From 9dac131ffd4c5b22dce883cc15220808ce6d6c02 Mon Sep 17 00:00:00 2001
From: WrenIX <dev@wrenix.eu>
Date: Thu, 22 Aug 2024 19:22:17 +0200
Subject: [PATCH] fix(jellyfin): add networkpolicy support

---
 jellyfin/Chart.yaml                   |  2 +-
 jellyfin/README.adoc                  | 22 ++++++++++++++++++++-
 jellyfin/templates/networkpolicy.yaml | 28 +++++++++++++++++++++++++++
 jellyfin/values.yaml                  | 11 +++++++++++
 4 files changed, 61 insertions(+), 2 deletions(-)
 create mode 100644 jellyfin/templates/networkpolicy.yaml

diff --git a/jellyfin/Chart.yaml b/jellyfin/Chart.yaml
index ec75b6d..ba1cded 100644
--- a/jellyfin/Chart.yaml
+++ b/jellyfin/Chart.yaml
@@ -3,7 +3,7 @@ name: jellyfin
 description: The Free Software Media System
 icon: https://raw.githubusercontent.com/jellyfin/jellyfin-ux/master/branding/SVG/icon-transparent.svg
 type: application
-version: 0.2.3
+version: 0.3.0
 # renovate: image=ghcr.io/jellyfin/jellyfin
 appVersion: "10.9.9"
 maintainers:
diff --git a/jellyfin/README.adoc b/jellyfin/README.adoc
index de793e0..388636e 100644
--- a/jellyfin/README.adoc
+++ b/jellyfin/README.adoc
@@ -2,7 +2,7 @@
 
 = jellyfin
 
-image::https://img.shields.io/badge/Version-0.2.3-informational?style=flat-square[Version: 0.2.3]
+image::https://img.shields.io/badge/Version-0.3.0-informational?style=flat-square[Version: 0.3.0]
 image::https://img.shields.io/badge/Version-application-informational?style=flat-square[Type: application]
 image::https://img.shields.io/badge/AppVersion-10.9.9-informational?style=flat-square[AppVersion: 10.9.9]
 == Maintainers
@@ -182,6 +182,26 @@ helm uninstall jellyfin-release
 | `""`
 |
 
+| networkPolicy.egress.enabled
+| bool
+| `true`
+| activate egress no networkpolicy
+
+| networkPolicy.egress.extra
+| list
+| `[]`
+| egress rules
+
+| networkPolicy.enabled
+| bool
+| `false`
+|
+
+| networkPolicy.ingress.http
+| list
+| `[]`
+| ingress for http port (e.g. ingress-controller, prometheus)
+
 | nodeSelector
 | object
 | `{}`
diff --git a/jellyfin/templates/networkpolicy.yaml b/jellyfin/templates/networkpolicy.yaml
new file mode 100644
index 0000000..ea76391
--- /dev/null
+++ b/jellyfin/templates/networkpolicy.yaml
@@ -0,0 +1,28 @@
+{{- if .Values.networkPolicy.enabled }}
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ include "jellyfin.fullname" . }}
+  labels:
+    {{- include "jellyfin.labels" . | nindent 4 }}
+spec:
+  podSelector:
+    matchLabels:
+      {{- include "jellyfin.selectorLabels" . | nindent 6 }}
+  policyTypes:
+    - Ingress
+    {{- if .Values.networkPolicy.egress.enabled }}
+    - Egress
+    {{- end }}
+  ingress:
+    - ports:
+        - port: {{ .Values.service.port }}
+          protocol: TCP
+      from:
+        {{- toYaml .Values.networkPolicy.ingress.http | nindent 8 }}
+  {{- with .Values.networkPolicy.egress }}
+  egress:
+    {{- toYaml .extra | nindent 4 }}
+  {{- end }}
+{{- end }}
diff --git a/jellyfin/values.yaml b/jellyfin/values.yaml
index b221226..d668303 100644
--- a/jellyfin/values.yaml
+++ b/jellyfin/values.yaml
@@ -84,6 +84,17 @@ grafana:
       grafana_dashboard: "1"
     annotations: {}
 
+networkPolicy:
+  enabled: false
+  ingress:
+    # -- ingress for http port (e.g. ingress-controller, prometheus)
+    http: []
+  egress:
+    # -- activate egress no networkpolicy
+    enabled: true
+    # -- egress rules
+    extra: []
+
 ingress:
   enabled: false
   className: ""