eightball/all-in-one
1
0
Fork 0
mirror of https://github.com/nextcloud/all-in-one.git synced 2025-12-19 22:16:49 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 10

Merge pull request #5519 from nextcloud/enh/noid/adjust-network-policy

Browse source 
helm: update network policy
This commit is contained in:
Simon L. 2024-11-05 13:28:34 +01:00 committed by GitHub
commit 89739b26ed
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
3 changed files with 38 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

20
nextcloud-aio-helm-chart/templates/nextcloud-aio-networkpolicy.yaml
View file

@ -15,6 +15,22 @@ spec:
- from: - from:
- podSelector: {} - podSelector: {}
egress: egress:
- to: - {} # Allows all egress traffic
- podSelector: {} ---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
namespace: "{{ .Values.NAMESPACE }}"
name: nextcloud-aio-webserver-allow
spec:
podSelector:
matchExpressions:
- key: io.kompose.service
operator: In
values:
- nextcloud-aio-apache
policyTypes:
- Ingress
ingress:
- {} # Allows all ingress traffic
{{- end }} {{- end }}

22
nextcloud-aio-helm-chart/update-helm.sh
View file

@ -310,8 +310,24 @@ spec:
- from: - from:
- podSelector: {} - podSelector: {}
egress: egress:
- to: - {} # Allows all egress traffic
- podSelector: {} ---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
namespace: "{{ .Values.NAMESPACE }}"
name: nextcloud-aio-webserver-allow
spec:
podSelector:
matchExpressions:
- key: io.kompose.service
operator: In
values:
- nextcloud-aio-apache
policyTypes:
- Ingress
ingress:
- {} # Allows all ingress traffic
{{- end }} {{- end }}
EOL EOL
@ -355,7 +371,7 @@ cat << ADDITIONAL_CONFIG >> /tmp/sample.conf
NAMESPACE: default # By changing this, you can adjust the namespace of the installation which allows to install multiple instances on one kubernetes cluster NAMESPACE: default # By changing this, you can adjust the namespace of the installation which allows to install multiple instances on one kubernetes cluster
NAMESPACE_DISABLED: "no" # By setting this to "yes", you can disabled the creation of the namespace so that you can use a pre-created one NAMESPACE_DISABLED: "no" # By setting this to "yes", you can disabled the creation of the namespace so that you can use a pre-created one
NETWORK_POLICY_ENABLED: "no" # By setting this to "yes", you can enable a network policy that limits network access to the same namespace. ⚠️ Attention: this breaks if you use an ingress!!! So it should be disabled if you do so! NETWORK_POLICY_ENABLED: "no" # By setting this to "yes", you can enable a network policy that limits network access to the same namespace. Except the Web server service which is reachable from all endpoints.
SUBSCRIPTION_KEY: # This allows to set the Nextcloud Enterprise key via ENV SUBSCRIPTION_KEY: # This allows to set the Nextcloud Enterprise key via ENV
SERVERINFO_TOKEN: # This allows to set the serverinfo app token for monitoring your Nextcloud via the serverinfo app SERVERINFO_TOKEN: # This allows to set the serverinfo app token for monitoring your Nextcloud via the serverinfo app
APPS_ALLOWLIST: # This allows to configure allowed apps that will be shown in Nextcloud's Appstore. You need to enter the app-IDs of the apps here and separate them with spaces. E.g. 'files richdocuments' APPS_ALLOWLIST: # This allows to configure allowed apps that will be shown in Nextcloud's Appstore. You need to enter the app-IDs of the apps here and separate them with spaces. E.g. 'files richdocuments'

2
nextcloud-aio-helm-chart/values.yaml
View file

@ -51,7 +51,7 @@ REDIS_STORAGE_SIZE: 1Gi # You can change the size of the redis volume that
NAMESPACE: default # By changing this, you can adjust the namespace of the installation which allows to install multiple instances on one kubernetes cluster NAMESPACE: default # By changing this, you can adjust the namespace of the installation which allows to install multiple instances on one kubernetes cluster
NAMESPACE_DISABLED: "no" # By setting this to "yes", you can disabled the creation of the namespace so that you can use a pre-created one NAMESPACE_DISABLED: "no" # By setting this to "yes", you can disabled the creation of the namespace so that you can use a pre-created one
NETWORK_POLICY_ENABLED: "no" # By setting this to "yes", you can enable a network policy that limits network access to the same namespace. ⚠️ Attention: this breaks if you use an ingress!!! So it should be disabled if you do so! NETWORK_POLICY_ENABLED: "no" # By setting this to "yes", you can enable a network policy that limits network access to the same namespace. Except the Web server service which is reachable from all endpoints.
SUBSCRIPTION_KEY: # This allows to set the Nextcloud Enterprise key via ENV SUBSCRIPTION_KEY: # This allows to set the Nextcloud Enterprise key via ENV
SERVERINFO_TOKEN: # This allows to set the serverinfo app token for monitoring your Nextcloud via the serverinfo app SERVERINFO_TOKEN: # This allows to set the serverinfo app token for monitoring your Nextcloud via the serverinfo app
APPS_ALLOWLIST: # This allows to configure allowed apps that will be shown in Nextcloud's Appstore. You need to enter the app-IDs of the apps here and separate them with spaces. E.g. 'files richdocuments' APPS_ALLOWLIST: # This allows to configure allowed apps that will be shown in Nextcloud's Appstore. You need to enter the app-IDs of the apps here and separate them with spaces. E.g. 'files richdocuments'