOnlyFrom.podSelector "context" $) | nindent 14 }}
  42         {{- end }}
  43       ports:
  44         - port: {{ .Values.containerPorts.postgresql }}
  45     {{- end }}
  46     {{- if and .Values.networkPolicy.ingressRules.primaryAccessOnlyFrom.enabled (eq .Values.architecture "replication") }}
  47     - from:
  48         - podSelector:
  49             matchLabels: {{- include "common.labels.matchLabels" . | nindent 14 }}
  50               app.kubernetes.io/component: read
  51       ports:
  52         - port: {{ .Values.containerPorts.postgresql }}
  53     {{- end }}
  54     {{- if .Values.networkPolicy.ingressRules.primaryAccessOnlyFrom.customRules }}
  55     {{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.ingressRules.primaryAccessOnlyFrom.customRules "context" $) | nindent 4 }}
  56     {{- end }}
  57 {{- end }}