From 2f8bfe25e35273ab0cb8a51670ad55a96715be4f Mon Sep 17 00:00:00 2001 From: cesarg <59477015+cesarempathy@users.noreply.github.com> Date: Mon, 6 Mar 2023 17:13:14 +0100 Subject: [PATCH 1/9] add network policies --- charts/networkpolicies/.helmignore | 23 ++++++ charts/networkpolicies/Chart.yaml | 24 ++++++ charts/networkpolicies/templates/_helpers.tpl | 59 ++++++++++++++ .../templates/networkpolicy-atlas-rules.yaml | 43 ++++++++++ .../templates/networkpolicy-aws-rules.yaml | 43 ++++++++++ .../templates/networkpolicy.yaml | 81 +++++++++++++++++++ charts/networkpolicies/values-test.yaml | 63 +++++++++++++++ charts/networkpolicies/values.yaml | 25 ++++++ 8 files changed, 361 insertions(+) create mode 100644 charts/networkpolicies/.helmignore create mode 100644 charts/networkpolicies/Chart.yaml create mode 100644 charts/networkpolicies/templates/_helpers.tpl create mode 100644 charts/networkpolicies/templates/networkpolicy-atlas-rules.yaml create mode 100644 charts/networkpolicies/templates/networkpolicy-aws-rules.yaml create mode 100644 charts/networkpolicies/templates/networkpolicy.yaml create mode 100644 charts/networkpolicies/values-test.yaml create mode 100644 charts/networkpolicies/values.yaml diff --git a/charts/networkpolicies/.helmignore b/charts/networkpolicies/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/charts/networkpolicies/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/networkpolicies/Chart.yaml b/charts/networkpolicies/Chart.yaml new file mode 100644 index 0000000..a77ac60 --- /dev/null +++ b/charts/networkpolicies/Chart.yaml @@ -0,0 +1,24 @@ +apiVersion: v2 +name: networkpolicies +description: A Helm chart for Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "0.1.0" diff --git a/charts/networkpolicies/templates/_helpers.tpl b/charts/networkpolicies/templates/_helpers.tpl new file mode 100644 index 0000000..113a816 --- /dev/null +++ b/charts/networkpolicies/templates/_helpers.tpl @@ -0,0 +1,59 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "networkpolicies.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "networkpolicies.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "networkpolicies.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "networkpolicies.labels" -}} +helm.sh/chart: {{ include "networkpolicies.chart" . }} +{{ include "networkpolicies.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "networkpolicies.selectorLabels" -}} +app.kubernetes.io/name: {{ include "networkpolicies.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + + +{{/* +Return the appropriate apiVersion for the object +*/}} +{{- define "apiVersion" -}} +{{- default "networking.k8s.io/v1" .Values.apiVersion -}} +{{- end -}} \ No newline at end of file diff --git a/charts/networkpolicies/templates/networkpolicy-atlas-rules.yaml b/charts/networkpolicies/templates/networkpolicy-atlas-rules.yaml new file mode 100644 index 0000000..aac50a8 --- /dev/null +++ b/charts/networkpolicies/templates/networkpolicy-atlas-rules.yaml @@ -0,0 +1,43 @@ +{{ if .Values.mongoAtlas.enabled }} +kind: NetworkPolicy +apiVersion: {{ include "apiVersion" . }} +metadata: + name: {{ include "networkpolicies.name" . }}-atlas +{{- if .Values.annotations }} + annotations: +{{ toYaml .Values.annotations | indent 4}} +{{- end }} + labels: + {{- include "networkpolicies.labels" . | nindent 4 }} +{{- if .Values.labels }} +{{ toYaml .Values.labels | indent 4 }} +{{- end }} +spec: +{{- if .Values.podSelector }} + podSelector: + matchLabels: +{{ toYaml .Values.podSelector.matchLabels | indent 7 }} +{{- end }} +{{- if or (eq .Values.aws.s3 true) (eq .Values.aws.kinesis true) (eq .Values.aws.sns true) (eq .Values.aws.sqs true)}} + policyTypes: + - Egress + egress: + - to: + - ipBlock: + cidr: + - 0.0.0.0/0 + ports: + - protocol: TCP + port: 443 +{{- end }} + +{{- if eq .Values.aws.redis true }} + - to: + - ipBlock: + cidr: + - {{ .Values.aws.redisCIDR }} + ports: + - protocol: TCP + port: {{ .Values.aws.redisPort }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/networkpolicies/templates/networkpolicy-aws-rules.yaml b/charts/networkpolicies/templates/networkpolicy-aws-rules.yaml new file mode 100644 index 0000000..b5c2df7 --- /dev/null +++ b/charts/networkpolicies/templates/networkpolicy-aws-rules.yaml @@ -0,0 +1,43 @@ +{{ if .Values.aws.enabled }} +kind: NetworkPolicy +apiVersion: {{ include "apiVersion" . }} +metadata: + name: {{ include "networkpolicies.name" . }}-aws +{{- if .Values.annotations }} + annotations: +{{ toYaml .Values.annotations | indent 4}} +{{- end }} + labels: + {{- include "networkpolicies.labels" . | nindent 4 }} +{{- if .Values.labels }} +{{ toYaml .Values.labels | indent 4 }} +{{- end }} +spec: +{{- if .Values.podSelector }} + podSelector: + matchLabels: +{{ toYaml .Values.podSelector.matchLabels | indent 7 }} +{{- end }} +{{- if or (eq .Values.aws.s3 true) (eq .Values.aws.kinesis true) (eq .Values.aws.sns true) (eq .Values.aws.sqs true)}} + policyTypes: + - Egress + egress: + - to: + - ipBlock: + cidr: + - 0.0.0.0/0 + ports: + - protocol: TCP + port: 443 +{{- end }} + +{{- if eq .Values.aws.redis true }} + - to: + - ipBlock: + cidr: + - {{ .Values.aws.redisCIDR }} + ports: + - protocol: TCP + port: {{ .Values.aws.redisPort }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/networkpolicies/templates/networkpolicy.yaml b/charts/networkpolicies/templates/networkpolicy.yaml new file mode 100644 index 0000000..9a4bc9b --- /dev/null +++ b/charts/networkpolicies/templates/networkpolicy.yaml @@ -0,0 +1,81 @@ +kind: NetworkPolicy +apiVersion: {{ include "apiVersion" . }} +metadata: + name: {{ include "networkpolicies.name" . }} +{{- if .Values.annotations }} + annotations: +{{ toYaml .Values.annotations | indent 4}} +{{- end }} + labels: + {{- include "networkpolicies.labels" . | nindent 4 }} +{{- if .Values.labels }} +{{ toYaml .Values.labels | indent 4 }} +{{- end }} +spec: +{{- if .Values.podSelector }} + podSelector: + matchLabels: +{{ toYaml .Values.podSelector.matchLabels | indent 7 }} +{{- end }} +{{- if or .Values.ingressRules .Values.egressRules }} + policyTypes: +{{- if .Values.ingressRules }} + - Ingress +{{- end }} +{{- if .Values.egressRules }} + - Egress +{{- end }} +{{- end }} +{{- if .Values.egressRules }} + egress: +{{- range $rule := .Values.egressRules }} + - to: +{{ toYaml $rule.selectors | indent 9 }} + ports: +{{ toYaml $rule.ports | indent 9 }} +{{- end }} +{{- end }} +{{- if .Values.ingressRules }} + ingress: +{{- range $rule := .Values.ingressRules }} + - from: +{{ toYaml $rule.selectors | indent 7 }} + ports: +{{ toYaml $rule.ports | indent 9 }} +{{- end }} +{{- end }} +--- +{{- if .Values.dns }} +kind: NetworkPolicy +apiVersion: {{ include "apiVersion" . }} +metadata: + name: {{ include "networkpolicies.name" . }}-dns +{{- if .Values.annotations }} + annotations: +{{ toYaml .Values.annotations | indent 4}} +{{- end }} + labels: + {{- include "networkpolicies.labels" . | nindent 4 }} +{{- if .Values.labels }} +{{ toYaml .Values.labels | indent 4 }} +{{- end }} +spec: + podSelector: + matchLabels: +{{ toYaml .Values.podSelector.matchLabels | indent 7 }} + policyTypes: + - Egress + egress: + - ports: + - port: 53 + protocol: UDP + - port: 53 + protocol: TCP + to: + - podSelector: + matchLabels: + app: {{ .Values.dns.app }} + - namespaceSelector: + matchLabels: + name: {{ .Values.dns.namespace }} +{{- end }} \ No newline at end of file diff --git a/charts/networkpolicies/values-test.yaml b/charts/networkpolicies/values-test.yaml new file mode 100644 index 0000000..5d48073 --- /dev/null +++ b/charts/networkpolicies/values-test.yaml @@ -0,0 +1,63 @@ +# Default values for networkpolicies. