Skip to content

Commit

Permalink
Add ciliumnetworkpolicies (#558)
Browse files Browse the repository at this point in the history
  • Loading branch information
QuentinBisson authored Jan 19, 2024
1 parent a095df1 commit 891ce78
Show file tree
Hide file tree
Showing 5 changed files with 88 additions and 0 deletions.
2 changes: 2 additions & 0 deletions keda/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -83,6 +83,8 @@ their default values.
| `http.timeout` | int | `3000` | The default HTTP timeout to use for all scalers that use raw HTTP clients (some scalers use SDKs to access target services. These have built-in HTTP clients, and the timeout does not necessarily apply to them) |
| `image.pullPolicy` | string | `"Always"` | Image pullPolicy for all KEDA components |
| `imagePullSecrets` | list | `[]` | Name of secret to use to pull images to use to pull Docker images |
| `networkPolicy.enabled` | bool | `false` | Enable network policies |
| `networkPolicy.flavor` | string | `"cilium"` | Flavor of the network policies (cilium) |
| `nodeSelector` | object | `{}` | Node selector for pod scheduling ([docs](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/)) |
| `podIdentity.activeDirectory.identity` | string | `""` | Identity in Azure Active Directory to use for Azure pod identity |
| `podIdentity.aws.irsa.audience` | string | `"sts.amazonaws.com"` | Sets the token audience for IRSA. This will be set as an annotation on the KEDA service account. |
Expand Down
27 changes: 27 additions & 0 deletions keda/templates/manager/ciliumnetworkpolicy.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
{{- if and .Values.networkPolicy.enabled (eq .Values.networkPolicy.flavor "cilium") }}
apiVersion: "cilium.io/v2"
kind: CiliumNetworkPolicy
metadata:
name: {{ .Values.operator.name }}
namespace: {{ .Release.Namespace }}
{{- with .Values.additionalAnnotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
labels:
app: {{ .Values.operator.name }}
name: {{ .Values.operator.name }}
app.kubernetes.io/name: {{ .Values.operator.name }}
{{- include "keda.labels" . | indent 4 }}
spec:
endpointSelector:
matchLabels:
app: {{ .Values.operator.name }}
egress:
- toEntities:
- kube-apiserver
- cluster
ingress:
- fromEntities:
- cluster
{{ end }}
26 changes: 26 additions & 0 deletions keda/templates/metrics-server/ciliumnetworkpolicy.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
{{- if and .Values.networkPolicy.enabled (eq .Values.networkPolicy.flavor "cilium") }}
apiVersion: "cilium.io/v2"
kind: CiliumNetworkPolicy
metadata:
name: {{ .Values.operator.name }}-metrics-apiserver
namespace: {{ .Release.Namespace }}
{{- with .Values.additionalAnnotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
labels:
app: {{ .Values.operator.name }}-metrics-apiserver
app.kubernetes.io/name: {{ .Values.operator.name }}-metrics-apiserver
{{- include "keda.labels" . | indent 4 }}
spec:
endpointSelector:
matchLabels:
app: {{ .Values.operator.name }}-metrics-apiserver
egress:
- toEntities:
- kube-apiserver
- cluster
ingress:
- fromEntities:
- cluster
{{ end }}
27 changes: 27 additions & 0 deletions keda/templates/webhooks/ciliumnetworkpolicy.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
{{- if and .Values.webhooks.enabled .Values.networkPolicy.enabled (eq .Values.networkPolicy.flavor "cilium") }}
apiVersion: "cilium.io/v2"
kind: CiliumNetworkPolicy
metadata:
name: {{ .Values.webhooks.name }}
namespace: {{ .Release.Namespace }}
{{- with .Values.additionalAnnotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
labels:
app: {{ .Values.webhooks.name }}
name: {{ .Values.webhooks.name }}
app.kubernetes.io/name: {{ .Values.webhooks.name }}
{{- include "keda.labels" . | indent 4 }}
spec:
endpointSelector:
matchLabels:
app: {{ .Values.webhooks.name }}
egress:
- toEntities:
- kube-apiserver
- cluster
ingress:
- fromEntities:
- cluster
{{ end }}
6 changes: 6 additions & 0 deletions keda/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -53,6 +53,12 @@ watchNamespace: ""
# -- Name of secret to use to pull images to use to pull Docker images
imagePullSecrets: []

networkPolicy:
# -- Enable network policies
enabled: false
# -- Flavor of the network policies (cilium)
flavor: "cilium"

operator:
# -- Name of the KEDA operator
name: keda-operator
Expand Down

0 comments on commit 891ce78

Please sign in to comment.