feat(cinny): add networkpolicy

2025-04-05 16:29:09 +02:00 · 2025-04-05 16:29:09 +02:00 · 42e6727e57
commit 42e6727e57
parent 2aaa746bee
4 changed files with 46 additions and 2 deletions
--- a/cinny/Chart.yaml
+++ b/cinny/Chart.yaml
@ -3,7 +3,7 @@ name: cinny
 description: A Helm Chart to install cinny (yet another matrix client)
 icon: https://cinny.in/assets/favicon-48x48.png
 type: application
-version: "0.1.0"
+version: "0.2.0"
 # renovate: image=ghcr.io/cinnyapp/cinny
 appVersion: "4.6.0"
 maintainers:
--- a/cinny/README.md
+++ b/cinny/README.md
@ -7,7 +7,7 @@ description: "A Helm Chart to install cinny (yet another matrix client)"

 # cinny

-![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 4.6.0](https://img.shields.io/badge/AppVersion-4.6.0-informational?style=flat-square)
+![Version: 0.2.0](https://img.shields.io/badge/Version-0.2.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 4.6.0](https://img.shields.io/badge/AppVersion-4.6.0-informational?style=flat-square)

 A Helm Chart to install cinny (yet another matrix client)

@ -91,6 +91,10 @@ helm uninstall cinny-release
 | ingress.hosts[0].paths[0].pathType | string | `"ImplementationSpecific"` |  |
 | ingress.tls | list | `[]` |  |
 | nameOverride | string | `""` |  |
+| networkPolicy.egress.enabled | bool | `true` | activate egress no networkpolicy |
+| networkPolicy.egress.extra | list | `[]` | egress rules |
+| networkPolicy.enabled | bool | `false` |  |
+| networkPolicy.ingress.http | list | `[]` | ingress for http port (e.g. ingress-controller) |
 | nodeSelector | object | `{}` |  |
 | podAnnotations | object | `{}` |  |
 | podLabels | object | `{}` |  |
--- a/cinny/templates/networkpolicy.yaml
+++ b/cinny/templates/networkpolicy.yaml
@ -0,0 +1,29 @@
+{{- if .Values.networkPolicy.enabled }}
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ include "cinny.fullname" . }}
+  labels:
+    {{- include "cinny.labels" . | nindent 4 }}
+spec:
+  podSelector:
+    matchLabels:
+      {{- include "cinny.selectorLabels" . | nindent 6 }}
+  policyTypes:
+    - Ingress
+    {{- if .Values.networkPolicy.egress.enabled }}
+    - Egress
+    {{- end }}
+  ingress:
+    - ports:
+        - port: {{ .Values.service.port }}
+          protocol: TCP
+      from:
+        {{- toYaml .Values.networkPolicy.ingress.http | nindent 8 }}
+  {{- with .Values.networkPolicy.egress }}
+  egress:
+    {{- toYaml .extra | nindent 4 }}
+  {{- end }}
+{{- end }}
+
--- a/cinny/values.yaml
+++ b/cinny/values.yaml
@ -85,6 +85,17 @@ service:
  type: ClusterIP
  port: 8080

+networkPolicy:
+  enabled: false
+  ingress:
+    # -- ingress for http port (e.g. ingress-controller)
+    http: []
+  egress:
+    # -- activate egress no networkpolicy
+    enabled: true
+    # -- egress rules
+    extra: []
+
 ingress:
  enabled: false
  className: ""