2024-07-22 21:43:04 +08:00
|
|
|
{{- if eq .Values.NETWORK_POLICY_ENABLED "yes" }}
|
|
|
|
|
# https://github.com/ahmetb/kubernetes-network-policy-recipes/blob/master/04-deny-traffic-from-other-namespaces.md
|
|
|
|
|
kind: NetworkPolicy
|
|
|
|
|
apiVersion: networking.k8s.io/v1
|
|
|
|
|
metadata:
|
|
|
|
|
namespace: "{{ .Values.NAMESPACE }}"
|
|
|
|
|
name: nextcloud-aio-deny-from-other-namespaces
|
|
|
|
|
spec:
|
|
|
|
|
podSelector:
|
|
|
|
|
matchLabels:
|
2024-07-25 21:27:50 +08:00
|
|
|
policyTypes:
|
|
|
|
|
- Ingress
|
|
|
|
|
- Egress
|
2024-07-22 21:43:04 +08:00
|
|
|
ingress:
|
|
|
|
|
- from:
|
|
|
|
|
- podSelector: {}
|
2024-07-25 21:27:50 +08:00
|
|
|
egress:
|
2024-11-05 18:40:43 +08:00
|
|
|
- {} # Allows all egress traffic
|
|
|
|
|
---
|
|
|
|
|
apiVersion: networking.k8s.io/v1
|
|
|
|
|
kind: NetworkPolicy
|
|
|
|
|
metadata:
|
|
|
|
|
namespace: "{{ .Values.NAMESPACE }}"
|
|
|
|
|
name: nextcloud-aio-webserver-allow
|
|
|
|
|
spec:
|
|
|
|
|
podSelector:
|
|
|
|
|
matchExpressions:
|
|
|
|
|
- key: io.kompose.service
|
|
|
|
|
operator: In
|
|
|
|
|
values:
|
|
|
|
|
- nextcloud-aio-apache
|
|
|
|
|
policyTypes:
|
|
|
|
|
- Ingress
|
|
|
|
|
ingress:
|
|
|
|
|
- {} # Allows all ingress traffic
|
2024-07-22 21:43:04 +08:00
|
|
|
{{- end }}
|
