From 5835b9ce56e9aefe8fbc7443e3704d220fdb772b Mon Sep 17 00:00:00 2001 From: jehutyy Date: Mon, 15 Jul 2024 16:18:20 +0200 Subject: [PATCH 1/2] Add default network policy that allows network ingress inside psmdb namespace and between psmdb namespace and percona-mongodb operator's namespace. --- charts/psmdb-db/templates/extraObjects.yaml | 9 ++++++ charts/psmdb-db/templates/networkPolicy.yaml | 34 ++++++++++++++++++++ charts/psmdb-db/values.yaml | 10 ++++++ 3 files changed, 53 insertions(+) create mode 100644 charts/psmdb-db/templates/extraObjects.yaml create mode 100644 charts/psmdb-db/templates/networkPolicy.yaml diff --git a/charts/psmdb-db/templates/extraObjects.yaml b/charts/psmdb-db/templates/extraObjects.yaml new file mode 100644 index 00000000..129f19f4 --- /dev/null +++ b/charts/psmdb-db/templates/extraObjects.yaml @@ -0,0 +1,9 @@ +{{ range .Values.extraObjects }} +--- +{{- if typeIs "string" . }} + {{- tpl . $ }} +{{- else }} + {{- tpl (toYaml .) $ }} +{{- end }} +{{ end }} + diff --git a/charts/psmdb-db/templates/networkPolicy.yaml b/charts/psmdb-db/templates/networkPolicy.yaml new file mode 100644 index 00000000..50933362 --- /dev/null +++ b/charts/psmdb-db/templates/networkPolicy.yaml @@ -0,0 +1,34 @@ +{{ if .Values.networkPolicy.enabled }} +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: allow-ingress-psmdb-operator +spec: + podSelector: {} + policyTypes: + - Ingress + ingress: + - from: + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: {{ .Values.networkPolicy.operatorNamespace }} + ports: + - port: 27017 +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: allow-ingress-in-namespace +spec: + podSelector: {} + policyTypes: + - Ingress + ingress: + - from: + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: {{ .Release.Namespace }} + ports: + - port: 27017 +{{ end }} diff --git a/charts/psmdb-db/values.yaml b/charts/psmdb-db/values.yaml index 608de5ef..a628b87c 100644 --- a/charts/psmdb-db/values.yaml +++ b/charts/psmdb-db/values.yaml @@ -591,3 +591,13 @@ backup: # PMM_SERVER_API_KEY: apikey # # PMM_SERVER_USER: admin # # PMM_SERVER_PASSWORD: admin + +networkPolicy: + ## Set as psmdb-operator namespace + #operatorNamespace: FIXME + enabled: false + +extraObjects: [] +# - apiVersion: plop +# spec: +# foo: bar From 862f56a161d8e7262faba43fc49196be457889f3 Mon Sep 17 00:00:00 2001 From: jehutyy Date: Mon, 15 Jul 2024 16:22:07 +0200 Subject: [PATCH 2/2] Bump chart version --- charts/psmdb-db/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/psmdb-db/Chart.yaml b/charts/psmdb-db/Chart.yaml index 6be4bce7..405bdc5d 100644 --- a/charts/psmdb-db/Chart.yaml +++ b/charts/psmdb-db/Chart.yaml @@ -3,7 +3,7 @@ appVersion: "1.16.1" description: A Helm chart for installing Percona Server MongoDB Cluster Databases using the PSMDB Operator. name: psmdb-db home: https://www.percona.com/doc/kubernetes-operator-for-psmongodb/index.html -version: 1.16.2 +version: 1.16.3 maintainers: - name: tplavcic email: tomislav.plavcic@percona.com