mirror of
https://github.com/D4M13N-D3V/comissions-app-argocd.git
synced 2025-11-04 03:25:13 +00:00
80 lines
3.2 KiB
YAML
80 lines
3.2 KiB
YAML
{{- /*
|
|
Copyright VMware, Inc.
|
|
SPDX-License-Identifier: APACHE-2.0
|
|
*/}}
|
|
|
|
{{- if .Values.primary.networkPolicy.enabled }}
|
|
kind: NetworkPolicy
|
|
apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }}
|
|
metadata:
|
|
name: {{ include "postgresql.v1.readReplica.fullname" . }}
|
|
namespace: {{ include "common.names.namespace" . | quote }}
|
|
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
|
|
app.kubernetes.io/component: read
|
|
{{- if .Values.commonAnnotations }}
|
|
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
|
|
{{- end }}
|
|
spec:
|
|
{{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.primary.podLabels .Values.commonLabels ) "context" . ) }}
|
|
podSelector:
|
|
matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }}
|
|
app.kubernetes.io/component: read
|
|
policyTypes:
|
|
- Ingress
|
|
- Egress
|
|
{{- if .Values.primary.networkPolicy.allowExternalEgress }}
|
|
egress:
|
|
- {}
|
|
{{- else }}
|
|
egress:
|
|
# Allow dns resolution
|
|
- ports:
|
|
- port: 53
|
|
protocol: UDP
|
|
- port: 53
|
|
protocol: TCP
|
|
# Allow outbound connections to primary
|
|
- ports:
|
|
- port: {{ include "postgresql.v1.service.port" . }}
|
|
- port: {{ .Values.containerPorts.postgresql }}
|
|
to:
|
|
- podSelector:
|
|
matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 14 }}
|
|
app.kubernetes.io/component: primary
|
|
{{- if .Values.primary.networkPolicy.extraEgress }}
|
|
{{- include "common.tplvalues.render" ( dict "value" .Values.primary.networkPolicy.extraEgress "context" $ ) | nindent 4 }}
|
|
{{- end }}
|
|
{{- end }}
|
|
ingress:
|
|
- ports:
|
|
- port: {{ .Values.containerPorts.postgresql }}
|
|
{{- if .Values.metrics.enabled }}
|
|
- port: {{ .Values.metrics.containerPorts.metrics }}
|
|
{{- end }}
|
|
{{- if not .Values.primary.networkPolicy.allowExternal }}
|
|
from:
|
|
- podSelector:
|
|
matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 14 }}
|
|
- podSelector:
|
|
matchLabels:
|
|
{{ template "postgresql.v1.primary.fullname" . }}-client: "true"
|
|
{{- if .Values.primary.networkPolicy.ingressNSMatchLabels }}
|
|
- namespaceSelector:
|
|
matchLabels:
|
|
{{- range $key, $value := .Values.primary.networkPolicy.ingressNSMatchLabels }}
|
|
{{ $key | quote }}: {{ $value | quote }}
|
|
{{- end }}
|
|
{{- if .Values.primary.networkPolicy.ingressNSPodMatchLabels }}
|
|
podSelector:
|
|
matchLabels:
|
|
{{- range $key, $value := .Values.primary.networkPolicy.ingressNSPodMatchLabels }}
|
|
{{ $key | quote }}: {{ $value | quote }}
|
|
{{- end }}
|
|
{{- end }}
|
|
{{- end }}
|
|
{{- end }}
|
|
{{- if .Values.primary.networkPolicy.extraIngress }}
|
|
{{- include "common.tplvalues.render" ( dict "value" .Values.primary.networkPolicy.extraIngress "context" $ ) | nindent 4 }}
|
|
{{- end }}
|
|
{{- end }}
|