chore(pmm): pmm network support

EamonZhang · EamonZhang · commit f5bd56fb8b52 · 2024-03-14T16:40:17.000+08:00
diff --git a/addons/pmm/2.41/chart/pmm/templates/networkpolicy.yaml b/addons/pmm/2.41/chart/pmm/templates/networkpolicy.yaml
@@ -0,0 +1,50 @@
+{{- /*
+Copyright Drycc Community.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{- if .Values.networkPolicy.enabled }}
+kind: NetworkPolicy
+apiVersion: {{ template "common.capabilities.networkPolicy.apiVersion" . }}
+metadata:
+  name: {{ template "common.names.fullname" . }}
+  namespace: {{ include "common.names.namespace" . | quote }}
+  labels: {{- include "common.labels.standard" . | nindent 4 }}
+    {{- if .Values.commonLabels }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+    {{- end }}
+  {{- if .Values.commonAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+  {{- end }}
+spec:
+  podSelector:
+    matchLabels:
+      {{- include "common.labels.matchLabels" . | nindent 6 }}
+  {{- if eq .Values.service.type "ClusterIP" }}
+  ingress:
+    # Allow inbound connections
+    {{- with .Values.service.ports }}
+    - ports:
+    {{- toYaml . | nindent 8 }}
+  {{- end }}
+    {{- if or .Values.networkPolicy.allowCurrentNamespace .Values.networkPolicy.allowNamespaces }}
+      from:
+      {{- if .Values.networkPolicy.allowCurrentNamespace }}
+        - namespaceSelector:
+            matchLabels:
+              kubernetes.io/metadata.name: {{ .Release.Namespace }}
+      {{- end }}
+      {{- range $namespace := .Values.networkPolicy.allowNamespaces }}
+        {{- if $namespace }}
+        - namespaceSelector:
+            matchLabels:
+              kubernetes.io/metadata.name: {{ $namespace }}
+        {{- end }}
+      {{- end }}
+    {{- end }}
+  {{- end }}
+  {{- if eq .Values.service.type "LoadBalancer" }}
+  ingress:
+    - {}
+  {{- end}}
+{{- end }}
diff --git a/addons/pmm/2.41/chart/pmm/values.yaml b/addons/pmm/2.41/chart/pmm/values.yaml
@@ -226,3 +226,18 @@ extraVolumeMounts: []
 ## @param extraVolumes Optionally specify extra list of additional volumes
 ##
 extraVolumes: []
+
+## Nework Policy configuration
+##
+networkPolicy:
+  ## @param networkPolicy.enabled Enable creation of NetworkPolicy resources
+  ##
+  enabled: true 
+  ## @param networkPolicy.allowExternal The Policy model to apply.
+  ## When set to false, only pods with the correct
+  ## client label will have network access to the port MySQL is listening
+  ## on. When true, MySQL will accept connections from any source
+  ## (with the correct destination port).
+  ##
+  allowCurrentNamespace: true
+  allowNamespaces: []
