--- /dev/null
+{{- if .Values.networkPolicy.enabled }}
+kind: NetworkPolicy
+apiVersion: {{ template "postgresql.networkPolicy.apiVersion" . }}
+metadata:
+ name: {{ template "postgresql.fullname" . }}
+ labels:
+ app: {{ template "postgresql.name" . }}
+ chart: {{ template "postgresql.chart" . }}
+ release: {{ .Release.Name | quote }}
+ heritage: {{ .Release.Service | quote }}
+spec:
+ podSelector:
+ matchLabels:
+ app: {{ template "postgresql.name" . }}
+ release: {{ .Release.Name | quote }}
+ ingress:
+ # Allow inbound connections
+ - ports:
+ - port: {{ template "postgresql.port" . }}
+ {{- if not .Values.networkPolicy.allowExternal }}
+ from:
+ - podSelector:
+ matchLabels:
+ {{ template "postgresql.fullname" . }}-client: "true"
+ {{- if .Values.networkPolicy.explicitNamespacesSelector }}
+ namespaceSelector:
+{{ toYaml .Values.networkPolicy.explicitNamespacesSelector | indent 12 }}
+ {{- end }}
+ - podSelector:
+ matchLabels:
+ app: {{ template "postgresql.name" . }}
+ release: {{ .Release.Name | quote }}
+ role: slave
+ {{- end }}
+ # Allow prometheus scrapes
+ - ports:
+ - port: 9187
+{{- end }}