diff --git a/CHANGELOG.md b/CHANGELOG.md index 8be41e6..e795e2d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +### Added + +- Add `CiliumNetworkPolicy`. + ## [1.22.1] - 2023-11-30 ### Changed diff --git a/helm/promxy-app/templates/cilium-network-policy.yaml b/helm/promxy-app/templates/cilium-network-policy.yaml new file mode 100644 index 0000000..fa3244f --- /dev/null +++ b/helm/promxy-app/templates/cilium-network-policy.yaml @@ -0,0 +1,16 @@ +{{- if .Values.ciliumNetworkPolicy.enabled -}} +apiVersion: "cilium.io/v2" +kind: CiliumNetworkPolicy +metadata: + labels: + {{- include "labels.common" . | nindent 4 }} + name: {{ include "resource.default.name" . }} + namespace: {{ include "resource.default.namespace" . }} +spec: + endpointSelector: + matchLabels: + {{- include "labels.selector" . | nindent 6 }} + egress: + - toEntities: + - kube-apiserver +{{- end -}} diff --git a/helm/promxy-app/values.schema.json b/helm/promxy-app/values.schema.json index ade5cd0..b7a5123 100644 --- a/helm/promxy-app/values.schema.json +++ b/helm/promxy-app/values.schema.json @@ -2,6 +2,14 @@ "$schema": "http://json-schema.org/schema#", "type": "object", "properties": { + "ciliumNetworkPolicy": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + } + } + }, "global": { "type": "object", "properties": { diff --git a/helm/promxy-app/values.yaml b/helm/promxy-app/values.yaml index babc454..64168cc 100644 --- a/helm/promxy-app/values.yaml +++ b/helm/promxy-app/values.yaml @@ -7,6 +7,9 @@ global: podSecurityStandards: enforced: false +ciliumNetworkPolicy: + enabled: true + monitoring: prometheus: host: ""