fix(mycloud-nextcloud): use networkpolicy from redis

2025-02-26 18:41:36 +01:00 · 2025-02-26 18:41:36 +01:00 · 99120a4472
commit 99120a4472
parent 3424660b8b
3 changed files with 12 additions and 71 deletions
--- a/mycloud-nextcloud/templates/networkpolicy.yaml
+++ b/mycloud-nextcloud/templates/networkpolicy.yaml
@ -91,33 +91,4 @@ spec:
          protocol: UDP
      to:
        {{- toYaml .Values.commons.networkpolicies.to.dns | nindent 8 }}
 ---
 apiVersion: networking.k8s.io/v1
 kind: NetworkPolicy
 metadata:
  name: {{ .Release.Name }}-redis
 spec:
  podSelector:
    matchLabels:
      app.kubernetes.io/component: master
      app.kubernetes.io/instance: {{ .Release.Name }}-hr
      app.kubernetes.io/name: redis
  policyTypes:
    - Ingress
    - Egress
  ingress:
    - ports:
        - port: 6379
          protocol: TCP
      from:
        - podSelector:
            matchLabels:
              app.kubernetes.io/component: app
              app.kubernetes.io/instance: {{ .Release.Name }}-hr
              app.kubernetes.io/name: nextcloud
    - ports:
        - port: 9121
          protocol: TCP
      from:
        {{- toYaml .Values.commons.networkpolicies.from.metrics | nindent 8 }}
 {{- end }}
--- a/mycloud-nextcloud/templates/release.yaml
+++ b/mycloud-nextcloud/templates/release.yaml
@ -215,8 +215,6 @@ spec:
    metrics:
      enabled: true
      image:
        tag: 0.8.0
      info:
        apps: true
        update: true
@ -272,6 +270,18 @@ spec:
          additionalLabels:
            {{- toYaml .Values.commons.prometheus.rules.labels | nindent 12 }}
          rules: []
      networkPolicy:
        allowExternal: false
        allowExternalEgress: false
        metrics:
          allowExternal: false
          {{- with .Values.commons.networkpolicies.from.metrics }}
          {{- $nsMetrics := first . }}
          ingressNSMatchLabels:
            {{- toYaml $nsMetrics.namespaceSelector.matchLabels | nindent 12 }}
          ingressNSPodMatchLabels:
            {{- toYaml $nsMetrics.podSelector.matchLabels | nindent 12 }}
          {{- end }}
    {{- $pvHelper := (or .Values.commons.persistence.hostPath.enabled) }}
    {{- $storageClass := $pvHelper | ternary "manual" .Values.commons.persistence.storageClass }}
--- a/mycloud-nextcloud/templates/rules.yaml
+++ b/mycloud-nextcloud/templates/rules.yaml
@ -1,40 +0,0 @@
 {{- if (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1/PrometheusRule") }}
 ---
 # workaround till https://github.com/nextcloud/helm/pull/694 is merged
 apiVersion: monitoring.coreos.com/v1
 kind: PrometheusRule
 metadata:
  name: {{ .Release.Name }}
  labels:
    {{- toYaml .Values.commons.prometheus.rules.labels | nindent 4 }}
 spec:
  groups:
    - name: {{ .Release.Name }}-Defaults
      rules:
        - alert: "nextcloud: not reachable"
          expr: 'avg(nextcloud_last_update_seconds{  }) without(endpoint,container,pod,instance) < 1'
          labels:
            severity: "critical"
          {{`
          annotations:
            summary: "Nextcloud in {{ $labels.namespace }} is not reachable by exporter"
          `}}
        - alert: "nextcloud: outdated version"
          expr: 'sum(nextcloud_system_update_available{  }) without(endpoint,container,pod,instance) > 0'
          labels:
            severity: "warning"
          {{`
          annotations:
            summary: "Nextcloud in {{ $labels.namespace }} is outdated"
          `}}
        - alert: "nextcloud: outdated apps"
          expr: 'sum(nextcloud_apps_updates_available_total{  }) without(endpoint,container,pod,instance) > 0'
          labels:
            severity: "warning"
          {{`
          annotations:
            summary: "Nextcloud in {{ $labels.namespace }} has {{ $value }} outdated Apps"
          `}}
 {{- end }}