feat(helm): changes to knp to add more specific network rules. (#1676)

bcgov · Dec 2, 2023 · 6467cd0 · 6467cd0
1 parent 785264d
commit 6467cd0
Showing 1 changed file with 40 additions and 6 deletions.
diff --git a/charts/quickstart-openshift/templates/knp.yaml b/charts/quickstart-openshift/templates/knp.yaml
@@ -2,10 +2,13 @@
 apiVersion: networking.k8s.io/v1
 kind: NetworkPolicy
 metadata:
- name: {{ .Release.Name }}-openshift-ingress
+ name: {{ .Release.Name }}-openshift-ingress-to-frontend
  labels: {{- include "selectorLabels" . | nindent 4 }}
 spec:
- podSelector: {}
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/name: frontend
+ app.kubernetes.io/instance: {{ .Release.Name }}
  ingress:
  - from:
  - namespaceSelector:
@@ -17,13 +20,44 @@ spec:
 apiVersion: networking.k8s.io/v1
 kind: NetworkPolicy
 metadata:
- name: {{ .Release.Name }}-allow-same-namespace
+ name: {{ .Release.Name }}-allow-backend-to-db
  labels: {{- include "selectorLabels" . | nindent 4 }}
 spec:
- podSelector: {}
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/name: {{ .Values.global.databaseAlias}}
+ app.kubernetes.io/instance: {{ .Release.Name }}
  ingress:
- - from:
- - podSelector: {}
+ - ports:
+ - protocol: TCP
+ port: 5432
+ from:
+ - podSelector:
+ matchLabels:
+ app.kubernetes.io/name: backend
+ app.kubernetes.io/instance: {{ .Release.Name }}
  policyTypes:
  - Ingress
 
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+ name: {{ .Release.Name }}-allow-frontend-to-backend
+ labels: {{- include "selectorLabels" . | nindent 4 }}
+spec:
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/name: backend
+ app.kubernetes.io/instance: {{ .Release.Name }}
+ ingress:
+ - ports:
+ - protocol: TCP
+ port: 3000
+ from:
+ - podSelector:
+ matchLabels:
+ app.kubernetes.io/name: frontend
+ app.kubernetes.io/instance: {{ .Release.Name }}
+ policyTypes:
+ - Ingress