chart/templates/flower/flower-networkpolicy.yaml - airflow - Git at Google

 # Licensed to the Apache Software Foundation (ASF) under one
 # or more contributor license agreements.  See the NOTICE file
 # distributed with this work for additional information
 # regarding copyright ownership.  The ASF licenses this file
 # to you under the Apache License, Version 2.0 (the
 # "License"); you may not use this file except in compliance
 # with the License.  You may obtain a copy of the License at
 #
 #   http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing,
 # software distributed under the License is distributed on an
 # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 # KIND, either express or implied.  See the License for the
 # specific language governing permissions and limitations
 # under the License.

 ################################
 ## Airflow Flower NetworkPolicy
 #################################
 {{- if .Values.flower.enabled }}
 {{- $celery_executors := list "CeleryExecutor" "CeleryKubernetesExecutor"}}
 {{- if and .Values.networkPolicies.enabled (has .Values.executor $celery_executors) }}
 {{- $from := or .Values.flower.networkPolicy.ingress.from .Values.flower.extraNetworkPolicies }}
 apiVersion: networking.k8s.io/v1
 kind: NetworkPolicy
 metadata:
   name: {{ .Release.Name }}-flower-policy
   labels:
     tier: airflow
     component: airflow-flower-policy
     release: {{ .Release.Name }}
     chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
     heritage: {{ .Release.Service }}
 {{- with .Values.labels }}
 {{ toYaml . | indent 4 }}
 {{- end }}
 spec:
   podSelector:
     matchLabels:
       tier: airflow
       component: flower
       release: {{ .Release.Name }}
   policyTypes:
     - Ingress
 {{- if $from }}
   ingress:
     - from:
 {{ toYaml $from | indent 6 }}
       ports:
       {{ range .Values.flower.networkPolicy.ingress.ports }}
         -
           {{- range $key, $val := . }}
           {{ $key }}: {{ tpl (toString $val) $ }}
           {{- end }}
       {{- end }}
 {{- end }}
 {{- end }}
 {{- end }}
	# Licensed to the Apache Software Foundation (ASF) under one
	# or more contributor license agreements. See the NOTICE file
	# distributed with this work for additional information
	# regarding copyright ownership. The ASF licenses this file
	# to you under the Apache License, Version 2.0 (the
	# "License"); you may not use this file except in compliance
	# with the License. You may obtain a copy of the License at
	#
	# http://www.apache.org/licenses/LICENSE-2.0
	#
	# Unless required by applicable law or agreed to in writing,
	# software distributed under the License is distributed on an
	# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	# KIND, either express or implied. See the License for the
	# specific language governing permissions and limitations
	# under the License.

	################################
	## Airflow Flower NetworkPolicy
	#################################
	{{- if .Values.flower.enabled }}
	{{- $celery_executors := list "CeleryExecutor" "CeleryKubernetesExecutor"}}
	{{- if and .Values.networkPolicies.enabled (has .Values.executor $celery_executors) }}
	{{- $from := or .Values.flower.networkPolicy.ingress.from .Values.flower.extraNetworkPolicies }}
	apiVersion: networking.k8s.io/v1
	kind: NetworkPolicy
	metadata:
	name: {{ .Release.Name }}-flower-policy
	labels:
	tier: airflow
	component: airflow-flower-policy
	release: {{ .Release.Name }}
	chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
	heritage: {{ .Release.Service }}
	{{- with .Values.labels }}
	{{ toYaml . \| indent 4 }}
	{{- end }}
	spec:
	podSelector:
	matchLabels:
	tier: airflow
	component: flower
	release: {{ .Release.Name }}
	policyTypes:
	- Ingress
	{{- if $from }}
	ingress:
	- from:
	{{ toYaml $from \| indent 6 }}
	ports:
	{{ range .Values.flower.networkPolicy.ingress.ports }}
	-
	{{- range $key, $val := . }}
	{{ $key }}: {{ tpl (toString $val) $ }}
	{{- end }}
	{{- end }}
	{{- end }}
	{{- end }}
	{{- end }}