Add default network policy that allows network ingress inside psmdb namespace and between psmdb namespace and percona-mongodb operator's namespace.

jehutyy · jehutyy · commit 5835b9ce56e9 · 2024-07-15T16:31:22.000+02:00
diff --git a/charts/psmdb-db/templates/extraObjects.yaml b/charts/psmdb-db/templates/extraObjects.yaml
@@ -0,0 +1,9 @@
+{{ range .Values.extraObjects }}
+---
+{{- if typeIs "string" . }}
+    {{- tpl . $ }}
+{{- else }}
+    {{- tpl (toYaml .) $ }}
+{{- end }}
+{{ end }}
+
diff --git a/charts/psmdb-db/templates/networkPolicy.yaml b/charts/psmdb-db/templates/networkPolicy.yaml
@@ -0,0 +1,34 @@
+{{ if .Values.networkPolicy.enabled }}
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: allow-ingress-psmdb-operator
+spec:
+  podSelector: {}
+  policyTypes:
+    - Ingress
+  ingress:
+    - from:
+      - namespaceSelector:
+          matchLabels:
+            kubernetes.io/metadata.name: {{ .Values.networkPolicy.operatorNamespace }}
+      ports:
+        - port: 27017
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: allow-ingress-in-namespace
+spec:
+  podSelector: {}
+  policyTypes:
+    - Ingress
+  ingress:
+    - from:
+      - namespaceSelector:
+          matchLabels:
+            kubernetes.io/metadata.name: {{ .Release.Namespace }}
+      ports:
+        - port: 27017
+{{ end }}
diff --git a/charts/psmdb-db/values.yaml b/charts/psmdb-db/values.yaml
@@ -591,3 +591,13 @@ backup:
 #   PMM_SERVER_API_KEY: apikey
 #   # PMM_SERVER_USER: admin
 #   # PMM_SERVER_PASSWORD: admin
+
+networkPolicy:
+  ## Set as psmdb-operator namespace
+  #operatorNamespace: FIXME
+  enabled: false
+
+extraObjects: []
+#  - apiVersion: plop
+#    spec:
+#      foo: bar
