{{- define "ports" }} {{- range $port := . }} - port: {{ $port.Port }} {{- if $port.Protocol }} protocol: {{ $port.Protocol }} {{- end }} {{- end }} {{- end }} {{- define "peers" }} {{- range .Applications }} - {{.Rule}}: # {{ .Application.Namespace.Name }}/{{ .Application.Name }} - podSelector: matchLabels: {{ .Application.MatchLabels | toJson }} matchExpressions: {{ .Application.MatchExpressions | toJson }} namespaceSelector: matchLabels: kubernetes.io/metadata.name: {{ .Application.Namespace.Name }} {{- if .Ports }} ports: {{- template "ports" .Ports }} {{- end }} {{- end }} {{- end }} {{- define "networks" }} {{- range .Networks }} {{- if .Network.CIDR }} - {{.Rule}}: # {{ .Network.Name }} - ipBlock: cidr: {{ .Network.CIDR}} except: {{- range $except := .Network.Except }} - {{ $except }} {{- end }} {{- end }} {{- if .Ports }} {{- if .Network.CIDR }} ports: {{- else }} - ports: {{- end }} {{- template "ports" .Ports }} {{- end }} {{- end }} {{- end }} {{- if not .app.Namespace.Open }} --- kind: NetworkPolicy apiVersion: networking.k8s.io/v1 metadata: name: "{{.app.Name}}" namespace: "{{.app.Namespace.Name }}" labels: {{ .labels | toJson }} spec: # {{ .app.Namespace.Name }}/{{ .app.Name }} podSelector: matchLabels: {{ .app.MatchLabels | toJson }} matchExpressions: {{ .app.MatchExpressions | toJson }} policyTypes: {{- if or .ingress.Applications .ingress.Networks }} - Ingress {{- end }} {{- if or .egress.Applications .egress.Networks }} - Egress {{- end }} {{- if or .ingress.Applications .ingress.Networks }} ingress: {{- template "peers" .ingress }} {{- template "networks" .ingress }} {{- end }} {{- if or .egress.Applications .egress.Networks }} egress: {{- template "peers" .egress }} {{- template "networks" .egress }} {{- end }} {{- end }}