fix(mycloud-nextcloud): use networkpolicy from redis

2025-02-26 18:41:36 +01:00 · 2025-02-26 18:41:36 +01:00 · 99120a4472
commit 99120a4472
parent 3424660b8b
3 changed files with 12 additions and 71 deletions
--- a/mycloud-nextcloud/templates/networkpolicy.yaml
+++ b/mycloud-nextcloud/templates/networkpolicy.yaml
@ -91,33 +91,4 @@ spec:
          protocol: UDP
      to:
        {{- toYaml .Values.commons.networkpolicies.to.dns | nindent 8 }}
---
-apiVersion: networking.k8s.io/v1
-kind: NetworkPolicy
-metadata:
-  name: {{ .Release.Name }}-redis
-spec:
-  podSelector:
-    matchLabels:
-      app.kubernetes.io/component: master
-      app.kubernetes.io/instance: {{ .Release.Name }}-hr
-      app.kubernetes.io/name: redis
-  policyTypes:
-    - Ingress
-    - Egress
-  ingress:
-    - ports:
-        - port: 6379
-          protocol: TCP
-      from:
-        - podSelector:
-            matchLabels:
-              app.kubernetes.io/component: app
-              app.kubernetes.io/instance: {{ .Release.Name }}-hr
-              app.kubernetes.io/name: nextcloud
-    - ports:
-        - port: 9121
-          protocol: TCP
-      from:
-        {{- toYaml .Values.commons.networkpolicies.from.metrics | nindent 8 }}
 {{- end }}
--- a/mycloud-nextcloud/templates/release.yaml
+++ b/mycloud-nextcloud/templates/release.yaml
@ -215,8 +215,6 @@ spec:

    metrics:
      enabled: true
-      image:
-        tag: 0.8.0
      info:
        apps: true
        update: true
@ -272,6 +270,18 @@ spec:
          additionalLabels:
            {{- toYaml .Values.commons.prometheus.rules.labels | nindent 12 }}
          rules: []
+      networkPolicy:
+        allowExternal: false
+        allowExternalEgress: false
+        metrics:
+          allowExternal: false
+          {{- with .Values.commons.networkpolicies.from.metrics }}
+          {{- $nsMetrics := first . }}
+          ingressNSMatchLabels:
+            {{- toYaml $nsMetrics.namespaceSelector.matchLabels | nindent 12 }}
+          ingressNSPodMatchLabels:
+            {{- toYaml $nsMetrics.podSelector.matchLabels | nindent 12 }}
+          {{- end }}

    {{- $pvHelper := (or .Values.commons.persistence.hostPath.enabled) }}
    {{- $storageClass := $pvHelper | ternary "manual" .Values.commons.persistence.storageClass }}
--- a/mycloud-nextcloud/templates/rules.yaml
+++ b/mycloud-nextcloud/templates/rules.yaml
@ -1,40 +0,0 @@
-{{- if (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1/PrometheusRule") }}
---
-# workaround till https://github.com/nextcloud/helm/pull/694 is merged
-apiVersion: monitoring.coreos.com/v1
-kind: PrometheusRule
-metadata:
-  name: {{ .Release.Name }}
-  labels:
-    {{- toYaml .Values.commons.prometheus.rules.labels | nindent 4 }}
-spec:
-  groups:
-    - name: {{ .Release.Name }}-Defaults
-      rules:
-        - alert: "nextcloud: not reachable"
-          expr: 'avg(nextcloud_last_update_seconds{  }) without(endpoint,container,pod,instance) < 1'
-          labels:
-            severity: "critical"
-          {{`
-          annotations:
-            summary: "Nextcloud in {{ $labels.namespace }} is not reachable by exporter"
-          `}}
-
-        - alert: "nextcloud: outdated version"
-          expr: 'sum(nextcloud_system_update_available{  }) without(endpoint,container,pod,instance) > 0'
-          labels:
-            severity: "warning"
-          {{`
-          annotations:
-            summary: "Nextcloud in {{ $labels.namespace }} is outdated"
-          `}}
-
-        - alert: "nextcloud: outdated apps"
-          expr: 'sum(nextcloud_apps_updates_available_total{  }) without(endpoint,container,pod,instance) > 0'
-          labels:
-            severity: "warning"
-          {{`
-          annotations:
-            summary: "Nextcloud in {{ $labels.namespace }} has {{ $value }} outdated Apps"
-          `}}
-{{- end }}