mirror of
https://github.com/nextcloud/all-in-one.git
synced 2024-12-26 08:41:07 +08:00
36 lines
862 B
YAML
Executable file
36 lines
862 B
YAML
Executable file
{{- if eq .Values.NETWORK_POLICY_ENABLED "yes" }}
|
|
# https://github.com/ahmetb/kubernetes-network-policy-recipes/blob/master/04-deny-traffic-from-other-namespaces.md
|
|
kind: NetworkPolicy
|
|
apiVersion: networking.k8s.io/v1
|
|
metadata:
|
|
namespace: "{{ .Values.NAMESPACE }}"
|
|
name: nextcloud-aio-deny-from-other-namespaces
|
|
spec:
|
|
podSelector:
|
|
matchLabels:
|
|
policyTypes:
|
|
- Ingress
|
|
- Egress
|
|
ingress:
|
|
- from:
|
|
- podSelector: {}
|
|
egress:
|
|
- {} # Allows all egress traffic
|
|
---
|
|
apiVersion: networking.k8s.io/v1
|
|
kind: NetworkPolicy
|
|
metadata:
|
|
namespace: "{{ .Values.NAMESPACE }}"
|
|
name: nextcloud-aio-webserver-allow
|
|
spec:
|
|
podSelector:
|
|
matchExpressions:
|
|
- key: io.kompose.service
|
|
operator: In
|
|
values:
|
|
- nextcloud-aio-apache
|
|
policyTypes:
|
|
- Ingress
|
|
ingress:
|
|
- {} # Allows all ingress traffic
|
|
{{- end }}
|