Merge pull request #5024 from nextcloud/enh/noid/add-network-policy

helm: add network policy
2025-12-26 17:36:53 +00:00 · 2024-07-25 15:29:20 +02:00 · 2024-07-25 15:29:20 +02:00 · 00c41624ea
commit 00c41624ea
parent 69cf646c85 533c270d06
3 changed files with 45 additions and 0 deletions
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-networkpolicy.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-networkpolicy.yaml
@ -0,0 +1,20 @@
+{{- if eq .Values.NETWORK_POLICY_ENABLED "yes" }}
+# https://github.com/ahmetb/kubernetes-network-policy-recipes/blob/master/04-deny-traffic-from-other-namespaces.md
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+  namespace: "{{ .Values.NAMESPACE }}"
+  name: nextcloud-aio-deny-from-other-namespaces
+spec:
+  podSelector:
+    matchLabels:
+  policyTypes:
+    - Ingress
+    - Egress
+  ingress:
+  - from:
+    - podSelector: {}
+  egress:
+  - to:
+    - podSelector: {}
+{{- end }}