Merge R3 into master

[it/dep.git] / ric-aux / helm / infrastructure / subcharts / kong / charts / postgresql / templates / networkpolicy.yaml

diff --git a/ric-aux/helm/infrastructure/subcharts/kong/charts/postgresql/templates/networkpolicy.yaml b/ric-aux/helm/infrastructure/subcharts/kong/charts/postgresql/templates/networkpolicy.yaml
new file mode 100755 (executable)
index 0000000..ea1fc9b
--- /dev/null
+++ b/ric-aux/helm/infrastructure/subcharts/kong/charts/postgresql/templates/networkpolicy.yaml
@@ -0,0 +1,38 @@
+{{- if .Values.networkPolicy.enabled }}
+kind: NetworkPolicy
+apiVersion: {{ template "postgresql.networkPolicy.apiVersion" . }}
+metadata:
+  name: {{ template "postgresql.fullname" . }}
+  labels:
+    app: {{ template "postgresql.name" . }}
+    chart: {{ template "postgresql.chart" . }}
+    release: {{ .Release.Name | quote }}
+    heritage: {{ .Release.Service | quote }}
+spec:
+  podSelector:
+    matchLabels:
+      app: {{ template "postgresql.name" . }}
+      release: {{ .Release.Name | quote }}
+  ingress:
+    # Allow inbound connections
+    - ports:
+        - port: {{ template "postgresql.port" . }}
+      {{- if not .Values.networkPolicy.allowExternal }}
+      from:
+        - podSelector:
+            matchLabels:
+              {{ template "postgresql.fullname" . }}-client: "true"
+          {{- if .Values.networkPolicy.explicitNamespacesSelector }}
+          namespaceSelector:
+{{ toYaml .Values.networkPolicy.explicitNamespacesSelector | indent 12 }}
+          {{- end }}
+        - podSelector:
+            matchLabels:
+              app: {{ template "postgresql.name" . }}
+              release: {{ .Release.Name | quote }}
+              role: slave
+      {{- end }}
+    # Allow prometheus scrapes
+    - ports:
+        - port: 9187
+{{- end }}