52 lines
1.2 KiB
YAML
52 lines
1.2 KiB
YAML
{{- if .Values.networkPolicy -}}
|
|
{{- if .Values.networkPolicy.enabled -}}
|
|
apiVersion: {{ include "cost-analyzer.networkPolicy.apiVersion" . }}
|
|
kind: NetworkPolicy
|
|
{{- if .Values.networkPolicy.denyEgress }}
|
|
metadata:
|
|
name: deny-egress
|
|
namespace: {{ .Release.Namespace }}
|
|
labels:
|
|
{{- include "cost-analyzer.commonLabels" . | nindent 4 }}
|
|
spec:
|
|
podSelector:
|
|
matchLabels:
|
|
{{- include "cost-analyzer.selectorLabels" . | nindent 6 }}
|
|
policyTypes:
|
|
- Egress
|
|
egress:
|
|
- to:
|
|
- namespaceSelector: {}
|
|
{{- else }}
|
|
{{- if .Values.networkPolicy.sameNamespace}}
|
|
metadata:
|
|
name: shared-namespace
|
|
namespace: {{ default "kubecost" .Values.networkPolicy.namespace}}
|
|
spec:
|
|
podSelector:
|
|
matchLabels:
|
|
app: prometheus
|
|
component: server
|
|
{{- else }}
|
|
metadata:
|
|
name: closed-traffic
|
|
namespace: {{ default "kubecost" .Values.networkPolicy.namespace}}
|
|
spec:
|
|
podSelector:
|
|
matchLabels:
|
|
app.kubernetes.io/name: cost-analyzer
|
|
{{- end }}
|
|
policyTypes:
|
|
- Ingress
|
|
ingress:
|
|
- from:
|
|
- podSelector:
|
|
matchLabels:
|
|
app.kubernetes.io/name: cost-analyzer
|
|
- namespaceSelector:
|
|
matchLabels:
|
|
name: k8s-kubecost
|
|
{{- end }}
|
|
{{- end -}}
|
|
{{- end -}}
|