Merge "Make network policy template a little more generic"

2019-05-02 18:37:33 +00:00
parent 309bc587d5 d052381b4e
commit 6a43cc527c
1 changed files with 69 additions and 20 deletions
--- a/helm-toolkit/templates/manifests/_network_policy.tpl
+++ b/helm-toolkit/templates/manifests/_network_policy.tpl
@@ -18,14 +18,29 @@ abstract: |
 values: |
  network_policy:
    myLabel:
+      podSelector:
+        matchLabels:
+          component: api
      ingress:
-        - from:
-          - podSelector:
-              matchLabels:
-                application: keystone
-          ports:
-          - protocol: TCP
-            port: 80
+      - from:
+        - podSelector:
+            matchLabels:
+              application: keystone
+        ports:
+        - protocol: TCP
+          port: 80
+      egress:
+      - ports:
+        - port: 53
+          protocol: UDP
+        to:
+        - namespaceSelector:
+            matchLabels:
+              name: kube-system
+          podSelector:
+            matchLabels:
+              application: kubernetes
+              component: coredns
 usage: |
  {{ dict "envAll" . "name" "application" "label" "myLabel" | include "helm-toolkit.manifests.kubernetes_network_policy" }}
 return: |
@@ -42,16 +57,25 @@ return: |
    podSelector:
      matchLabels:
        application: myLabel
+        component: api
    ingress:
-      - from:
-        - podSelector:
-            matchLabels:
-              application: keystone
-        ports:
-        - protocol: TCP
-          port: 80
+    - from:
+      - podSelector:
+          matchLabels:
+            application: keystone
+      ports:
+      - protocol: TCP
+        port: 80
    egress:
-      - {}
+    - ports:
+      - port: 53
+        protocol: UDP
+      to:
+      - namespaceSelector: {}
+        podSelector:
+          matchLabels:
+            application: kubernetes
+            component: coredns
 */}}

 {{- define "helm-toolkit.manifests.kubernetes_network_policy" -}}
@@ -65,18 +89,43 @@ metadata:
  name: {{ $label }}-netpol
  namespace: {{ $envAll.Release.Namespace }}
 spec:
-  policyTypes:
-    - Egress
 {{- if hasKey (index $envAll.Values "network_policy") $label }}
-{{- if index $envAll.Values.network_policy $label "ingress" }}
-    - Ingress
+  policyTypes:
+{{ $is_egress := false }}
+{{- if hasKey (index $envAll.Values.network_policy $label) "policyTypes" }}
+{{- if has "Egress" (index $envAll.Values.network_policy $label "policyTypes") }}
+{{ $is_egress = true }}
+{{- end }}
+{{- end }}
+{{ if or $is_egress (index $envAll.Values.network_policy $label "egress") }}
+   - Egress
+{{- end }}
+{{ $is_ingress := false }}
+{{- if hasKey (index $envAll.Values.network_policy $label) "policyTypes" }}
+{{- if has "Ingress" (index $envAll.Values.network_policy $label "policyTypes") }}
+{{ $is_ingress = true }}
+{{- end }}
+{{- end }}
+{{ if or $is_ingress (index $envAll.Values.network_policy $label "ingress") }}
+   - Ingress
 {{- end }}
 {{- end }}
  podSelector:
    matchLabels:
      {{ $name }}: {{ $label }}
+{{- if hasKey (index $envAll.Values "network_policy") $label }}
+{{- if hasKey (index $envAll.Values.network_policy $label) "podSelector" }}
+{{- if index $envAll.Values.network_policy $label "podSelector" "matchLabels" }}
+{{ index $envAll.Values.network_policy $label "podSelector" "matchLabels" | toYaml | indent 6 }}
+{{ end }}
+{{ end }}
+{{ end }}
+{{- if hasKey (index $envAll.Values "network_policy") $label }}
+{{- if index $envAll.Values.network_policy $label "egress" }}
  egress:
-    - {}
+{{ index $envAll.Values.network_policy $label "egress" | toYaml | indent 4 }}
+{{- end }}
+{{- end }}
 {{- if hasKey (index $envAll.Values "network_policy") $label }}
 {{- if index $envAll.Values.network_policy $label "ingress" }}
  ingress: