Path: blob/main/install/installer/pkg/components/usage/networkpolicy.go
2501 views
// Copyright (c) 2022 Gitpod GmbH. All rights reserved.1/// Licensed under the GNU Affero General Public License (AGPL).2// See License.AGPL.txt in the project root for license information.34package usage56import (7"github.com/gitpod-io/gitpod/installer/pkg/common"89networkingv1 "k8s.io/api/networking/v1"10metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"11"k8s.io/apimachinery/pkg/runtime"12"k8s.io/apimachinery/pkg/util/intstr"13)1415func networkpolicy(ctx *common.RenderContext) ([]runtime.Object, error) {16labels := common.DefaultLabels(Component)1718return []runtime.Object{19&networkingv1.NetworkPolicy{20TypeMeta: common.TypeMetaNetworkPolicy,21ObjectMeta: metav1.ObjectMeta{22Name: Component,23Namespace: ctx.Namespace,24Labels: labels,25},26Spec: networkingv1.NetworkPolicySpec{27PodSelector: metav1.LabelSelector{MatchLabels: labels},28PolicyTypes: []networkingv1.PolicyType{"Ingress"},29Ingress: []networkingv1.NetworkPolicyIngressRule{30{31Ports: []networkingv1.NetworkPolicyPort{32{33Protocol: common.TCPProtocol,34Port: &intstr.IntOrString{IntVal: gRPCContainerPort},35},36},37From: []networkingv1.NetworkPolicyPeer{38{39PodSelector: &metav1.LabelSelector{40MatchLabels: map[string]string{41"component": common.ServerComponent,42},43},44},45{46PodSelector: &metav1.LabelSelector{47MatchLabels: map[string]string{48"component": common.PublicApiComponent,49},50},51},52},53},54},55},56},57}, nil58}596061