Skip to content

Commit

Permalink
[bitnami/grafana-loki] Network policy review (#25904)
Browse files Browse the repository at this point in the history
  • Loading branch information
@bpfoster
bpfoster authored May 16, 2024
1 parent 7fb6423 commit c6b5d76
Show file tree
Hide file tree
Showing 14 changed files with 459 additions and 338 deletions.
2 changes: 1 addition & 1 deletion bitnami/grafana-loki/Chart.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -57,4 +57,4 @@ maintainers:
name: grafana-loki
sources:
- https://github.com/bitnami/charts/tree/main/bitnami/grafana-loki
version: 4.0.3
version: 4.1.0
476 changes: 249 additions & 227 deletions bitnami/grafana-loki/README.md
View file

Large diffs are not rendered by default.

16 changes: 8 additions & 8 deletions bitnami/grafana-loki/templates/compactor/networkpolicy.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -122,21 +122,21 @@ spec:
- podSelector:
matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 14 }}
app.kubernetes.io/part-of: grafana-loki
{{- if .Values.compactor.networkPolicy.addExternalClientAccess }}
- podSelector:
matchLabels:
{{ template "grafana-loki.compactor.fullname" . }}-compactor: "true"
{{- end }}
{{- if .Values.compactor.networkPolicy.ingressPodMatchLabels }}
- podSelector:
matchLabels: {{- include "common.tplvalues.render" (dict "value" .Values.compactor.networkPolicy.ingressPodMatchLabels "context" $ ) | nindent 14 }}
{{- end }}
{{- if .Values.compactor.networkPolicy.ingressNSMatchLabels }}
- namespaceSelector:
matchLabels:
{{- range $key, $value := .Values.compactor.networkPolicy.ingressNSMatchLabels }}
{{ $key | quote }}: {{ $value | quote }}
{{- end }}
matchLabels: {{- include "common.tplvalues.render" (dict "value" .Values.compactor.networkPolicy.ingressNSMatchLabels "context" $ ) | nindent 14 }}
{{- if .Values.compactor.networkPolicy.ingressNSPodMatchLabels }}
podSelector:
matchLabels:
{{- range $key, $value := .Values.compactor.networkPolicy.ingressNSPodMatchLabels }}
{{ $key | quote }}: {{ $value | quote }}
{{- end }}
matchLabels: {{- include "common.tplvalues.render" (dict "value" .Values.compactor.networkPolicy.ingressNSPodMatchLabels "context" $ ) | nindent 14 }}
{{- end }}
{{- end }}
{{- end }}
Expand Down
16 changes: 8 additions & 8 deletions bitnami/grafana-loki/templates/distributor/networkpolicy.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -114,21 +114,21 @@ spec:
- podSelector:
matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 14 }}
app.kubernetes.io/part-of: grafana-loki
{{- if .Values.distributor.networkPolicy.addExternalClientAccess }}
- podSelector:
matchLabels:
{{ template "grafana-loki.distributor.fullname" . }}-distributor: "true"
{{- end }}
{{- if .Values.distributor.networkPolicy.ingressPodMatchLabels }}
- podSelector:
matchLabels: {{- include "common.tplvalues.render" (dict "value" .Values.distributor.networkPolicy.ingressPodMatchLabels "context" $ ) | nindent 14 }}
{{- end }}
{{- if .Values.distributor.networkPolicy.ingressNSMatchLabels }}
- namespaceSelector:
matchLabels:
{{- range $key, $value := .Values.distributor.networkPolicy.ingressNSMatchLabels }}
{{ $key | quote }}: {{ $value | quote }}
{{- end }}
matchLabels: {{- include "common.tplvalues.render" (dict "value" .Values.distributor.networkPolicy.ingressNSMatchLabels "context" $ ) | nindent 14 }}
{{- if .Values.distributor.networkPolicy.ingressNSPodMatchLabels }}
podSelector:
matchLabels:
{{- range $key, $value := .Values.distributor.networkPolicy.ingressNSPodMatchLabels }}