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. +nameOverride: "" +fullnameOverride: "" +podSelector: + matchLabels: + app.kubernetes.io/name: networkpolicies + app.kubernetes.io/instance: networkpolicies +egressRules: +- selectors: + - ipBlock: + cidr: 0.0.0.0/0 + ports: + # S3 and ingress + - port: 443 + protocol: TCP + # Redis +- selectors: + - namespaceSelector: {} + podSelector: + matchLabels: + empathy.co/component: test-service + ports: + - port: 8080 + protocol: TCP +ingressRules: +- selectors: + - namespaceSelector: {} + podSelector: + matchLabels: + empathy.co/np-connect-tagging-service: true +# Ingress + - namespaceSelector: {} + podSelector: + matchLabels: + app.kubernetes.io/name: ingress-nginx + ports: + - port: 8080 + protocol: TCP +- selectors: + - namespaceSelector: {} + podSelector: + matchLabels: + release: prometheus + app: prometheus-operator +dns: + namespace: kube-system + app: kube-dns +aws: + enabled: false + s3: false + kinesis: false + sqs: false + sns: false + redis: false + redisCIDR: 0.0.0.0/0 + redisPort: 6379 +mongoAtlas: + enabled: false + cidr: 0.0.0.0/0 + port: 27017 + diff --git a/charts/networkpolicies/values.yaml b/charts/networkpolicies/values.yaml new file mode 100644 index 0000000..db13d0a --- /dev/null +++ b/charts/networkpolicies/values.yaml @@ -0,0 +1,25 @@ +# Default values for networkpolicies. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. +nameOverride: "" +fullnameOverride: "" +egressRules: [] +ingressRules: [] +dns: + namespace: kube-system + app: kube-dns +aws: + enabled: true + dns: true + s3: false + kinesis: false + sqs: false + sns: false + redis: false + redisCIDR: 0.0.0.0/0 + redisPort: 6379 +mongoAtlas: + enabled: true + cidr: 0.0.0.0/0 + port: 27017 + From 9b107b92e1910f9351955d1dc9ac7ffd083d2b05 Mon Sep 17 00:00:00 2001 From: cesarempathy Date: Mon, 6 Mar 2023 16:13:54 +0000 Subject: [PATCH 2/9] [Automatic] - Update chart list --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 84e0d42..4bdfd63 100644 --- a/README.md +++ b/README.md @@ -36,4 +36,5 @@ Following the list complete list of supported Helm Charts: * devlake * elasticsearch-umbrella * imagepullsecret-patcher +* networkpolicies * yace-exporter \ No newline at end of file From 693438adf1df3000a24e838a269d82e51d3227b6 Mon Sep 17 00:00:00 2001 From: cesarg <59477015+cesarempathy@users.noreply.github.com> Date: Mon, 6 Mar 2023 17:15:14 +0100 Subject: [PATCH 3/9] add documentation --- charts/networkpolicies/README.md | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) create mode 100644 charts/networkpolicies/README.md diff --git a/charts/networkpolicies/README.md b/charts/networkpolicies/README.md new file mode 100644 index 0000000..8feff3f --- /dev/null +++ b/charts/networkpolicies/README.md @@ -0,0 +1,31 @@ +# networkpolicies + +![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.1.0](https://img.shields.io/badge/AppVersion-0.1.0-informational?style=flat-square) + +A Helm chart for Kubernetes + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| aws.dns | bool | `true` | | +| aws.enabled | bool | `true` | | +| aws.kinesis | bool | `false` | | +| aws.redis | bool | `false` | | +| aws.redisCIDR | string | `"0.0.0.0/0"` | | +| aws.redisPort | int | `6379` | | +| aws.s3 | bool | `false` | | +| aws.sns | bool | `false` | | +| aws.sqs | bool | `false` | | +| dns.app | string | `"kube-dns"` | | +| dns.namespace | string | `"kube-system"` | | +| egressRules | list | `[]` | | +| fullnameOverride | string | `""` | | +| ingressRules | list | `[]` | | +| mongoAtlas.cidr | string | `"0.0.0.0/0"` | | +| mongoAtlas.enabled | bool | `true` | | +| mongoAtlas.port | int | `27017` | | +| nameOverride | string | `""` | | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.10.0](https://github.com/norwoodj/helm-docs/releases/v1.10.0) From 4495ac2820baa7532ab161db5a6e9115145e8deb Mon Sep 17 00:00:00 2001 From: cesarg <59477015+cesarempathy@users.noreply.github.com> Date: Tue, 7 Mar 2023 