52 lines
1.3 KiB
YAML
52 lines
1.3 KiB
YAML
|
{{- if .Values.networkPolicy.enabled }}
|
||
|
|
---
|
||
|
|
apiVersion: networking.k8s.io/v1
|
||
|
|
kind: NetworkPolicy
|
||
|
|
metadata:
|
||
|
|
name: {{ include "headscale.fullname" . }}
|
||
|
|
labels:
|
||
|
|
{{- include "headscale.labels" . | nindent 4 }}
|
||
|
|
spec:
|
||
|
|
podSelector:
|
||
|
|
matchLabels:
|
||
|
|
{{- include "headscale.selectorLabels" . | nindent 6 }}
|
||
|
|
policyTypes:
|
||
|
|
- Ingress
|
||
|
|
{{- if .Values.networkPolicy.egress.enabled }}
|
||
|
|
- Egress
|
||
|
|
{{- end }}
|
||
|
|
ingress:
|
||
|
|
{{- with .Values.networkPolicy.ingress.http }}
|
||
|
|
- ports:
|
||
|
|
- port: {{ $.Values.service.port.http }}
|
||
|
|
protocol: TCP
|
||
|
|
from:
|
||
|
|
{{- toYaml . | nindent 8 }}
|
||
|
|
{{- end }}
|
||
|
|
{{- with .Values.networkPolicy.ingress.metrics }}
|
||
|
|
- ports:
|
||
|
|
- port: {{ $.Values.service.port.metrics }}
|
||
|
|
protocol: TCP
|
||
|
|
from:
|
||
|
|
{{- toYaml . | nindent 8 }}
|
||
|
|
{{- end }}
|
||
|
|
{{- with .Values.networkPolicy.ingress.grpc }}
|
||
|
|
- ports:
|
||
|
|
- port: {{ $.Values.service.port.grpc }}
|
||
|
|
protocol: TCP
|
||
|
|
from:
|
||
|
|
{{- toYaml . | nindent 8 }}
|
||
|
|
{{- end }}
|
||
|
|
{{- with .Values.networkPolicy.ingress.derp }}
|
||
|
|
- ports:
|
||
|
|
- port: {{ $.Values.service.derp.port }}
|
||
|
|
protocol: TCP
|
||
|
|
from:
|
||
|
|
{{- toYaml . | nindent 8 }}
|
||
|
|
{{- end }}
|
||
|
|
{{- with .Values.networkPolicy.egress }}
|
||
|
|
egress:
|
||
|
|
{{- toYaml .extra | nindent 4 }}
|
||
|
|
{{- end }}
|
||
|
|
{{- end }}
|