cscott/amplify-fusion
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
bd1ed71ac471f119b61d9149c6cc4cbced302751
amplify-fusion/templates/pep-server/calico.netpol.yaml
Conan Scott bd1ed71ac4 first commit
2026-01-21 17:37:42 +11:00

71 lines
2.2 KiB
YAML
Raw Blame History

{{- if .Values.pepServer.calicoNetpol.enabled }}
apiVersion: projectcalico.org/v3
kind: NetworkPolicy
metadata:
name: {{ template "pep-server.appName" .}}
namespace: {{ .Release.Namespace }}
spec:
order: 10
selector: dplane == 'pep-server'
types:
- Ingress
- Egress
ingress:
### traffic from ingress###
- action: Allow
protocol: TCP
source:
selector: dplane == 'envoy' || dplane == 'pep-server'
namespaceSelector: projectcalico.org/name == '{{ .Release.Namespace }}'
destination:
ports:
{{- range .Values.pepServer.service.ports}}
- {{ .targetPort }}
{{- end}}
egress:
# allow to communicate to DNS pods
- action: Allow
protocol: UDP
destination:
namespaceSelector: projectcalico.org/name == 'kube-system'
ports:
- 53
- action: Allow
protocol: TCP
destination:
namespaceSelector: projectcalico.org/name == 'kube-system'
ports:
- 53
# allow to communicate with k8s api server
- action: Allow
destination:
services:
name: kubernetes
namespace: default
protocol: TCP
### Traffic to Valkey ###
{{- if .Values.valkey.enabled }}
- action: Allow
protocol: TCP
destination:
{{- if and .Values.valkey.internal.enabled .Values.valkey.internal.calicoNetpol.enabled }}
selector: dplane == 'valkey'
namespaceSelector: projectcalico.org/name == '{{ .Release.Namespace }}'
{{- else if and .Values.valkey.external.enabled .Values.valkey.external.calicoNetpol.enabled }}
ports:
{{- include "dataplane.collectPorts" (dict "hosts" .Values.valkey.hosts "defaultPort" 6379) | trim | nindent 10 }}
{{- $rule := .Values.valkey.external.calicoNetpol.outboundRule }}
{{- if $rule.nets }}
nets:
{{- range $rule.nets }}
- {{ . }}
{{- end }}
{{- else if $rule.selector }}
selector: {{ $rule.selector }}
{{- else }}
namespaceSelector: projectcalico.org/name == '{{ .Release.Namespace }}'
{{- end }}
{{- end }}
{{- end }}
{{- end }}
Reference in New Issue View Git Blame Copy Permalink