clearml-helm-charts/dependency_charts/elasticsearch/templates/networkpolicy.yaml

{{- if (or .Values.networkPolicy.http.enabled .Values.networkPolicy.transport.enabled) }}
kind: NetworkPolicy
apiVersion: networking.k8s.io/v1
metadata:
  name: {{ template "elasticsearch.uname" . }}
  labels:
    heritage: {{ .Release.Service | quote }}
    release: {{ .Release.Name | quote }}
    chart: "{{ .Chart.Name }}"
    app: "{{ template "elasticsearch.uname" . }}"
spec:
  podSelector:
    matchLabels:
      app: "{{ template "elasticsearch.uname" . }}"
  ingress:  # Allow inbound connections

{{- if .Values.networkPolicy.http.enabled }}
    # For HTTP access
    - ports:
      - port: {{ .Values.httpPort }}
      from:
        # From authorized Pods (having the correct label)
        - podSelector:
            matchLabels:
              {{ template "elasticsearch.uname" . }}-http-client: "true"
{{- with .Values.networkPolicy.http.explicitNamespacesSelector }}
          # From authorized namespaces
          namespaceSelector:
{{ toYaml . | indent 12 }}
{{- end }}
{{- with .Values.networkPolicy.http.additionalRules }}
            # Or from custom additional rules
{{ toYaml . | indent 8 }}
{{- end }}
{{- end }}

{{- if .Values.networkPolicy.transport.enabled }}
    # For transport access
    - ports:
        - port: {{ .Values.transportPort }}
      from:
        # From authorized Pods (having the correct label)
        - podSelector:
            matchLabels:
              {{ template "elasticsearch.uname" . }}-transport-client: "true"
{{- with .Values.networkPolicy.transport.explicitNamespacesSelector }}
          # From authorized namespaces
          namespaceSelector:
{{ toYaml . | indent 12 }}
{{- end }}
{{- with .Values.networkPolicy.transport.additionalRules }}
        # Or from custom additional rules
{{ toYaml . | indent 8 }}
{{- end }}
        # Or from other ElasticSearch Pods
        - podSelector:
            matchLabels:
              app: "{{ template "elasticsearch.uname" . }}"
{{- end }}

{{- end }}
Fix glue agent image (#78) * Changed: avoid latest image * Changed: version bump * Fixed: pull policy * Removed: specific ci for glue since now it's on by default * Fixed: don't refresh dependencies * Changed: testing chart action version update * Fixed: action * Changed: dependency updates required * Fixed: lint and install * Revert "Changed: dependency updates required" This reverts commit 34ee22d7d062deac1a49df40c8664d05404b3633. * Changed: use copy of dep charts because ththey may become unavailable * Changed: updated readme 2022-06-02 19:20:00 +00:00			`{{- if (or .Values.networkPolicy.http.enabled .Values.networkPolicy.transport.enabled) }}`
			`kind: NetworkPolicy`
			`apiVersion: networking.k8s.io/v1`
			`metadata:`
			`name: {{ template "elasticsearch.uname" . }}`
			`labels:`
			`heritage: {{ .Release.Service \| quote }}`
			`release: {{ .Release.Name \| quote }}`
			`chart: "{{ .Chart.Name }}"`
			`app: "{{ template "elasticsearch.uname" . }}"`
			`spec:`
			`podSelector:`
			`matchLabels:`
			`app: "{{ template "elasticsearch.uname" . }}"`
			`ingress: # Allow inbound connections`

			`{{- if .Values.networkPolicy.http.enabled }}`
			`# For HTTP access`
			`- ports:`
			`- port: {{ .Values.httpPort }}`
			`from:`
			`# From authorized Pods (having the correct label)`
			`- podSelector:`
			`matchLabels:`
			`{{ template "elasticsearch.uname" . }}-http-client: "true"`
			`{{- with .Values.networkPolicy.http.explicitNamespacesSelector }}`
			`# From authorized namespaces`
			`namespaceSelector:`
			`{{ toYaml . \| indent 12 }}`
			`{{- end }}`
			`{{- with .Values.networkPolicy.http.additionalRules }}`
			`# Or from custom additional rules`
			`{{ toYaml . \| indent 8 }}`
			`{{- end }}`
			`{{- end }}`

			`{{- if .Values.networkPolicy.transport.enabled }}`
			`# For transport access`
			`- ports:`
			`- port: {{ .Values.transportPort }}`
			`from:`
			`# From authorized Pods (having the correct label)`
			`- podSelector:`
			`matchLabels:`
			`{{ template "elasticsearch.uname" . }}-transport-client: "true"`
			`{{- with .Values.networkPolicy.transport.explicitNamespacesSelector }}`
			`# From authorized namespaces`
			`namespaceSelector:`
			`{{ toYaml . \| indent 12 }}`
			`{{- end }}`
			`{{- with .Values.networkPolicy.transport.additionalRules }}`
			`# Or from custom additional rules`
			`{{ toYaml . \| indent 8 }}`
			`{{- end }}`
			`# Or from other ElasticSearch Pods`
			`- podSelector:`
			`matchLabels:`
			`app: "{{ template "elasticsearch.uname" . }}"`
			`{{- end }}`

			`{{- end }}`