11:47:45 +0100 Subject: [PATCH 4/9] fix indexation --- .../templates/networkpolicy-aws-rules.yaml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/charts/networkpolicies/templates/networkpolicy-aws-rules.yaml b/charts/networkpolicies/templates/networkpolicy-aws-rules.yaml index b5c2df7..8de5aa8 100644 --- a/charts/networkpolicies/templates/networkpolicy-aws-rules.yaml +++ b/charts/networkpolicies/templates/networkpolicy-aws-rules.yaml @@ -32,12 +32,12 @@ spec: {{- end }} {{- if eq .Values.aws.redis true }} - - to: - - ipBlock: - cidr: - - {{ .Values.aws.redisCIDR }} - ports: - - protocol: TCP - port: {{ .Values.aws.redisPort }} + - to: + - ipBlock: + cidr: + - {{ .Values.aws.redisCIDR }} + ports: + - protocol: TCP + port: {{ .Values.aws.redisPort }} {{- end }} {{- end }} \ No newline at end of file From 35f51a9c6bfeb75b38e4515093ed7561a7809e32 Mon Sep 17 00:00:00 2001 From: cesarg <59477015+cesarempathy@users.noreply.github.com> Date: Tue, 7 Mar 2023 11:49:01 +0100 Subject: [PATCH 5/9] fix indexation --- .../templates/networkpolicy-atlas-rules.yaml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/charts/networkpolicies/templates/networkpolicy-atlas-rules.yaml b/charts/networkpolicies/templates/networkpolicy-atlas-rules.yaml index aac50a8..91a6569 100644 --- a/charts/networkpolicies/templates/networkpolicy-atlas-rules.yaml +++ b/charts/networkpolicies/templates/networkpolicy-atlas-rules.yaml @@ -32,12 +32,12 @@ spec: {{- end }} {{- if eq .Values.aws.redis true }} - - to: - - ipBlock: - cidr: - - {{ .Values.aws.redisCIDR }} - ports: - - protocol: TCP - port: {{ .Values.aws.redisPort }} + - to: + - ipBlock: + cidr: + - {{ .Values.aws.redisCIDR }} + ports: + - protocol: TCP + port: {{ .Values.aws.redisPort }} {{- end }} {{- end }} \ No newline at end of file From 01536a7edc00426a69564fd4141a708bcb4f4f48 Mon Sep 17 00:00:00 2001 From: cesarg <59477015+cesarempathy@users.noreply.github.com> Date: Tue, 7 Mar 2023 11:50:03 +0100 Subject: [PATCH 6/9] change default values --- charts/networkpolicies/values.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/networkpolicies/values.yaml b/charts/networkpolicies/values.yaml index db13d0a..48ddb2d 100644 --- a/charts/networkpolicies/values.yaml +++ b/charts/networkpolicies/values.yaml @@ -9,8 +9,8 @@ dns: namespace: kube-system app: kube-dns aws: - enabled: true - dns: true + enabled: false + dns: false s3: false kinesis: false sqs: false @@ -19,7 +19,7 @@ aws: redisCIDR: 0.0.0.0/0 redisPort: 6379 mongoAtlas: - enabled: true + enabled: false cidr: 0.0.0.0/0 port: 27017 From 65f154fed32af17f2afcecf84b75f207c5b64301 Mon Sep 17 00:00:00 2001 From: cesarg <59477015+cesarempathy@users.noreply.github.com> Date: Tue, 7 Mar 2023 11:53:50 +0100 Subject: [PATCH 7/9] update readme --- charts/networkpolicies/README.md | 20 +++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) diff --git a/charts/networkpolicies/README.md b/charts/networkpolicies/README.md index 8feff3f..c6a4a7e 100644 --- a/charts/networkpolicies/README.md +++ b/charts/networkpolicies/README.md @@ -8,8 +8,8 @@ A Helm chart for Kubernetes | Key | Type | Default | Description | |-----|------|---------|-------------| -| aws.dns | bool | `true` | | -| aws.enabled | bool | `true` | | +| aws.dns | bool | `false` | | +| aws.enabled | bool | `false` | | | aws.kinesis | bool | `false` | | | aws.redis | bool | `false` | | | aws.redisCIDR | string | `"0.0.0.0/0"` | | @@ -19,13 +19,23 @@ A Helm chart for Kubernetes | aws.sqs | bool | `false` | | | dns.app | string | `"kube-dns"` | | | dns.namespace | string | `"kube-system"` | | -| egressRules | list | `[]` | | +| egressRules | list | `[]` | [example](#rules) | | fullnameOverride | string | `""` | | -| ingressRules | list | `[]` | | +| ingressRules | list | `[]` | [example](#rules) | | mongoAtlas.cidr | string | `"0.0.0.0/0"` | | -| mongoAtlas.enabled | bool | `true` | | +| mongoAtlas.enabled | bool | `false` | | | mongoAtlas.port | int | `27017` | | | nameOverride | string | `""` | | ---------------------------------------------- Autogenerated from chart metadata using [helm-docs v1.10.0](https://github.com/norwoodj/helm-docs/releases/v1.10.0) + +## Rules + +```yaml +- selectors: + - namespaceSelector: {} + podSelector: + matchLabels: + empathy.co/component: test-service +``` \ No newline at end of file From 66d639415c428f35f13213b80734d5abb460e91e Mon Sep 17 00:00:00 2001 From: cesarg <59477015+cesarempathy@users.noreply.github.com> Date: Tue, 7 Mar 2023 11:55:18 +0100 Subject: [PATCH 8/9] update readme --- charts/networkpolicies/README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/networkpolicies/README.md b/charts/networkpolicies/README.md index c6a4a7e..8642310 100644 --- a/charts/networkpolicies/README.md +++ b/charts/networkpolicies/README.md @@ -27,9 +27,6 @@ A Helm chart for Kubernetes | mongoAtlas.port | int | `27017` | | | nameOverride | string | `""` | | ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.10.0](https://github.com/norwoodj/helm-docs/releases/v1.10.0) - ## Rules ```yaml @@ -38,4 +35,7 @@ Autogenerated from chart metadata using [helm-docs v1.10.0](https://github.com/n podSelector: matchLabels: empathy.co/component: test-service + ports: + - protocol: TCP + port: 80 ``` \ No newline at end of file From 764b2bf227d2b6c14abbbf29de874bdf3968b5cd Mon Sep 17 00:00:00 2001 From: cesarg <59477015+cesarempathy@users.noreply.github.com> Date: Tue, 7 Mar 2023 11:55:18 +0100 Subject: [PATCH 9/9] update readme --- charts/networkpolicies/README.md | 6 +-- charts/networkpolicies/values-test.yaml | 63 ------------------------- 2 files changed, 3 insertions(+), 66 deletions(-) delete mode 100644 charts/networkpolicies/values-test.yaml diff --git a/charts/networkpolicies/README.md b/charts/networkpolicies/README.md index c6a4a7e..8642310 100644 --- a/charts/networkpolicies/README.md +++ b/charts/networkpolicies/README.md @@ -27,9 +27,6 @@ A Helm chart for Kubernetes | mongoAtlas.port | int | `27017` | | | nameOverride | string | `""` | | ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.10.0](https://github.com/norwoodj/helm-docs/releases/v1.10.0) - ## Rules ```yaml @@ -38,4 +35,7 @@ Autogenerated from chart metadata using [helm-docs v1.10.0](https://github.com/n podSelector: matchLabels: empathy.co/component: test-service + ports: + - protocol: TCP + port: 80 ``` \ No newline at end of file diff --git a/charts/networkpolicies/values-test.yaml b/charts/networkpolicies/values-test.yaml deleted file mode 100644 index 5d48073..0000000 --- a/charts/networkpolicies/values-test.yaml +++ /dev/null @@ -1,63 +0,0 @@ -# Default values for networkpolicies. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. -nameOverride: "" -fullnameOverride: "" -podSelector: - matchLabels: - app.kubernetes.io/name: networkpolicies - app.kubernetes.io/instance: networkpolicies -egressRules: -- selectors: - - ipBlock: - cidr: 0.0.0.0/0 - ports: - # S3 and ingress - - port: 443 - protocol: TCP - # Redis -- selectors: - - namespaceSelector: {} - podSelector: - matchLabels: - empathy.co/component: test-service - ports: - - port: 8080 - protocol: TCP -ingressRules: -- selectors: - - namespaceSelector: {} - podSelector: - matchLabels: - empathy.co/np-connect-tagging-service: true -# Ingress - - namespaceSelector: {} - podSelector: - matchLabels: - app.kubernetes.io/name: ingress-nginx - ports: - - port: 8080 - protocol: TCP -- selectors: - - namespaceSelector: {} - podSelector: - matchLabels: - release: prometheus - app: prometheus-operator -dns: - namespace: kube-system - app: kube-dns -aws: - enabled: false - s3: false - kinesis: false - sqs: false - sns: false - redis: false - redisCIDR: 0.0.0.0/0 - redisPort: 6379 -mongoAtlas: - enabled: false - cidr: 0.0.0.0/0 - port: 27017 -