CoCalc -- networkpolicy.go

GitHub Repository: gitpod-io/gitpod
Path: blob/main/install/installer/pkg/components/spicedb/networkpolicy.go
²⁵⁰¹ views
1
// Copyright (c) 2021 Gitpod GmbH. All rights reserved.
2
// Licensed under the GNU Affero General Public License (AGPL).
3
// See License.AGPL.txt in the project root for license information.
4

5
package spicedb
6

7
import (
8
	"github.com/gitpod-io/gitpod/installer/pkg/common"
9

10
	networkingv1 "k8s.io/api/networking/v1"
11
	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
12
	"k8s.io/apimachinery/pkg/runtime"
13
	"k8s.io/apimachinery/pkg/util/intstr"
14
)
15

16
func networkpolicy(ctx *common.RenderContext) ([]runtime.Object, error) {
17
	labels := common.DefaultLabels(Component)
18

19
	return []runtime.Object{
20
		&networkingv1.NetworkPolicy{
21
			TypeMeta: common.TypeMetaNetworkPolicy,
22
			ObjectMeta: metav1.ObjectMeta{
23
				Name:      Component,
24
				Namespace: ctx.Namespace,
25
				Labels:    labels,
26
			},
27
			Spec: networkingv1.NetworkPolicySpec{
28
				PodSelector: metav1.LabelSelector{MatchLabels: labels},
29
				PolicyTypes: []networkingv1.PolicyType{"Ingress"},
30
				Ingress: []networkingv1.NetworkPolicyIngressRule{
31
					{
32
						Ports: []networkingv1.NetworkPolicyPort{
33
							{
34
								Protocol: common.TCPProtocol,
35
								Port:     &intstr.IntOrString{IntVal: ContainerDispatchPort},
36
							},
37
						},
38
						From: []networkingv1.NetworkPolicyPeer{
39
							{
40
								PodSelector: &metav1.LabelSelector{
41
									MatchLabels: map[string]string{
42
										"component": Component,
43
									},
44
								},
45
							},
46
						},
47
					},
48
					{
49
						Ports: []networkingv1.NetworkPolicyPort{
50
							{
51
								Protocol: common.TCPProtocol,
52
								Port:     &intstr.IntOrString{IntVal: ContainerHTTPPort},
53
							},
54
							{
55
								Protocol: common.TCPProtocol,
56
								Port:     &intstr.IntOrString{IntVal: ContainerGRPCPort},
57
							},
58
						},
59
						From: []networkingv1.NetworkPolicyPeer{
60
							{
61
								PodSelector: &metav1.LabelSelector{
62
									MatchLabels: map[string]string{
63
										"component": common.PublicApiComponent,
64
									},
65
								},
66
							},
67
						},
68
					},
69
					{
70
						Ports: []networkingv1.NetworkPolicyPort{
71
							{
72
								Protocol: common.TCPProtocol,
73
								Port:     &intstr.IntOrString{IntVal: ContainerHTTPPort},
74
							},
75
							{
76
								Protocol: common.TCPProtocol,
77
								Port:     &intstr.IntOrString{IntVal: ContainerGRPCPort},
78
							},
79
						},
80
						From: []networkingv1.NetworkPolicyPeer{
81
							{
82
								PodSelector: &metav1.LabelSelector{
83
									MatchLabels: map[string]string{
84
										"component": common.ServerComponent,
85
									},
86
								},
87
							},
88
						},
89
					},
90
				},
91
			},
92
		},
93
	}, nil
94
}
95

96
Product

Resources

Company
