diff --git a/ocrserver/Chart.yaml b/ocrserver/Chart.yaml index d056023..21e1345 100644 --- a/ocrserver/Chart.yaml +++ b/ocrserver/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: ocrserver description: Run OCR-Server type: application -version: "0.0.2" +version: "0.1.0" # renovate: image=otiai10/ocrserver appVersion: "1.1.0" maintainers: diff --git a/ocrserver/README.md b/ocrserver/README.md index dccd71d..7d6311f 100644 --- a/ocrserver/README.md +++ b/ocrserver/README.md @@ -7,7 +7,7 @@ description: "Run OCR-Server" # ocrserver -![Version: 0.0.2](https://img.shields.io/badge/Version-0.0.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.1.0](https://img.shields.io/badge/AppVersion-1.1.0-informational?style=flat-square) +![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.1.0](https://img.shields.io/badge/AppVersion-1.1.0-informational?style=flat-square) Run OCR-Server @@ -41,6 +41,18 @@ helm uninstall ocrserver-release ## Values +### NetworkPolicy + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| networkPolicy.egress.dns | list | `[{"namespaceSelector":{"matchLabels":{"kubernetes.io/metadata.name":"kube-system"}},"podSelector":{"matchLabels":{"k8s-app":"kube-dns"}}}]` | rule to access DNS | +| networkPolicy.egress.enabled | bool | `true` | activate egress no networkpolicy | +| networkPolicy.egress.http | list | `[]` | allow to http ports for fetch language | +| networkPolicy.enabled | bool | `false` | deploy networkpolicy | +| networkPolicy.ingress.http | list | `[]` | allow to http ports should be your ingress-controller | + +### Other Values + | Key | Type | Default | Description | |-----|------|---------|-------------| | affinity | object | `{}` | | @@ -86,7 +98,7 @@ helm uninstall ocrserver-release Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs) # ocrserver -![Version: 0.0.2](https://img.shields.io/badge/Version-0.0.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.1.0](https://img.shields.io/badge/AppVersion-1.1.0-informational?style=flat-square) +![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.1.0](https://img.shields.io/badge/AppVersion-1.1.0-informational?style=flat-square) Run OCR-Server @@ -98,6 +110,18 @@ Run OCR-Server ## Values +### NetworkPolicy + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| networkPolicy.egress.dns | list | `[{"namespaceSelector":{"matchLabels":{"kubernetes.io/metadata.name":"kube-system"}},"podSelector":{"matchLabels":{"k8s-app":"kube-dns"}}}]` | rule to access DNS | +| networkPolicy.egress.enabled | bool | `true` | activate egress no networkpolicy | +| networkPolicy.egress.http | list | `[]` | allow to http ports for fetch language | +| networkPolicy.enabled | bool | `false` | deploy networkpolicy | +| networkPolicy.ingress.http | list | `[]` | allow to http ports should be your ingress-controller | + +### Other Values + | Key | Type | Default | Description | |-----|------|---------|-------------| | affinity | object | `{}` | | diff --git a/ocrserver/templates/networkpolicy.yaml b/ocrserver/templates/networkpolicy.yaml new file mode 100644 index 0000000..783cbcd --- /dev/null +++ b/ocrserver/templates/networkpolicy.yaml @@ -0,0 +1,47 @@ +{{- with .Values.networkPolicy }} +{{- if .enabled }} +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: {{ include "ocrserver.fullname" $ }} + labels: + {{- include "ocrserver.labels" $ | nindent 4 }} +spec: + podSelector: + matchLabels: + {{- include "ocrserver.selectorLabels" $ | nindent 6 }} + policyTypes: + - Ingress + {{- if .egress.enabled }} + - Egress + {{- end }} + ingress: + {{- with .ingress.http }} + - ports: + - port: 8080 + protocol: TCP + from: + {{- toYaml . | nindent 8 }} + {{- end }}{{/* end-with .ingress.http */}} + + {{- with .egress }} + {{- if .enabled }} + egress: + {{- with .dns }} + - ports: + - port: 53 + protocol: UDP + to: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .http }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .extra }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- end }}{{/* end-if egress.enabled */}} + {{- end }}{{/* end-with .egress */}} +{{- end }} +{{- end }} diff --git a/ocrserver/values.yaml b/ocrserver/values.yaml index dcafa95..a748ffd 100644 --- a/ocrserver/values.yaml +++ b/ocrserver/values.yaml @@ -88,6 +88,32 @@ readinessProbe: path: /status port: http +networkPolicy: + # -- deploy networkpolicy + # @section -- NetworkPolicy + enabled: false + ingress: + # -- allow to http ports + # should be your ingress-controller + # @section -- NetworkPolicy + http: [] + egress: + # -- activate egress no networkpolicy + # @section -- NetworkPolicy + enabled: true + # -- allow to http ports for fetch language + # @section -- NetworkPolicy + http: [] + # -- rule to access DNS + # @section -- NetworkPolicy + dns: + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: kube-system + podSelector: + matchLabels: + k8s-app: kube-dns + # This section is for setting up autoscaling more information can be found here: https://kubernetes.io/docs/concepts/workloads/autoscaling/ autoscaling: enabled: false