Skip to content

Commit

Permalink
Support custom ingress rules on the chart to support external Ingress (
Browse files Browse the repository at this point in the history
…#11829)

* Support custom ingress rules on the chart to allow external Ingress to reach pods

* Simplify values to be passed in with the helm --set flag
  • Loading branch information
chainchad authored Jan 22, 2024
1 parent f0543e6 commit dbcba88
Show file tree
Hide file tree
Showing 3 changed files with 50 additions and 27 deletions.
27 changes: 0 additions & 27 deletions charts/chainlink-cluster/templates/networkpolicy-default-deny.yaml

This file was deleted.

41 changes: 41 additions & 0 deletions charts/chainlink-cluster/templates/networkpolicy-default.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: default
spec:
podSelector:
matchLabels: {}
policyTypes:
- Ingress
- Egress
ingress:
{{- if and .Values.networkPolicyDefault.ingress.allowCustomCidrs (not (empty .Values.networkPolicyDefault.ingress.customCidrs)) }}
# Using a comma separated list to make it easy to pass in with:
# `helm template ... --set networkPolicyDefault.ingress.customCidrs=...`
{{- $cidrs := splitList "," .Values.networkPolicyDefault.ingress.customCidrs }}
- from:
{{- range $cidr := $cidrs }}
- ipBlock:
cidr: {{ $cidr | quote }}
{{- end }}
{{- else }}
# Deny all ingress if no rules are specified. Rules can still be specified in other templates.
- {}
{{- end }}
egress:
- to:
- namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: "{{ $.Release.Namespace }}"
- to:
- namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: kube-system
podSelector:
matchLabels:
k8s-app: kube-dns
ports:
- protocol: TCP
port: 53
- protocol: UDP
port: 53
9 changes: 9 additions & 0 deletions charts/chainlink-cluster/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -283,3 +283,12 @@ podAnnotations:
nodeSelector:
tolerations:
affinity:

# Configure the default network policy.
networkPolicyDefault:
ingress:
allowCustomCidrs: false
# String of comma separated CIDRs
customCidrs: null
# Example:
# customCidrs: "10.0.0.0/16,192.168.0.1/24"

0 comments on commit dbcba88

Please sign in to comment.