diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index e9ef680c..eaf426c4 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: v2.3.1 description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 4.2.0 +version: 4.2.1 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png keywords: @@ -21,4 +21,4 @@ dependencies: condition: redis-ha.enabled annotations: artifacthub.io/changes: | - - "[Added]: added applicationSet.enabled and notifications.enabled to allow to disable them" + - "[Fixed]: Add missing NetworkPolicy for ApplicationSet and Notifications" diff --git a/charts/argo-cd/templates/argocd-applicationset/networkpolicy.yaml b/charts/argo-cd/templates/argocd-applicationset/networkpolicy.yaml new file mode 100644 index 00000000..176de64b --- /dev/null +++ b/charts/argo-cd/templates/argocd-applicationset/networkpolicy.yaml @@ -0,0 +1,25 @@ +{{- if and .Values.applicationSet.enabled .Values.global.networkPolicy.create (or .Values.applicationSet.metrics.enabled .Values.applicationSet.webhook.ingress.enabled) }} +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: {{ template "argo-cd.applicationSet.fullname" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }} +spec: + ingress: + {{- if .Values.applicationSet.webhook.ingress.enabled }} + - ports: + - port: webhook + {{- end }} + {{- if .Values.applicationSet.metrics.enabled }} + - from: + - namespaceSelector: {} + ports: + - port: metrics + {{- end }} + podSelector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.applicationSet.name) | nindent 6 }} + policyTypes: + - Ingress +{{- end }} diff --git a/charts/argo-cd/templates/argocd-notifications/networkpolicy.yaml b/charts/argo-cd/templates/argocd-notifications/networkpolicy.yaml new file mode 100644 index 00000000..6bd0c04e --- /dev/null +++ b/charts/argo-cd/templates/argocd-notifications/networkpolicy.yaml @@ -0,0 +1,19 @@ +{{- if and .Values.notifications.enabled .Values.global.networkPolicy.create .Values.notifications.metrics.enabled }} +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: {{ template "argo-cd.notifications.fullname" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 4 }} +spec: + ingress: + - from: + - namespaceSelector: {} + ports: + - port: metrics + podSelector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.notifications.name) | nindent 6 }} + policyTypes: + - Ingress +{{- end }} diff --git a/charts/argo-cd/templates/argocd-repo-server/networkpolicy.yaml b/charts/argo-cd/templates/argocd-repo-server/networkpolicy.yaml index 0d9274ed..619a65ca 100644 --- a/charts/argo-cd/templates/argocd-repo-server/networkpolicy.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/networkpolicy.yaml @@ -14,6 +14,16 @@ spec: - podSelector: matchLabels: {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 10 }} + {{- if .Values.notifications.enabled }} + - podSelector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.notifications.name) | nindent 10 }} + {{- end }} + {{- if .Values.applicationSet.enabled }} + - podSelector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.applicationSet.name) | nindent 10 }} + {{- end }} ports: - port: repo-server protocol: TCP