GHP publish

2021-01-17 04:09:41 +03:00
commit 9fe2c2adf2
457 changed files with 40068 additions and 0 deletions
--- a/nextcloud/charts/redis/templates/networkpolicy.yaml
+++ b/nextcloud/charts/redis/templates/networkpolicy.yaml
@@ -0,0 +1,74 @@
+{{- if .Values.networkPolicy.enabled }}
+kind: NetworkPolicy
+apiVersion: {{ template "networkPolicy.apiVersion" . }}
+metadata:
+  name: {{ template "redis.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app: {{ template "redis.name" . }}
+    chart: {{ template "redis.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+spec:
+  podSelector:
+    matchLabels:
+      app: {{ template "redis.name" . }}
+      release: {{ .Release.Name }}
+  {{- if .Values.cluster.enabled }}
+  policyTypes:
+    - Ingress
+    - Egress
+  egress:
+    # Allow dns resolution
+    - ports:
+        - port: 53
+          protocol: UDP
+    # Allow outbound connections to other cluster pods
+    - ports:
+        - port: {{ .Values.redisPort }}
+        {{- if .Values.sentinel.enabled }}
+        - port: {{ .Values.sentinel.port }}
+        {{- end }}
+      to:
+        - podSelector:
+            matchLabels:
+              app: {{ template "redis.name" . }}
+              release: {{ .Release.Name }}
+  {{- end }}
+  ingress:
+    # Allow inbound connections
+    - ports:
+        - port: {{ .Values.redisPort }}
+        {{- if .Values.sentinel.enabled }}
+        - port: {{ .Values.sentinel.port }}
+        {{- end }}
+      {{- if not .Values.networkPolicy.allowExternal }}
+      from:
+        - podSelector:
+            matchLabels:
+              {{ template "redis.fullname" . }}-client: "true"
+        - podSelector:
+            matchLabels:
+              app: {{ template "redis.name" . }}
+              release: {{ .Release.Name }}
+        {{- if .Values.networkPolicy.ingressNSMatchLabels }}
+        - namespaceSelector:
+            matchLabels:
+              {{- range $key, $value := .Values.networkPolicy.ingressNSMatchLabels }}
+              {{ $key | quote }}: {{ $value | quote }}
+              {{- end }}
+          {{- if .Values.networkPolicy.ingressNSPodMatchLabels }}
+          podSelector:
+            matchLabels:
+              {{- range $key, $value := .Values.networkPolicy.ingressNSPodMatchLabels }}
+              {{ $key | quote }}: {{ $value | quote }}
+              {{- end }}
+          {{- end }}
+        {{- end }}
+        {{- end }}
+    {{- if .Values.metrics.enabled }}
+    # Allow prometheus scrapes for metrics
+    - ports:
+        - port: 9121
+    {{- end }}
+{{- end }}