demo/k8s/helm/shop-recycle/templates/networkpolicy.yaml

{{- if .Values.networkPolicy.enabled }}
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: {{ include "shop-recycle.fullname" . }}-gateway
  labels:
    app: {{ include "shop-recycle.fullname" . }}-gateway
    {{- include "shop-recycle.labels" . | nindent 4 }}
  namespace: {{ .Release.Namespace }}
spec:
  podSelector:
    matchLabels:
      app: {{ include "shop-recycle.fullname" . }}-gateway
  policyTypes:
    {{- toYaml .Values.networkPolicy.policyTypes | nindent 4 }}
  ingress:
    - from:
        - namespaceSelector:
            matchLabels:
              name: {{ .Release.Namespace }}
        - podSelector:
            matchLabels:
              app: {{ include "shop-recycle.fullname" . }}-gateway
      ports:
        - protocol: TCP
          port: 8080
  egress:
    - to:
        - podSelector:
            matchLabels:
              app: {{ include "shop-recycle.fullname" . }}-order-service
      ports:
        - protocol: TCP
          port: 8081
    - to:
        - podSelector:
            matchLabels:
              app: {{ include "shop-recycle.fullname" . }}-payment-service
      ports:
        - protocol: TCP
          port: 8082
    - to:
        - namespaceSelector: {}
      ports:
        - protocol: TCP
          port: 53
        - protocol: UDP
          port: 53
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: {{ include "shop-recycle.fullname" . }}-order-service
  labels:
    app: {{ include "shop-recycle.fullname" . }}-order-service
    {{- include "shop-recycle.labels" . | nindent 4 }}
  namespace: {{ .Release.Namespace }}
spec:
  podSelector:
    matchLabels:
      app: {{ include "shop-recycle.fullname" . }}-order-service
  policyTypes:
    {{- toYaml .Values.networkPolicy.policyTypes | nindent 4 }}
  ingress:
    - from:
        - podSelector:
            matchLabels:
              app: {{ include "shop-recycle.fullname" . }}-gateway
      ports:
        - protocol: TCP
          port: 8081
  egress:
    - to:
        - namespaceSelector: {}
      ports:
        - protocol: TCP
          port: 53
        - protocol: UDP
          port: 53
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: {{ include "shop-recycle.fullname" . }}-payment-service
  labels:
    app: {{ include "shop-recycle.fullname" . }}-payment-service
    {{- include "shop-recycle.labels" . | nindent 4 }}
  namespace: {{ .Release.Namespace }}
spec:
  podSelector:
    matchLabels:
      app: {{ include "shop-recycle.fullname" . }}-payment-service
  policyTypes:
    {{- toYaml .Values.networkPolicy.policyTypes | nindent 4 }}
  ingress:
    - from:
        - podSelector:
            matchLabels:
              app: {{ include "shop-recycle.fullname" . }}-gateway
      ports:
        - protocol: TCP
          port: 8082
  egress:
    - to:
        - namespaceSelector: {}
      ports:
        - protocol: TCP
          port: 53
        - protocol: UDP
          port: 53
{{- end }}