flux-charts/mycloud-nextcloud/templates/networkpolicy.yaml

{{- if .Values.commons.networkpolicies.enabled }}
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: {{ .Release.Name }}
spec:
  podSelector:
    matchLabels:
      app.kubernetes.io/component: app
      app.kubernetes.io/instance: {{ .Release.Name }}-hr
      app.kubernetes.io/name: nextcloud
  policyTypes:
    - Ingress
  ingress:
    - ports:
        - port: 80
          protocol: TCP
      from:
        - podSelector:
            matchLabels:
              app.kubernetes.io/component: metrics
              app.kubernetes.io/instance: {{ .Release.Name }}-hr
              app.kubernetes.io/name: nextcloud 
        - podSelector:
            matchLabels:
              app.kubernetes.io/component: notify-push
              app.kubernetes.io/instance: {{ .Release.Name }}-hr
              app.kubernetes.io/name: nextcloud 
        {{- with .Values.commons.networkpolicies.from.ingress }}
        {{- toYaml . | nindent 8 }}
        {{- end }}
{{- if .Values.imaginary.enabled }}
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: {{ .Release.Name }}-imaginary
spec:
  podSelector:
    matchLabels:
      app.kubernetes.io/component: imaginary
      app.kubernetes.io/instance: {{ .Release.Name }}-hr
      app.kubernetes.io/name: nextcloud
  policyTypes:
    - Ingress
    - Egress
  ingress:
    - ports:
        - port: 9000
          protocol: TCP
      from:
        - podSelector:
            matchLabels:
              app.kubernetes.io/component: app
              app.kubernetes.io/instance: {{ .Release.Name }}-hr
              app.kubernetes.io/name: nextcloud
{{- end }}
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: {{ .Release.Name }}-metrics
spec:
  podSelector:
    matchLabels:
      app.kubernetes.io/component: metrics
      app.kubernetes.io/instance: {{ .Release.Name }}-hr
      app.kubernetes.io/name: nextcloud 
  policyTypes:
    - Ingress
    - Egress
  ingress:
    - ports:
        - port: 9205
          protocol: TCP
      from:
        {{- toYaml .Values.commons.networkpolicies.from.metrics | nindent 8 }}
  egress:
    - ports:
        - port: 80
          protocol: TCP
      to:
        - podSelector:
            matchLabels:
              app.kubernetes.io/component: app
              app.kubernetes.io/instance: {{ .Release.Name }}-hr
              app.kubernetes.io/name: nextcloud
    - ports:
        - port: 53
          protocol: UDP
      to:
        {{- toYaml .Values.commons.networkpolicies.to.dns | nindent 8 }}
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: {{ .Release.Name }}-redis
spec:
  podSelector:
    matchLabels:
      app.kubernetes.io/component: master
      app.kubernetes.io/instance: {{ .Release.Name }}-hr
      app.kubernetes.io/name: redis
  policyTypes:
    - Ingress
    - Egress
  ingress:
    - ports:
        - port: 6379
          protocol: TCP
      from:
        - podSelector:
            matchLabels:
              app.kubernetes.io/component: app
              app.kubernetes.io/instance: {{ .Release.Name }}-hr
              app.kubernetes.io/name: nextcloud
    - ports:
        - port: 9121
          protocol: TCP
      from:
        {{- toYaml .Values.commons.networkpolicies.from.metrics | nindent 8 }}
{{- end }}