82 lines
2.0 KiB
YAML
82 lines
2.0 KiB
YAML
{{- define "ports" }}
|
|
{{- range $port := . }}
|
|
- port: {{ $port.Port }}
|
|
{{- if $port.Protocol }}
|
|
protocol: {{ $port.Protocol }}
|
|
{{- end }}
|
|
{{- end }}
|
|
{{- end }}
|
|
{{- define "peers" }}
|
|
{{- range .Applications }}
|
|
- {{.Rule}}:
|
|
# {{ .Application.Namespace.Name }}/{{ .Application.Name }}
|
|
- podSelector:
|
|
matchLabels: {{ .Application.MatchLabels | toJson }}
|
|
matchExpressions: {{ .Application.MatchExpressions | toJson }}
|
|
namespaceSelector:
|
|
matchLabels:
|
|
kubernetes.io/metadata.name: {{ .Application.Namespace.Name }}
|
|
{{- if .Ports }}
|
|
ports:
|
|
{{- template "ports" .Ports }}
|
|
{{- end }}
|
|
{{- end }}
|
|
{{- end }}
|
|
{{- define "networks" }}
|
|
{{- range .Networks }}
|
|
{{- if .Network.CIDR }}
|
|
- {{.Rule}}:
|
|
# {{ .Network.Name }}
|
|
- ipBlock:
|
|
cidr: {{ .Network.CIDR}}
|
|
except:
|
|
{{- range $except := .Network.Except }}
|
|
- {{ $except }}
|
|
{{- end }}
|
|
{{- end }}
|
|
{{- if .Ports }}
|
|
{{- if .Network.CIDR }}
|
|
ports:
|
|
{{- else }}
|
|
- ports:
|
|
{{- end }}
|
|
{{- template "ports" .Ports }}
|
|
{{- end }}
|
|
{{- end }}
|
|
{{- end }}
|
|
|
|
{{- if not .app.Namespace.Open }}
|
|
---
|
|
kind: NetworkPolicy
|
|
apiVersion: networking.k8s.io/v1
|
|
metadata:
|
|
name: "{{.app.Name}}"
|
|
namespace: "{{.app.Namespace.Name }}"
|
|
labels: {{ .labels | toJson }}
|
|
spec:
|
|
# {{ .app.Namespace.Name }}/{{ .app.Name }}
|
|
podSelector:
|
|
matchLabels: {{ .app.MatchLabels | toJson }}
|
|
matchExpressions: {{ .app.MatchExpressions | toJson }}
|
|
policyTypes:
|
|
{{- if or .ingress.Applications .ingress.Networks }}
|
|
- Ingress
|
|
{{- end }}
|
|
{{- if or .egress.Applications .egress.Networks }}
|
|
- Egress
|
|
{{- end }}
|
|
|
|
{{- if or .ingress.Applications .ingress.Networks }}
|
|
ingress:
|
|
{{- template "peers" .ingress }}
|
|
{{- template "networks" .ingress }}
|
|
{{- end }}
|
|
|
|
{{- if or .egress.Applications .egress.Networks }}
|
|
egress:
|
|
{{- template "peers" .egress }}
|
|
{{- template "networks" .egress }}
|
|
{{- end }}
|
|
|
|
{{- end }}
|