helm: add network policy

Signed-off-by: Simon L. <szaimen@e.mail.de>
2025-12-26 01:16:56 +00:00 · 2024-07-22 15:43:04 +02:00 · 2024-07-22 15:43:04 +02:00 · 8a9c5ae973
commit 8a9c5ae973
parent 9458650f8b
3 changed files with 33 additions and 0 deletions
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-networkpolicy.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-networkpolicy.yaml
@ -0,0 +1,14 @@
+{{- if eq .Values.NETWORK_POLICY_ENABLED "yes" }}
+# https://github.com/ahmetb/kubernetes-network-policy-recipes/blob/master/04-deny-traffic-from-other-namespaces.md
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+  namespace: "{{ .Values.NAMESPACE }}"
+  name: nextcloud-aio-deny-from-other-namespaces
+spec:
+  podSelector:
+    matchLabels:
+  ingress:
+  - from:
+    - podSelector: {}
+{{- end }}