33 lines
1.5 KiB
YAML
33 lines
1.5 KiB
YAML
{{- if and .Values.prometheusOperator.networkPolicy.enabled (eq .Values.prometheusOperator.networkPolicy.flavor "cilium") }}
|
|
{{- if and .Values.prometheusOperator.enabled .Values.prometheusOperator.admissionWebhooks.enabled .Values.prometheusOperator.admissionWebhooks.patch.enabled (not .Values.prometheusOperator.admissionWebhooks.certManager.enabled) }}
|
|
apiVersion: cilium.io/v2
|
|
kind: CiliumNetworkPolicy
|
|
metadata:
|
|
name: {{ template "kube-prometheus-stack.fullname" . }}-admission-create
|
|
namespace: {{ template "kube-prometheus-stack.namespace" . }}
|
|
annotations:
|
|
helm.sh/hook: post-install,post-upgrade
|
|
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
|
|
## Ensure this is run before the job
|
|
helm.sh/hook-weight: "-5"
|
|
{{- with .Values.prometheusOperator.admissionWebhooks.annotations }}
|
|
{{ toYaml . | nindent 4 }}
|
|
{{- end }}
|
|
labels:
|
|
app: {{ template "kube-prometheus-stack.name" $ }}-admission-create
|
|
{{- include "kube-prometheus-stack.labels" $ | nindent 4 }}
|
|
spec:
|
|
endpointSelector:
|
|
matchLabels:
|
|
app: {{ template "kube-prometheus-stack.name" $ }}-admission-create
|
|
{{- include "kube-prometheus-stack.labels" $ | nindent 6 }}
|
|
egress:
|
|
{{- if and .Values.prometheusOperator.networkPolicy.cilium .Values.prometheusOperator.networkPolicy.cilium.egress }}
|
|
{{ toYaml .Values.prometheusOperator.networkPolicy.cilium.egress | nindent 6 }}
|
|
{{- else }}
|
|
- toEntities:
|
|
- kube-apiserver
|
|
{{- end }}
|
|
{{- end }}
|
|
{{- end }}
|