commit dd1fd9d86e0b375192958a115d34070c04a6f1a6
author Tinoj Joseph <Tinoj.Joseph@radisys.com> Mon Aug 01 23:59:26 2022 +0530
committer Tinoj Joseph <Tinoj.Joseph@radisys.com> Thu Aug 04 14:33:12 2022 +0530
tree 3299789749eed32171be6b973cb70b783e711711
parent f14037fbfbf4a6d535f981c0a1d8ac0bc71e728e

[VOL-4763] Adding voltha-go-controller and redis helm charts

Change-Id: I21ce624f359989e814c4475cc5e18672fd16c795

redis/templates/networkpolicy.yaml

diff --git a/redis/templates/networkpolicy.yaml b/redis/templates/networkpolicy.yaml
new file mode 100644
index 0000000..69c192e
--- /dev/null
+++ b/redis/templates/networkpolicy.yaml
@@ -0,0 +1,88 @@
+# Copyright 2022-present Open Networking Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{- if .Values.networkPolicy.enabled }}
+kind: NetworkPolicy
+apiVersion: {{ template "networkPolicy.apiVersion" . }}
+metadata:
+  name: {{ template "redis.fullname" . }}
+  namespace: {{ .Release.Namespace | quote }}
+  labels:
+    app: {{ template "redis.name" . }}
+    chart: {{ template "redis.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+spec:
+  podSelector:
+    matchLabels:
+      app: {{ template "redis.name" . }}
+      release: {{ .Release.Name }}
+  {{- if .Values.global.redis.cluster.enabled }}
+  policyTypes:
+    - Ingress
+    - Egress
+  egress:
+    # Allow dns resolution
+    - ports:
+        - port: 53
+          protocol: UDP
+    # Allow outbound connections to other cluster pods
+    - ports:
+        - port: {{ .Values.redisPort }}
+        {{- if .Values.global.redis.sentinel.enabled }}
+        - port: {{ .Values.sentinel.port }}
+        {{- end }}
+      to:
+        - podSelector:
+            matchLabels:
+              app: {{ template "redis.name" . }}
+              release: {{ .Release.Name }}
+  {{- end }}
+  ingress:
+    # Allow inbound connections
+    - ports:
+        - port: {{ .Values.redisPort }}
+        {{- if .Values.global.redis.sentinel.enabled }}
+        - port: {{ .Values.sentinel.port }}
+        {{- end }}
+      {{- if not .Values.networkPolicy.allowExternal }}
+      from:
+        - podSelector:
+            matchLabels:
+              {{ template "redis.fullname" . }}-client: "true"
+        - podSelector:
+            matchLabels:
+              app: {{ template "redis.name" . }}
+              release: {{ .Release.Name }}
+        {{- if .Values.networkPolicy.ingressNSMatchLabels }}
+        - namespaceSelector:
+            matchLabels:
+              {{- range $key, $value := .Values.networkPolicy.ingressNSMatchLabels }}
+              {{ $key | quote }}: {{ $value | quote }}
+              {{- end }}
+          {{- if .Values.networkPolicy.ingressNSPodMatchLabels }}
+          podSelector:
+            matchLabels:
+              {{- range $key, $value := .Values.networkPolicy.ingressNSPodMatchLabels }}
+              {{ $key | quote }}: {{ $value | quote }}
+              {{- end }}
+          {{- end }}
+        {{- end }}
+        {{- end }}
+    {{- if .Values.metrics.enabled }}
+    # Allow prometheus scrapes for metrics
+    - ports:
+        - port: 9121
+    {{- end }}
+{{- end }}