Support custom ingress rules on the chart to allow external Ingress t…

…o reach pods
smartcontractkit · Jan 19, 2024 · 9895b10 · 9895b10
1 parent ed0b614
commit 9895b10
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 1 deletion.
diff --git a/...templates/networkpolicy-default-deny.yaml → ...ster/templates/networkpolicy-default.yaml b/...templates/networkpolicy-default-deny.yaml → ...ster/templates/networkpolicy-default.yaml
@@ -1,13 +1,19 @@
 apiVersion: networking.k8s.io/v1
 kind: NetworkPolicy
 metadata:
-  name: default-deny
+  name: default
 spec:
   podSelector:
     matchLabels: {}
   policyTypes:
     - Ingress
     - Egress
+  ingress:
+  {{- if .Values.ingress.rules }}
+    {{- toYaml .Values.ingress.rules | nindent 4 }}
+  {{- else }}
+  - {}  # Deny all ingress if no rules are specified. Rules can still be specified in other templates.
+  {{- end }}
   egress:
     - to:
         - namespaceSelector:

diff --git a/charts/chainlink-cluster/values.yaml b/charts/chainlink-cluster/values.yaml
@@ -283,3 +283,15 @@ podAnnotations:
 nodeSelector:
 tolerations:
 affinity:
+
+# Configure the default network policy.
+networkPolicyDefault:
+  ingress:
+    rules: []
+    # Example to enable specific ingress rules:
+    # rules:
+    #   - from:
+    #       - ipBlock:
+    #           cidr: "192.168.1.0/24"
+    #       - ipBlock:
+    #           cidr: "10.0.0.0/16"