DevFW-CICD/argocd-helm
14
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix(argo-cd): Add missing NetworkPolicy for ApplicationSet and Notifications (#1184)

Browse source 
Signed-off-by: Marco Kilchhofer <mkilchhofer@users.noreply.github.com>
This commit is contained in:
Marco Kilchhofer 2022-03-18 22:25:23 +01:00 committed by GitHub
parent 3a2858aa98
commit b919396574
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 56 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
charts/argo-cd/Chart.yaml
View file

@ -2,7 +2,7 @@ apiVersion: v2
appVersion: v2.3.1 appVersion: v2.3.1
description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes.
name: argo-cd name: argo-cd
version: 4.2.0 version: 4.2.1
home: https://github.com/argoproj/argo-helm home: https://github.com/argoproj/argo-helm
icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png
keywords: keywords:
@ -21,4 +21,4 @@ dependencies:
condition: redis-ha.enabled condition: redis-ha.enabled
annotations: annotations:
artifacthub.io/changes: | artifacthub.io/changes: |
- "[Added]: added applicationSet.enabled and notifications.enabled to allow to disable them" - "[Fixed]: Add missing NetworkPolicy for ApplicationSet and Notifications"

25
charts/argo-cd/templates/argocd-applicationset/networkpolicy.yaml Normal file
View file

@ -0,0 +1,25 @@
{{- if and .Values.applicationSet.enabled .Values.global.networkPolicy.create (or .Values.applicationSet.metrics.enabled .Values.applicationSet.webhook.ingress.enabled) }}
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: {{ template "argo-cd.applicationSet.fullname" . }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }}
spec:
ingress:
{{- if .Values.applicationSet.webhook.ingress.enabled }}
- ports:
- port: webhook
{{- end }}
{{- if .Values.applicationSet.metrics.enabled }}
- from:
- namespaceSelector: {}
ports:
- port: metrics
{{- end }}
podSelector:
matchLabels:
{{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.applicationSet.name) | nindent 6 }}
policyTypes:
- Ingress
{{- end }}

19
charts/argo-cd/templates/argocd-notifications/networkpolicy.yaml Normal file
View file

@ -0,0 +1,19 @@
{{- if and .Values.notifications.enabled .Values.global.networkPolicy.create .Values.notifications.metrics.enabled }}
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: {{ template "argo-cd.notifications.fullname" . }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 4 }}
spec:
ingress:
- from:
- namespaceSelector: {}
ports:
- port: metrics
podSelector:
matchLabels:
{{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.notifications.name) | nindent 6 }}
policyTypes:
- Ingress
{{- end }}

10
charts/argo-cd/templates/argocd-repo-server/networkpolicy.yaml
View file

@ -14,6 +14,16 @@ spec:
- podSelector: - podSelector:
matchLabels: matchLabels:
{{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 10 }} {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 10 }}
{{- if .Values.notifications.enabled }}
- podSelector:
matchLabels:
{{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.notifications.name) | nindent 10 }}
{{- end }}
{{- if .Values.applicationSet.enabled }}
- podSelector:
matchLabels:
{{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.applicationSet.name) | nindent 10 }}
{{- end }}
ports: ports:
- port: repo-server - port: repo-server
protocol: TCP protocol: TCP