Blame - charts/keycloak/templates/networkpolicy.yaml - atmosphere

blob: 81574ce97f122b11e4860b477376ed687a0244c7 [file] [log] [blame]

Oleksandr Kozachenko	b009349	2023-09-06 21:43:47 +0200	[diff] [blame]	1	{{- /*
Mohammed Naser	7d1623e	2024-06-17 09:12:39 -0400	[diff] [blame]	2	Copyright Broadcom, Inc. All Rights Reserved.
Oleksandr Kozachenko	b009349	2023-09-06 21:43:47 +0200	[diff] [blame]	3	SPDX-License-Identifier: APACHE-2.0
				4	*/}}
				5
				6	{{- if .Values.networkPolicy.enabled }}
				7	kind: NetworkPolicy
				8	apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }}
				9	metadata:
				10	name: {{ template "common.names.fullname" . }}
				11	namespace: {{ include "common.names.namespace" . \| quote }}
Mohammed Naser	65cda13	2024-05-02 14:34:08 -0400	[diff] [blame]	12	labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) \| nindent 4 }}
Oleksandr Kozachenko	b009349	2023-09-06 21:43:47 +0200	[diff] [blame]	13	app.kubernetes.io/component: keycloak
Oleksandr Kozachenko	b009349	2023-09-06 21:43:47 +0200	[diff] [blame]	14	{{- if .Values.commonAnnotations }}
				15	annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) \| nindent 4 }}
				16	{{- end }}
				17	spec:
Mohammed Naser	65cda13	2024-05-02 14:34:08 -0400	[diff] [blame]	18	{{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.podLabels .Values.commonLabels ) "context" . ) }}
Oleksandr Kozachenko	b009349	2023-09-06 21:43:47 +0200	[diff] [blame]	19	podSelector:
Mohammed Naser	65cda13	2024-05-02 14:34:08 -0400	[diff] [blame]	20	matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) \| nindent 6 }}
				21	app.kubernetes.io/component: keycloak
				22	policyTypes:
				23	- Ingress
				24	- Egress
				25	{{- if .Values.networkPolicy.allowExternalEgress }}
				26	egress:
				27	- {}
				28	{{- else }}
				29	egress:
				30	- ports:
				31	# Allow dns resolution
				32	- port: 53
				33	protocol: UDP
				34	- port: 53
				35	protocol: TCP
				36	{{- range $port := .Values.networkPolicy.kubeAPIServerPorts }}
				37	- port: {{ $port }}
				38	{{- end }}
				39	# Allow connection to PostgreSQL
				40	- ports:
				41	- port: {{ include "keycloak.databasePort" . \| trimAll "\"" \| int }}
				42	{{- if .Values.postgresql.enabled }}
				43	to:
				44	- podSelector:
				45	matchLabels:
				46	app.kubernetes.io/name: postgresql
				47	app.kubernetes.io/instance: {{ .Release.Name }}
				48	{{- end }}
				49	# Allow connection to other keycloak nodes
				50	- ports:
Mohammed Naser	7d1623e	2024-06-17 09:12:39 -0400	[diff] [blame]	51	{{- /* Constant in code: https://github.com/keycloak/keycloak/blob/ce8e925c1ad9bf7a3180d1496e181aeea0ab5f8a/operator/src/main/java/org/keycloak/operator/Constants.java#L60 */}}
				52	- port: 7800
Mohammed Naser	65cda13	2024-05-02 14:34:08 -0400	[diff] [blame]	53	- port: {{ .Values.containerPorts.http }}
				54	{{- if .Values.tls.enabled }}
				55	- port: {{ .Values.containerPorts.https }}
				56	{{- end }}
				57	to:
				58	- podSelector:
				59	matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) \| nindent 14 }}
				60	app.kubernetes.io/component: keycloak
				61	{{- if .Values.networkPolicy.extraEgress }}
				62	{{- include "common.tplvalues.render" ( dict "value" .Values.networkPolicy.extraEgress "context" $ ) \| nindent 4 }}
				63	{{- end }}
				64	{{- end }}
Oleksandr Kozachenko	b009349	2023-09-06 21:43:47 +0200	[diff] [blame]	65	ingress:
				66	- ports:
Mohammed Naser	7d1623e	2024-06-17 09:12:39 -0400	[diff] [blame]	67	{{- /* Constant in code: https://github.com/keycloak/keycloak/blob/ce8e925c1ad9bf7a3180d1496e181aeea0ab5f8a/operator/src/main/java/org/keycloak/operator/Constants.java#L60 */}}
				68	- port: 7800
Oleksandr Kozachenko	b009349	2023-09-06 21:43:47 +0200	[diff] [blame]	69	- port: {{ .Values.containerPorts.http }}
				70	{{- if .Values.tls.enabled }}
				71	- port: {{ .Values.containerPorts.https }}
				72	{{- end }}
				73	{{- if not .Values.networkPolicy.allowExternal }}
				74	from:
				75	- podSelector:
Mohammed Naser	65cda13	2024-05-02 14:34:08 -0400	[diff] [blame]	76	matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) \| nindent 14 }}
				77	- podSelector:
Oleksandr Kozachenko	b009349	2023-09-06 21:43:47 +0200	[diff] [blame]	78	matchLabels:
				79	{{ template "common.names.fullname" . }}-client: "true"
Mohammed Naser	65cda13	2024-05-02 14:34:08 -0400	[diff] [blame]	80	{{- if .Values.networkPolicy.ingressNSMatchLabels }}
				81	- namespaceSelector:
				82	matchLabels:
				83	{{- range $key, $value := .Values.networkPolicy.ingressNSMatchLabels }}
				84	{{ $key \| quote }}: {{ $value \| quote }}
				85	{{- end }}
				86	{{- if .Values.networkPolicy.ingressNSPodMatchLabels }}
				87	podSelector:
				88	matchLabels:
				89	{{- range $key, $value := .Values.networkPolicy.ingressNSPodMatchLabels }}
				90	{{ $key \| quote }}: {{ $value \| quote }}
				91	{{- end }}
				92	{{- end }}
Oleksandr Kozachenko	b009349	2023-09-06 21:43:47 +0200	[diff] [blame]	93	{{- end }}
				94	{{- end }}
Mohammed Naser	65cda13	2024-05-02 14:34:08 -0400	[diff] [blame]	95	{{- $extraIngress := coalesce .Values.networkPolicy.additionalRules .Values.networkPolicy.extraIngress }}
				96	{{- if $extraIngress }}
				97	{{- include "common.tplvalues.render" ( dict "value" $extraIngress "context" $ ) \| nindent 4 }}
				98	{{- end }}
Oleksandr Kozachenko	b009349	2023-09-06 21:43:47 +0200	[diff] [blame]	99	{{- end }}