git.stella-ops.org/deploy/helm/stellaops/templates/networkpolicy.yaml

{{- if .Values.networkPolicy.enabled }}
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: {{ include "stellaops.fullname" . }}-default
  labels:
    {{- include "stellaops.labels" . | nindent 4 }}
spec:
  podSelector:
    matchLabels:
      {{- include "stellaops.selectorLabelsRoot" . | nindent 6 }}
  policyTypes:
    - Ingress
    - Egress
  ingress:
    - from:
        {{- if .Values.networkPolicy.ingressNamespaces }}
        - namespaceSelector:
            matchLabels:
              {{- toYaml .Values.networkPolicy.ingressNamespaces | nindent 14 }}
        {{- end }}
        {{- if .Values.networkPolicy.ingressPods }}
        - podSelector:
            matchLabels:
              {{- toYaml .Values.networkPolicy.ingressPods | nindent 14 }}
        {{- end }}
      ports:
        - protocol: TCP
          port: {{ default 80 .Values.networkPolicy.ingressPort }}
  egress:
    - to:
        {{- if .Values.networkPolicy.egressNamespaces }}
        - namespaceSelector:
            matchLabels:
              {{- toYaml .Values.networkPolicy.egressNamespaces | nindent 14 }}
        {{- end }}
        {{- if .Values.networkPolicy.egressPods }}
        - podSelector:
            matchLabels:
              {{- toYaml .Values.networkPolicy.egressPods | nindent 14 }}
        {{- end }}
      ports:
        - protocol: TCP
          port: {{ default 443 .Values.networkPolicy.egressPort }}
{{- end }}