mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-31 03:45:17 +00:00
Code Activity

networkPolicy customization (#2334)

Browse source 
* networkpolicy customization

Signed-off-by: Namanl2001 <namanlakhwani@gmail.com>

* allow configuring matchLabels, added metrics-port

Signed-off-by: Namanl2001 <namanlakhwani@gmail.com>

* check metricsService.create

Signed-off-by: Namanl2001 <namanlakhwani@gmail.com>
This commit is contained in:
Naman Lakhwani 2021-09-09 06:51:56 +05:30 committed by GitHub
parent 2a375fa1b5
commit dfd9a8d604
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 25 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

21
charts/kyverno/templates/networkpolicy.yaml
View file

@ -14,7 +14,28 @@ spec:
- Ingress
ingress:
- from:
{{- with .Values.networkPolicy }}
namespaceSelector:
matchExpressions:
{{- toYaml .namespaceExpressions | nindent 8 }}
matchLabels:
{{- range $key, $value := .namespaceLabels }}
{{ $key | quote }}: {{ $value | quote }}
{{- end }}
podSelector:
matchExpressions:
{{- toYaml .podExpressions | nindent 8 }}
matchLabels:
{{- range $key, $value := .podLabels }}
{{ $key | quote }}: {{ $value | quote }}
{{- end }}
{{- end }}
ports:
- protocol: TCP
port: 9443 # webhook access
# Allow prometheus scrapes for metrics
{{- if .Values.metricsService.create }}
- ports:
- port: {{ .Values.metricsService.port }}
{{- end }}
{{- end }}

4
charts/kyverno/values.yaml
View file

@ -218,3 +218,7 @@ createSelfSignedCert: false
# policies in a default-deny setup.
networkPolicy:
enabled: false
namespaceExpressions: [{}]
namespaceLabels: {}
podExpressions: [{}]
podLabels: {}