mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-05 15:37:19 +00:00
Code Activity

Ensure Helm chart networkpolicy is valid by default (#2827)

Browse source 
Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu>

Co-authored-by: shuting <shutting06@gmail.com>
Signed-off-by: ShutingZhao <shuting@nirmata.com>
This commit is contained in:
treydock 2021-12-15 08:43:05 -05:00 committed by shuting
parent d96da73460
commit f2d37aa467
3 changed files with 27 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
charts/kyverno/ci/test-networkpolicy.yaml Normal file
View file

@ -0,0 +1,3 @@
---
networkPolicy:
enabled: true

30
charts/kyverno/templates/networkpolicy.yaml
View file

@ -12,30 +12,44 @@ spec:
app: kyverno app: kyverno
policyTypes: policyTypes:
- Ingress - Ingress
{{- if or .Values.networkPolicy.namespaceExpressions .Values.networkPolicy.namespaceLabels .Values.networkPolicy.podExpressions .Values.networkPolicy.podLabels }}
ingress: ingress:
- from: - from:
{{- with .Values.networkPolicy }} {{- if or .Values.networkPolicy.namespaceExpressions .Values.networkPolicy.namespaceLabels }}
- namespaceSelector: - namespaceSelector:
{{- with .Values.networkPolicy.namespaceExpressions }}
matchExpressions: matchExpressions:
{{- toYaml .namespaceExpressions | nindent 10 }} {{- toYaml . | nindent 10 }}
{{- end }}
{{- with .Values.networkPolicy.namespaceLabels }}
matchLabels: matchLabels:
{{- range $key, $value := .namespaceLabels }} {{- range $key, $value := . }}
{{ $key | quote }}: {{ $value | quote }} {{ $key | quote }}: {{ $value | quote }}
{{- end }} {{- end }}
{{- end }}
{{- end }}
{{- if or .Values.networkPolicy.podExpressions .Values.networkPolicy.podLabels }}
podSelector: podSelector:
{{- with .Values.networkPolicy.podExpressions }}
matchExpressions: matchExpressions:
{{- toYaml .podExpressions | nindent 10 }} {{- toYaml . | nindent 10 }}
{{- end }}
{{- with .Values.networkPolicy.podLabels }}
matchLabels: matchLabels:
{{- range $key, $value := .podLabels }} {{- range $key, $value := . }}
{{ $key | quote }}: {{ $value | quote }} {{ $key | quote }}: {{ $value | quote }}
{{- end }} {{- end }}
{{- end }} {{- end }}
{{- end }}
ports: ports:
- protocol: TCP - protocol: TCP
port: 9443 # webhook access port: 9443 # webhook access
# Allow prometheus scrapes for metrics # Allow prometheus scrapes for metrics
{{- if .Values.metricsService.create }} {{- if .Values.metricsService.create }}
- ports: - protocol: TCP
- port: {{ .Values.metricsService.port }} port: {{ .Values.metricsService.port }}
{{- end }}
{{- else }}
ingress: {}
{{- end }} {{- end }}
{{- end }} {{- end }}

4
charts/kyverno/values.yaml
View file

@ -247,7 +247,7 @@ installCRDs: true
# policies in a default-deny setup. # policies in a default-deny setup.
networkPolicy: networkPolicy:
enabled: false enabled: false
namespaceExpressions: [{}] namespaceExpressions: []
namespaceLabels: {} namespaceLabels: {}
podExpressions: [{}] podExpressions: []
podLabels: {} podLabels: {}