1
// Copyright (c) 2021 Gitpod GmbH. All rights reserved.
2
// Licensed under the GNU Affero General Public License (AGPL).
3
// See License.AGPL.txt in the project root for license information.
4

5
package ide_metrics
6

7
import (
8
	"github.com/gitpod-io/gitpod/installer/pkg/common"
9
	ideproxy "github.com/gitpod-io/gitpod/installer/pkg/components/ide-proxy"
10
	"github.com/gitpod-io/gitpod/installer/pkg/components/proxy"
11

12
	networkingv1 "k8s.io/api/networking/v1"
13
	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
14
	"k8s.io/apimachinery/pkg/runtime"
15
	"k8s.io/apimachinery/pkg/util/intstr"
16
)
17

18
func networkpolicy(ctx *common.RenderContext) ([]runtime.Object, error) {
19
	labels := common.DefaultLabels(Component)
20

21
	return []runtime.Object{&networkingv1.NetworkPolicy{
22
		TypeMeta: common.TypeMetaNetworkPolicy,
23
		ObjectMeta: metav1.ObjectMeta{
24
			Name:      Component,
25
			Namespace: ctx.Namespace,
26
			Labels:    labels,
27
		},
28
		Spec: networkingv1.NetworkPolicySpec{
29
			PodSelector: metav1.LabelSelector{MatchLabels: labels},
30
			PolicyTypes: []networkingv1.PolicyType{"Ingress"},
31
			Ingress: []networkingv1.NetworkPolicyIngressRule{{
32
				Ports: []networkingv1.NetworkPolicyPort{{
33
					Protocol: common.TCPProtocol,
34
					Port:     &intstr.IntOrString{IntVal: ContainerPort},
35
				}},
36
				From: []networkingv1.NetworkPolicyPeer{{
37
					PodSelector: &metav1.LabelSelector{MatchLabels: map[string]string{
38
						"component": proxy.Component,
39
					}},
40
				}, {
41
					PodSelector: &metav1.LabelSelector{MatchLabels: map[string]string{
42
						"component": ideproxy.Component,
43
					}},
44
				}, {
45
					PodSelector: &metav1.LabelSelector{MatchLabels: map[string]string{
46
						"component": common.DashboardComponent,
47
					}},
48
				}},
49
			}},
50
		},
51
	}}, nil
52
}
53

54