diff --git a/charts/guacamole/templates/controller/controller-network.yaml b/charts/guacamole/templates/controller/controller-network.yaml new file mode 100644 index 0000000..066f48e --- /dev/null +++ b/charts/guacamole/templates/controller/controller-network.yaml @@ -0,0 +1,27 @@ +kind: NetworkPolicy +apiVersion: networking.k8s.io/v1 +metadata: + name: {{ include "guacamole.fullname" . }}-controller-network + labels: + app: {{ include "guacamole.labels.app" . }} + chart: {{ include "guacamole.labels.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + podSelector: + matchLabels: + cnpg.io/cluster: {{ include "guacamole.fullname" . }}-controller + policyTypes: + - Ingress + - Egress + + egress: + - to: + - podSelector: + matchLabels: + app: {{ include "guacamole.labels.app" . }} + component: web + release: {{ .Release.Name }} + - podSelector: + matchLabels: + cnpg.io/cluster: {{ include "guacamole.fullname" . }}-database \ No newline at end of file diff --git a/charts/guacamole/templates/database/database-network.yaml b/charts/guacamole/templates/database/database-network.yaml new file mode 100644 index 0000000..b641435 --- /dev/null +++ b/charts/guacamole/templates/database/database-network.yaml @@ -0,0 +1,34 @@ +kind: NetworkPolicy +apiVersion: networking.k8s.io/v1 +metadata: + name: {{ include "guacamole.fullname" . }}-database + labels: + app: {{ include "guacamole.labels.app" . }} + chart: {{ include "guacamole.labels.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + podSelector: + matchLabels: + app: {{ include "guacamole.labels.app" . }} + component: database + release: {{ .Release.Name }} + policyTypes: + - Ingress + - Egress + + ingress: + - from: + - podSelector: + matchLabels: + app: {{ include "guacamole.labels.app" . }} + component: web + release: {{ .Release.Name }} + - podSelector: + matchLabels: + cnpg.io/cluster: {{ include "guacamole.fullname" . }}-database + - podSelector: + matchLabels: + app: {{ include "guacamole.labels.app" . }} + component: controller + release: {{ .Release.Name }} \ No newline at end of file diff --git a/charts/guacamole/templates/guacd/guacd-network.yaml b/charts/guacamole/templates/guacd/guacd-network.yaml new file mode 100644 index 0000000..61293d2 --- /dev/null +++ b/charts/guacamole/templates/guacd/guacd-network.yaml @@ -0,0 +1,29 @@ +kind: NetworkPolicy +apiVersion: networking.k8s.io/v1 +metadata: + name: {{ include "guacamole.fullname" . }}-guacd + labels: + app: {{ include "guacamole.labels.app" . }} + chart: {{ include "guacamole.labels.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + podSelector: + matchLabels: + matchLabels: + app: {{ include "guacamole.labels.app" . }} + component: guacd + release: {{ .Release.Name }} + policyTypes: + - Ingress + - Egress + + ingress: + - from: + - podSelector: + matchLabels: + app: {{ include "guacamole.labels.app" . }} + component: web + release: {{ .Release.Name }} + egress: + - {} \ No newline at end of file diff --git a/charts/guacamole/templates/web/web-network.yaml b/charts/guacamole/templates/web/web-network.yaml new file mode 100644 index 0000000..75728bd --- /dev/null +++ b/charts/guacamole/templates/web/web-network.yaml @@ -0,0 +1,28 @@ +kind: NetworkPolicy +apiVersion: networking.k8s.io/v1 +metadata: + name: {{ include "guacamole.fullname" . }}-web + labels: + app: {{ include "guacamole.labels.app" . }} + chart: {{ include "guacamole.labels.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + podSelector: + matchLabels: + app: {{ include "guacamole.labels.app" . }} + component: web + release: {{ .Release.Name }} + policyTypes: + - Ingress + - Egress + + ingress: + - from: + - podSelector: + matchLabels: + app: {{ include "guacamole.labels.app" . }} + component: controller + release: {{ .Release.Name }} + egress: + - {} \ No newline at end of file