46 lines
1.4 KiB
YAML
46 lines
1.4 KiB
YAML
{{- if .Values.container.enabled -}}
|
|
{{- if .Values.container.networkPolicy.enabled -}}
|
|
apiVersion: networking.k8s.io/v1
|
|
kind: NetworkPolicy
|
|
metadata:
|
|
name: {{ include "falcon-sensor.fullname" . }}-default-deny-ingress
|
|
namespace: {{ .Release.Namespace }}
|
|
labels:
|
|
app: {{ include "falcon-sensor.name" . }}
|
|
app.kubernetes.io/name: {{ include "falcon-sensor.name" . }}
|
|
app.kubernetes.io/instance: {{ .Release.Name }}
|
|
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
|
app.kubernetes.io/component: "container_sensor"
|
|
crowdstrike.com/provider: crowdstrike
|
|
helm.sh/chart: {{ include "falcon-sensor.chart" . }}
|
|
spec:
|
|
podSelector: {}
|
|
policyTypes:
|
|
- Ingress
|
|
---
|
|
apiVersion: networking.k8s.io/v1
|
|
kind: NetworkPolicy
|
|
metadata:
|
|
name: {{ include "falcon-sensor.fullname" . }}-network-policy
|
|
namespace: {{ .Release.Namespace }}
|
|
labels:
|
|
app: {{ include "falcon-sensor.name" . }}
|
|
app.kubernetes.io/name: {{ include "falcon-sensor.name" . }}
|
|
app.kubernetes.io/instance: {{ .Release.Name }}
|
|
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
|
app.kubernetes.io/component: "container_sensor"
|
|
crowdstrike.com/provider: crowdstrike
|
|
helm.sh/chart: {{ include "falcon-sensor.chart" . }}
|
|
spec:
|
|
ingress:
|
|
- from:
|
|
- podSelector:
|
|
matchLabels:
|
|
component: apiserver
|
|
provider: kubernetes
|
|
podSelector: {}
|
|
policyTypes:
|
|
- Ingress
|
|
{{- end -}}
|
|
{{- end -}}
|