From 99120a4472cd38fff477807647d3cee24e933a0f Mon Sep 17 00:00:00 2001 From: WrenIX Date: Wed, 26 Feb 2025 18:41:36 +0100 Subject: [PATCH] fix(mycloud-nextcloud): use networkpolicy from redis --- .../templates/networkpolicy.yaml | 29 -------------- mycloud-nextcloud/templates/release.yaml | 14 ++++++- mycloud-nextcloud/templates/rules.yaml | 40 ------------------- 3 files changed, 12 insertions(+), 71 deletions(-) delete mode 100644 mycloud-nextcloud/templates/rules.yaml diff --git a/mycloud-nextcloud/templates/networkpolicy.yaml b/mycloud-nextcloud/templates/networkpolicy.yaml index 6e54c69..ceee7e4 100644 --- a/mycloud-nextcloud/templates/networkpolicy.yaml +++ b/mycloud-nextcloud/templates/networkpolicy.yaml @@ -91,33 +91,4 @@ spec: protocol: UDP to: {{- toYaml .Values.commons.networkpolicies.to.dns | nindent 8 }} ---- -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: {{ .Release.Name }}-redis -spec: - podSelector: - matchLabels: - app.kubernetes.io/component: master - app.kubernetes.io/instance: {{ .Release.Name }}-hr - app.kubernetes.io/name: redis - policyTypes: - - Ingress - - Egress - ingress: - - ports: - - port: 6379 - protocol: TCP - from: - - podSelector: - matchLabels: - app.kubernetes.io/component: app - app.kubernetes.io/instance: {{ .Release.Name }}-hr - app.kubernetes.io/name: nextcloud - - ports: - - port: 9121 - protocol: TCP - from: - {{- toYaml .Values.commons.networkpolicies.from.metrics | nindent 8 }} {{- end }} diff --git a/mycloud-nextcloud/templates/release.yaml b/mycloud-nextcloud/templates/release.yaml index 1c42f11..28a6371 100644 --- a/mycloud-nextcloud/templates/release.yaml +++ b/mycloud-nextcloud/templates/release.yaml @@ -215,8 +215,6 @@ spec: metrics: enabled: true - image: - tag: 0.8.0 info: apps: true update: true @@ -272,6 +270,18 @@ spec: additionalLabels: {{- toYaml .Values.commons.prometheus.rules.labels | nindent 12 }} rules: [] + networkPolicy: + allowExternal: false + allowExternalEgress: false + metrics: + allowExternal: false + {{- with .Values.commons.networkpolicies.from.metrics }} + {{- $nsMetrics := first . }} + ingressNSMatchLabels: + {{- toYaml $nsMetrics.namespaceSelector.matchLabels | nindent 12 }} + ingressNSPodMatchLabels: + {{- toYaml $nsMetrics.podSelector.matchLabels | nindent 12 }} + {{- end }} {{- $pvHelper := (or .Values.commons.persistence.hostPath.enabled) }} {{- $storageClass := $pvHelper | ternary "manual" .Values.commons.persistence.storageClass }} diff --git a/mycloud-nextcloud/templates/rules.yaml b/mycloud-nextcloud/templates/rules.yaml deleted file mode 100644 index 6a86c45..0000000 --- a/mycloud-nextcloud/templates/rules.yaml +++ /dev/null @@ -1,40 +0,0 @@ -{{- if (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1/PrometheusRule") }} ---- -# workaround till https://github.com/nextcloud/helm/pull/694 is merged -apiVersion: monitoring.coreos.com/v1 -kind: PrometheusRule -metadata: - name: {{ .Release.Name }} - labels: - {{- toYaml .Values.commons.prometheus.rules.labels | nindent 4 }} -spec: - groups: - - name: {{ .Release.Name }}-Defaults - rules: - - alert: "nextcloud: not reachable" - expr: 'avg(nextcloud_last_update_seconds{ }) without(endpoint,container,pod,instance) < 1' - labels: - severity: "critical" - {{` - annotations: - summary: "Nextcloud in {{ $labels.namespace }} is not reachable by exporter" - `}} - - - alert: "nextcloud: outdated version" - expr: 'sum(nextcloud_system_update_available{ }) without(endpoint,container,pod,instance) > 0' - labels: - severity: "warning" - {{` - annotations: - summary: "Nextcloud in {{ $labels.namespace }} is outdated" - `}} - - - alert: "nextcloud: outdated apps" - expr: 'sum(nextcloud_apps_updates_available_total{ }) without(endpoint,container,pod,instance) > 0' - labels: - severity: "warning" - {{` - annotations: - summary: "Nextcloud in {{ $labels.namespace }} has {{ $value }} outdated Apps" - `}} -{{- end }}