wrenix/flux-charts
1
0
Fork 0
Code Issues 14 Pull requests 1 Projects Releases Packages Wiki Activity Actions

fix(mycloud-nextcloud): add networkpolicy

Browse source
This commit is contained in:
WrenIX 2024-09-04 22:37:48 +02:00
parent 37c84787de
commit 47a04c4ef9
Signed by: wrenix
GPG key ID: 7AFDB012974B1BB5
4 changed files with 168 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
base-values/commons.yaml
View file

@ -46,6 +46,8 @@ commons:
ingress: [] ingress: []
metrics: [] metrics: []
to: to:
dns: []
k8sAPI: []
smtp: [] smtp: []
matrix: [] matrix: []

40
mycloud-nextcloud/README.adoc
View file

@ -255,6 +255,41 @@ image::https://img.shields.io/badge/Version-application-informational?style=flat
| `"sub"` | `"sub"`
| oidc field which us used as id in nextcloud for username (for security reason it is sub, but could be overwritten by username) https://goauthentik.io/integrations/services/nextcloud/#provider-and-application | oidc field which us used as id in nextcloud for username (for security reason it is sub, but could be overwritten by username) https://goauthentik.io/integrations/services/nextcloud/#provider-and-application
| chart.ref
| object
| `{"branch":"feat/imaginary"}`
| for default set: null
| chart.url
| string
| `"https://github.com/wrenix/nextcloud-helm.git"`
| for default set: https://nextcloud.github.io/helm/
| commons.networkpolicies.enabled
| bool
| `false`
|
| commons.networkpolicies.from.ingress
| list
| `[]`
|
| commons.networkpolicies.from.metrics
| list
| `[]`
|
| commons.networkpolicies.to.dns
| list
| `[]`
|
| config
| object
| `{}`
|
| database.host | database.host
| string | string
| `"mycloud-services-postgresql"` | `"mycloud-services-postgresql"`
@ -285,6 +320,11 @@ image::https://img.shields.io/badge/Version-application-informational?style=flat
| `"GB"` | `"GB"`
| |
| imaginary.enabled
| bool
| `true`
|
| ingress.annotations | ingress.annotations
| string | string
| `nil` | `nil`

118
mycloud-nextcloud/templates/networkpolicy.yaml Normal file
View file

@ -0,0 +1,118 @@
{{- if .Values.commons.networkpolicies.enabled }}
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: {{ .Release.Name }}
spec:
podSelector:
matchLabels:
app.kubernetes.io/component: app
app.kubernetes.io/instance: {{ .Release.Name }}-hr
app.kubernetes.io/name: nextcloud
policyTypes:
- Ingress
ingress:
- ports:
- port: 80
protocol: TCP
from:
- podSelector:
matchLabels:
app.kubernetes.io/component: metrics
app.kubernetes.io/instance: {{ .Release.Name }}-hr
app.kubernetes.io/name: nextcloud
{{- with .Values.commons.networkpolicies.from.ingress }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- if .Values.imaginary.enabled }}
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: {{ .Release.Name }}-imaginary
spec:
podSelector:
matchLabels:
app.kubernetes.io/component: imaginary
app.kubernetes.io/instance: {{ .Release.Name }}-hr
app.kubernetes.io/name: nextcloud
policyTypes:
- Ingress
- Egress
ingress:
- ports:
- port: 9000
protocol: TCP
from:
- podSelector:
matchLabels:
app.kubernetes.io/component: app
app.kubernetes.io/instance: {{ .Release.Name }}-hr
app.kubernetes.io/name: nextcloud
{{- end }}
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: {{ .Release.Name }}-metrics
spec:
podSelector:
matchLabels:
app.kubernetes.io/component: metrics
app.kubernetes.io/instance: {{ .Release.Name }}-hr
app.kubernetes.io/name: nextcloud
policyTypes:
- Ingress
- Egress
ingress:
- ports:
- port: 9205
protocol: TCP
from:
{{- toYaml .Values.commons.networkpolicies.from.metrics | nindent 8 }}
egress:
- ports:
- port: 80
protocol: TCP
to:
- podSelector:
matchLabels:
app.kubernetes.io/component: app
app.kubernetes.io/instance: {{ .Release.Name }}-hr
app.kubernetes.io/name: nextcloud
- ports:
- port: 53
protocol: UDP
to:
{{- toYaml .Values.commons.networkpolicies.to.dns | nindent 8 }}
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: {{ .Release.Name }}-redis
spec:
podSelector:
matchLabels:
app.kubernetes.io/component: master
app.kubernetes.io/instance: {{ .Release.Name }}-hr
app.kubernetes.io/name: redis
policyTypes:
- Ingress
- Egress
ingress:
- ports:
- port: 6379
protocol: TCP
from:
- podSelector:
matchLabels:
app.kubernetes.io/component: app
app.kubernetes.io/instance: {{ .Release.Name }}-hr
app.kubernetes.io/name: nextcloud
- ports:
- port: 9121
protocol: TCP
from:
{{- toYaml .Values.commons.networkpolicies.from.metrics | nindent 8 }}
{{- end }}

8
mycloud-nextcloud/values.yaml
View file

@ -86,6 +86,14 @@ commons:
# @section -- Commons Ingress # @section -- Commons Ingress
override: [] override: []
networkpolicies:
enabled: false
from:
ingress: []
metrics: []
to:
dns: []
prometheus: prometheus:
monitor: monitor:
# -- labels on Pod- and Service-Monitor # -- labels on Pod- and Service-Monitor