chore(cloudbeaver):add networkpolicy (#39)

Author: EamonZhang

addons/cloudbeaver/23/chart/cloudbeaver/templates/networkpolicy.yaml

@@ -0,0 +1,48 @@
+{{- /*
+Copyright Drycc Community.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{- if .Values.networkPolicy.enabled }}
+kind: NetworkPolicy
+apiVersion: {{ template "common.capabilities.networkPolicy.apiVersion" . }}
+metadata:
+  name: {{ template "common.names.fullname" . }}
+  namespace: {{ include "common.names.namespace" . | quote }}
+  labels: {{- include "common.labels.standard" . | nindent 4 }}
+    {{- if .Values.commonLabels }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+    {{- end }}
+  {{- if .Values.commonAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+  {{- end }}
+spec:
+  podSelector:
+    matchLabels:
+      {{- include "common.labels.matchLabels" . | nindent 6 }}
+  {{- if eq .Values.service.type "ClusterIP" }}
+  ingress:
+    # Allow inbound connections
+    - ports:
+      - port: {{ .Values.service.ports.http }}
+    {{- if or .Values.networkPolicy.allowCurrentNamespace .Values.networkPolicy.allowNamespaces }}
+      from:
+      {{- if .Values.networkPolicy.allowCurrentNamespace }}
+        - namespaceSelector:
+            matchLabels:
+              kubernetes.io/metadata.name: {{ .Release.Namespace }}
+      {{- end }}
+      {{- range $namespace := .Values.networkPolicy.allowNamespaces }}
+        {{- if $namespace }}
+        - namespaceSelector:
+            matchLabels:
+              kubernetes.io/metadata.name: {{ $namespace }}
+        {{- end }}
+      {{- end }}
+    {{- end }}
+  {{- end }}
+  {{- if eq .Values.service.type "LoadBalancer" }}
+  ingress:
+    - {}
+  {{- end}}
+{{- end }}

addons/cloudbeaver/23/chart/cloudbeaver/values.yaml

@@ -514,3 +514,20 @@ ingress:
   ##             name: http
   ##
   extraRules: []
+  ## @section Network Policy
+
+## MySQL Nework Policy configuration
+##
+networkPolicy:
+  ## @param networkPolicy.enabled Enable creation of NetworkPolicy resources
+  ##
+  enabled: true 
+  ## @param networkPolicy.allowExternal The Policy model to apply.
+  ## When set to false, only pods with the correct
+  ## client label will have network access to the port MySQL is listening
+  ## on. When true, MySQL will accept connections from any source
+  ## (with the correct destination port).
+  ##
+  allowCurrentNamespace: true
+  allowNamespaces: []
+  

addons/cloudbeaver/23/meta.yaml

@@ -13,8 +13,11 @@ tags: cloudbeaver
 bindable: true
 instances_retrievable: true
 bindings_retrievable: true
-plan_updateable: false
+plan_updateable: true
 allow_parameters:
+- name: "networkPolicy.allowNamespaces"
+  required: false
+  description: "networkPolicy allowNamespaces config for values.yaml"
 - name: "service.type"
   required: false
   description: "service type config for values.yaml"

addons/cloudbeaver/23/plans/standard-10/bind.yaml

@@ -1,17 +1,16 @@
 credential:
   {{- if (eq .Values.service.type "LoadBalancer") }}
-  - name: HOST
+  - name: EXTRANET_HOST
     valueFrom:
       serviceRef:
         name: {{ include "common.names.fullname" . }}
         jsonpath: '{ .status.loadBalancer.ingress[*].ip }'
-  {{- else if (eq .Values.service.type "ClusterIP") }}
+  {{- end }}
   - name: HOST
     valueFrom:
       serviceRef:
         name: {{ include "common.names.fullname" . }}
         jsonpath: '{ .spec.clusterIP }'
-  {{- end }}
   - name: PORT
     valueFrom:  
       serviceRef:

addons/cloudbeaver/23/plans/standard-10/meta.yaml

@@ -1,6 +1,6 @@
-name: "standard-5"
+name: "standard-10"
 id: 9d92b94d-c63e-47a8-ac91-352f511ef0a9
-description: "Cloudbeaver standard-5 plan: Disk 5Gi ,vCPUs 1 , RAM 2G"
-displayName: "standard-5"
+description: "Cloudbeaver standard-10 plan: Disk 10Gi ,vCPUs 1 , RAM 2G"
+displayName: "standard-10"
 bindable: true
 maximum_polling_duration: 1800