diff --git a/ntfy/Chart.yaml b/ntfy/Chart.yaml index 4465760..20e2081 100644 --- a/ntfy/Chart.yaml +++ b/ntfy/Chart.yaml @@ -3,7 +3,7 @@ name: ntfy description: A Helm chart for Kubernetes icon: https://github.com/binwiederhier/ntfy/raw/main/web/public/static/images/pwa-512x512.png type: application -version: 0.3.2 +version: 0.4.0 # renovate: image=docker.io/binwiederhier/ntfy appVersion: "2.11.0" maintainers: diff --git a/ntfy/README.adoc b/ntfy/README.adoc index b3f3c06..12e646e 100644 --- a/ntfy/README.adoc +++ b/ntfy/README.adoc @@ -2,7 +2,7 @@ = ntfy -image::https://img.shields.io/badge/Version-0.3.2-informational?style=flat-square[Version: 0.3.2] +image::https://img.shields.io/badge/Version-0.4.0-informational?style=flat-square[Version: 0.4.0] image::https://img.shields.io/badge/Version-application-informational?style=flat-square[Type: application] image::https://img.shields.io/badge/AppVersion-2.11.0-informational?style=flat-square[AppVersion: 2.11.0] == Maintainers @@ -167,6 +167,36 @@ helm uninstall ntfy-release | `""` | +| networkPolicy.egress.enabled +| bool +| `true` +| activate egress no networkpolicy + +| networkPolicy.egress.extra +| list +| `[]` +| egress rules + +| networkPolicy.enabled +| bool +| `false` +| + +| networkPolicy.ingress.http +| list +| `[]` +| ingress for http port (e.g. ingress-controller) + +| networkPolicy.ingress.metrics +| list +| `[]` +| ingress for metrics port (e.g. prometheus) + +| networkPolicy.ingress.smtp +| list +| `[]` +| ingress for smtp + | nodeSelector | object | `{}` diff --git a/ntfy/templates/deployment.yaml b/ntfy/templates/deployment.yaml index 7636ccc..3e16e91 100644 --- a/ntfy/templates/deployment.yaml +++ b/ntfy/templates/deployment.yaml @@ -63,9 +63,11 @@ spec: containerPort: {{ .Values.ntfy.metrics.port }} protocol: TCP {{- end }} + {{- if .Values.service.smtp.enabled }} - name: smtp containerPort: {{ .Values.service.smtp.port }} protocol: TCP + {{- end }} livenessProbe: httpGet: path: /v1/health diff --git a/ntfy/templates/networkpolicy.yaml b/ntfy/templates/networkpolicy.yaml new file mode 100644 index 0000000..a6c1a75 --- /dev/null +++ b/ntfy/templates/networkpolicy.yaml @@ -0,0 +1,44 @@ +{{- if .Values.networkPolicy.enabled }} +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: {{ include "ntfy.fullname" . }} + labels: + {{- include "ntfy.labels" . | nindent 4 }} +spec: + podSelector: + matchLabels: + {{- include "ntfy.selectorLabels" . | nindent 6 }} + policyTypes: + - Ingress + {{- if .Values.networkPolicy.egress.enabled }} + - Egress + {{- end }} + ingress: + {{- with .Values.networkPolicy.ingress.http }} + - ports: + - port: {{ $.Values.service.http.port }} + protocol: TCP + from: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- if and .Values.ntfy.metrics.enable .Values.networkPolicy.ingress.metrics }} + - ports: + - port: {{ .Values.ntfy.metrics.port }} + protocol: TCP + from: + {{- toYaml .Values.networkPolicy.ingress.metrics | nindent 8 }} + {{- end }} + {{- if and .Values.service.smtp.enabled .Values.networkPolicy.ingress.smtp }} + - ports: + - port: {{ .Values.service.smtp.port }} + protocol: TCP + from: + {{- toYaml .Values.networkPolicy.ingress.smtp | nindent 8 }} + {{- end }} + {{- with .Values.networkPolicy.egress }} + egress: + {{- toYaml .extra | nindent 4 }} + {{- end }} +{{- end }} diff --git a/ntfy/values.yaml b/ntfy/values.yaml index b352db2..7a592a8 100644 --- a/ntfy/values.yaml +++ b/ntfy/values.yaml @@ -187,6 +187,21 @@ service: type: LoadBalancer port: 25 +networkPolicy: + enabled: false + ingress: + # -- ingress for http port (e.g. ingress-controller) + http: [] + # -- ingress for metrics port (e.g. prometheus) + metrics: [] + # -- ingress for smtp + smtp: [] + egress: + # -- activate egress no networkpolicy + enabled: true + # -- egress rules + extra: [] + ingress: enabled: false className: ""