This is an automated email from the ASF dual-hosted git repository. willholley pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/couchdb-helm.git
commit 17b38890805b3040333c8dfa4da9ab0a5597edf4 Author: Will Holley <[email protected]> AuthorDate: Tue Oct 22 16:16:51 2019 +0100 Add optional network policy Adds a NetworkPolicy to enable communication between CouchDB pods and external ingress on port 5984. This is required in environments (e.g. Red Hat OpenShift) which apply DenyAll network policies by default. ported from https://github.com/helm/charts/pull/17262 --- couchdb/README.md | 1 + couchdb/templates/networkpolicy.yaml | 31 +++++++++++++++++++++++++++++++ couchdb/values.yaml | 5 +++++ 3 files changed, 37 insertions(+) diff --git a/couchdb/README.md b/couchdb/README.md index 937c1d3..0d786e3 100644 --- a/couchdb/README.md +++ b/couchdb/README.md @@ -140,6 +140,7 @@ A variety of other parameters are also configurable. See the comments in the | `service.type` | ClusterIP | | `service.externalPort` | 5984 | | `dns.clusterDomainSuffix` | cluster.local | +| `networkPolicy.enabled` | true | | `serviceAccount.enabled` | true | | `serviceAccount.create` | true | | `serviceAccount.imagePullSecrets` | | diff --git a/couchdb/templates/networkpolicy.yaml b/couchdb/templates/networkpolicy.yaml new file mode 100644 index 0000000..2830708 --- /dev/null +++ b/couchdb/templates/networkpolicy.yaml @@ -0,0 +1,31 @@ + +{{- if .Values.networkPolicy.enabled }} +kind: NetworkPolicy +apiVersion: networking.k8s.io/v1 +metadata: + name: {{ template "couchdb.fullname" . }} + labels: + app: {{ template "couchdb.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + podSelector: + matchLabels: +{{ include "couchdb.ss.selector" . | indent 6 }} + ingress: + - ports: + - protocol: TCP + port: 5984 + - ports: + - protocol: TCP + port: 9100 + - protocol: TCP + port: 4369 + from: + - podSelector: + matchLabels: +{{ include "couchdb.ss.selector" . | indent 14 }} + policyTypes: + - Ingress +{{- end }} diff --git a/couchdb/values.yaml b/couchdb/values.yaml index 089f90b..f94faf7 100644 --- a/couchdb/values.yaml +++ b/couchdb/values.yaml @@ -25,6 +25,11 @@ adminUsername: admin # adminPassword: this_is_not_secure # cookieAuthSecret: neither_is_this +## When enabled, will deploy a networkpolicy that allows CouchDB pods to +## communicate with each other for clustering and ingress on port 5984 +networkPolicy: + enabled: true + ## Use an alternate scheduler, e.g. "stork". ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ ##
