| {{- if .Values.networkPolicy.enabled }} |
| apiVersion: networking.k8s.io/v1 |
| kind: NetworkPolicy |
| metadata: |
| name: {{ include "dubbo-admin.fullname" . }} |
| namespace: {{ include "dubbo-admin.namespace" . }} |
| labels: |
| {{- include "dubbo-admin.labels" . | nindent 4 }} |
| {{- with .Values.labels }} |
| {{- toYaml . | nindent 4 }} |
| {{- end }} |
| {{- with .Values.annotations }} |
| annotations: |
| {{- toYaml . | nindent 4 }} |
| {{- end }} |
| spec: |
| policyTypes: |
| {{- if .Values.networkPolicy.ingress }} |
| - Ingress |
| {{- end }} |
| {{- if .Values.networkPolicy.egress.enabled }} |
| - Egress |
| {{- end }} |
| podSelector: |
| matchLabels: |
| {{- include "dubbo-admin.selectorLabels" . | nindent 6 }} |
| |
| {{- if .Values.networkPolicy.egress.enabled }} |
| egress: |
| - ports: |
| {{ .Values.networkPolicy.egress.ports | toJson }} |
| {{- end }} |
| {{- if .Values.networkPolicy.ingress }} |
| ingress: |
| - ports: |
| - port: {{ .Values.service.targetPort }} |
| {{- if not .Values.networkPolicy.allowExternal }} |
| from: |
| - podSelector: |
| matchLabels: |
| {{ include "dubbo-admin.fullname" . }}-client: "true" |
| {{- with .Values.networkPolicy.explicitNamespacesSelector }} |
| - namespaceSelector: |
| {{- toYaml . | nindent 12 }} |
| {{- end }} |
| - podSelector: |
| matchLabels: |
| {{- include "dubbo-admin.labels" . | nindent 14 }} |
| role: read |
| {{- end }} |
| {{- end }} |
| {{- end }} |