{{ $key | quote }}: {{ $value | quote }}
{{- end }}
matchLabels: {{- include "common.tplvalues.render" (dict "value" .Values.distributor.networkPolicy.ingressNSPodMatchLabels "context" $ ) | nindent 14 }}
{{- end }}
{{- end }}
{{- end }}
Expand Down
16 changes: 8 additions & 8 deletions bitnami/grafana-loki/templates/gateway/networkpolicy.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -113,21 +113,21 @@ spec:
- podSelector:
matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 14 }}
app.kubernetes.io/part-of: grafana-loki
{{- if .Values.gateway.networkPolicy.addExternalClientAccess }}
- podSelector:
matchLabels:
{{ template "grafana-loki.gateway.fullname" . }}-gateway: "true"
{{- end }}
{{- if .Values.gateway.networkPolicy.ingressPodMatchLabels }}
- podSelector:
matchLabels: {{- include "common.tplvalues.render" (dict "value" .Values.gateway.networkPolicy.ingressPodMatchLabels "context" $ ) | nindent 14 }}
{{- end }}
{{- if .Values.gateway.networkPolicy.ingressNSMatchLabels }}
- namespaceSelector:
matchLabels:
{{- range $key, $value := .Values.gateway.networkPolicy.ingressNSMatchLabels }}
{{ $key | quote }}: {{ $value | quote }}
{{- end }}
matchLabels: {{- include "common.tplvalues.render" (dict "value" .Values.gateway.networkPolicy.ingressNSMatchLabels "context" $ ) | nindent 14 }}
{{- if .Values.gateway.networkPolicy.ingressNSPodMatchLabels }}
podSelector:
matchLabels:
{{- range $key, $value := .Values.gateway.networkPolicy.ingressNSPodMatchLabels }}
{{ $key | quote }}: {{ $value | quote }}
{{- end }}
matchLabels: {{- include "common.tplvalues.render" (dict "value" .Values.gateway.networkPolicy.ingressNSPodMatchLabels "context" $ ) | nindent 14 }}
{{- end }}
{{- end }}
{{- end }}
Expand Down
16 changes: 8 additions & 8 deletions bitnami/grafana-loki/templates/index-gateway/networkpolicy.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -114,21 +114,21 @@ spec:
- podSelector:
matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 14 }}
app.kubernetes.io/part-of: grafana-loki
{{- if .Values.indexGateway.networkPolicy.addExternalClientAccess }}
- podSelector:
matchLabels:
{{ template "grafana-loki.index-gateway.fullname" . }}-index-gateway: "true"
{{- end }}
{{- if .Values.indexGateway.networkPolicy.ingressPodMatchLabels }}
- podSelector:
matchLabels: {{- include "common.tplvalues.render" (dict "value" .Values.indexGateway.networkPolicy.ingressPodMatchLabels "context" $ ) | nindent 14 }}
{{- end }}
{{- if .Values.indexGateway.networkPolicy.ingressNSMatchLabels }}
- namespaceSelector:
matchLabels:
{{- range $key, $value := .Values.indexGateway.networkPolicy.ingressNSMatchLabels }}
{{ $key | quote }}: {{ $value | quote }}
{{- end }}
matchLabels: {{- include "common.tplvalues.render" (dict "value" .Values.indexGateway.networkPolicy.ingressNSMatchLabels "context" $ ) | nindent 14 }}
{{- if .Values.indexGateway.networkPolicy.ingressNSPodMatchLabels }}
podSelector:
matchLabels:
{{- range $key, $value := .Values.indexGateway.networkPolicy.ingressNSPodMatchLabels }}
{{ $key | quote }}: {{ $value | quote }}
{{- end }}
matchLabels: {{- include "common.tplvalues.render" (dict "value" .Values.indexGateway.networkPolicy.ingressNSPodMatchLabels "context" $ ) | nindent 14 }}
{{- end }}
{{- end }}
{{- end }}
Expand Down
16 changes: 8 additions & 8 deletions bitnami/grafana-loki/templates/ingester/networkpolicy.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -114,21 +114,21 @@ spec:
- podSelector:
matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 14 }}
app.kubernetes.io/part-of: grafana-loki
{{- if .Values.ingester.networkPolicy.addExternalClientAccess }}
- podSelector:
matchLabels:
{{ template "grafana-loki.ingester.fullname" . }}-ingester: "true"
{{- end }}
{{- if .Values.ingester.networkPolicy.ingressPodMatchLabels }}
- podSelector:
matchLabels: {{- include "common.tplvalues.render" (dict "value" .Values.ingester.networkPolicy.ingressPodMatchLabels "context" $ ) | nindent 14 }}
{{- end }}
{{- if .Values.ingester.networkPolicy.ingressNSMatchLabels }}
- namespaceSelector:
matchLabels:
{{- range $key, $value := .Values.ingester.networkPolicy.ingressNSMatchLabels }}
{{ $key | quote }}: {{ $value | quote }}
{{- end }}
matchLabels: {{- include "common.tplvalues.render" (dict "value" .Values.ingester.networkPolicy.ingressNSMatchLabels "context" $ ) | nindent 14 }}
{{- if .Values.ingester.networkPolicy.ingressNSPodMatchLabels }}
podSelector:
matchLabels:
{{- range $key, $value := .Values.ingester.networkPolicy.ingressNSPodMatchLabels }}
{{ $key | quote }}: {{ $value | quote }}
{{- end }}
matchLabels: {{- include "common.tplvalues.render" (dict "value" .Values.ingester.networkPolicy.ingressNSPodMatchLabels "context" $ ) | nindent 14 }}
{{- end }}
{{- end }}
{{- end }}
Expand Down
16 changes: 8 additions & 8 deletions bitnami/grafana-loki/templates/promtail/networkpolicy.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -116,21 +116,21 @@ spec:
- podSelector:
matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 14 }}
app.kubernetes.io/part-of: grafana-loki
{{- if .Values.promtail.networkPolicy.addExternalClientAccess }}
- podSelector:
matchLabels:
{{ template "grafana-loki.promtail.fullname" . }}-promtail: "true"
{{- end }}
{{- if .Values.promtail.networkPolicy.ingressPodMatchLabels }}
- podSelector:
matchLabels: {{- include "common.tplvalues.render" (dict "value" .Values.promtail.networkPolicy.ingressPodMatchLabels "context" $ ) | nindent 14 }}
{{- end }}
{{- if .Values.promtail.networkPolicy.ingressNSMatchLabels }}
- namespaceSelector:
matchLabels:
{{- range $key, $value := .Values.promtail.networkPolicy.ingressNSMatchLabels }}
{{ $key | quote }}: {{ $value | quote }}
{{- end }}
matchLabels: {{- include "common.tplvalues.render" (dict "value" .Values.promtail.networkPolicy.ingressNSMatchLabels "context" $ ) | nindent 14 }}
{{- if .Values.promtail.networkPolicy.ingressNSPodMatchLabels }}
podSelector:
matchLabels:
{{- range $key, $value := .Values.promtail.networkPolicy.ingressNSPodMatchLabels }}
{{ $key | quote }}: {{ $value | quote }}
{{- end }}
matchLabels: {{- include "common.tplvalues.render" (dict "value" .Values.promtail.networkPolicy.ingressNSPodMatchLabels "context" $ ) | nindent 14 }}
{{- end }}
{{- end }}
{{- end }}
Expand Down
16 changes: 8 additions & 8 deletions bitnami/grafana-loki/templates/querier/networkpolicy.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -114,21 +114,21 @@ spec:
- podSelector:
matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 14 }}
app.kubernetes.io/part-of: grafana-loki
{{- if .Values.querier.networkPolicy.addExternalClientAccess }}
- podSelector:
matchLabels:
{{ template "grafana-loki.querier.fullname" . }}-querier: "true"
{{- end }}
{{- if .Values.querier.networkPolicy.ingressPodMatchLabels }}
- podSelector:
matchLabels: {{- include "common.tplvalues.render" (dict "value" .Values.querier.networkPolicy.ingressPodMatchLabels "context" $ ) | nindent 14 }}
{{- end }}
{{- if .Values.querier.networkPolicy.ingressNSMatchLabels }}
- namespaceSelector:
matchLabels:
{{- range $key, $value := .Values.querier.networkPolicy.ingressNSMatchLabels }}
{{ $key | quote }}: {{ $value | quote }}
{{- end }}
matchLabels: {{- include "common.tplvalues.render" (dict "value" .Values.querier.networkPolicy.ingressNSMatchLabels "context" $ ) | nindent 14 }}
{{- if .Values.querier.networkPolicy.ingressNSPodMatchLabels }}
podSelector:
matchLabels:
{{- range $key, $value := .Values.querier.networkPolicy.ingressNSPodMatchLabels }}
{{ $key | quote }}: {{ $value | quote }}
{{- end }}
matchLabels: {{- include "common.tplvalues.render" (dict "value" .Values.querier.networkPolicy.ingressNSPodMatchLabels "context" $ ) | nindent 14 }}
{{- end }}
{{- end }}
{{- end }}
Expand Down
16 changes: 8 additions & 8 deletions bitnami/grafana-loki/templates/query-frontend/networkpolicy.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -114,21 +114,21 @@ spec:
- podSelector:
matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 14 }}
app.kubernetes.io/part-of: grafana-loki
{{- if .Values.queryFrontend.networkPolicy.addExternalClientAccess }}
- podSelector:
matchLabels:
{{ template "grafana-loki.query-frontend.fullname" . }}-query-frontend: "true"
{{- end }}
{{- if .Values.queryFrontend.networkPolicy.ingressPodMatchLabels }}
- podSelector:
matchLabels: {{- include "common.tplvalues.render" (dict "value" .Values.queryFrontend.networkPolicy.ingressPodMatchLabels "context" $ ) | nindent 14 }}
{{- end }}
{{- if .Values.queryFrontend.networkPolicy.ingressNSMatchLabels }}
- namespaceSelector:
matchLabels:
{{- range $key, $value := .Values.queryFrontend.networkPolicy.ingressNSMatchLabels }}
{{ $key | quote }}: {{ $value | quote }}
{{- end }}
matchLabels: {{- include "common.tplvalues.render" (dict "value" .Values.queryFrontend.networkPolicy.ingressNSMatchLabels "context" $ ) | nindent 14 }}
{{- if .Values.queryFrontend.networkPolicy.ingressNSPodMatchLabels }}
podSelector:
matchLabels:
{{- range $key, $value := .Values.queryFrontend.networkPolicy.ingressNSPodMatchLabels }}
{{ $key | quote }}: {{ $value | quote }}
{{- end }}
matchLabels: {{- include "common.tplvalues.render" (dict "value" .Values.queryFrontend.networkPolicy.ingressNSPodMatchLabels "context" $ ) | nindent 14 }}
{{- end }}
{{- end }}
{{- end }}
Expand Down
16 changes: 8 additions & 8 deletions bitnami/grafana-loki/templates/query-scheduler/networkpolicy.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -114,21 +114,21 @@ spec:
- podSelector:
matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 14 }}
app.kubernetes.io/part-of: grafana-loki
{{- if .Values.queryScheduler.networkPolicy.addExternalClientAccess }}
- podSelector:
matchLabels:
{{ template "grafana-loki.query-scheduler.fullname" . }}-query-scheduler: "true"
{{- end }}
{{- if .Values.queryScheduler.networkPolicy.ingressPodMatchLabels }}
- podSelector:
matchLabels: {{- include "common.tplvalues.render" (dict "value" .Values.queryScheduler.networkPolicy.ingressPodMatchLabels "context" $ ) | nindent 14 }}
{{- end }}
{{- if .Values.queryScheduler.networkPolicy.ingressNSMatchLabels }}
- namespaceSelector:
matchLabels:
{{- range $key, $value := .Values.queryScheduler.networkPolicy.ingressNSMatchLabels }}
{{ $key | quote }}: {{ $value | quote }}
{{- end }}
matchLabels: {{- include "common.tplvalues.render" (dict "value" .Values.queryScheduler.networkPolicy.ingressNSMatchLabels "context" $ ) | nindent 14 }}
{{- if .Values.queryScheduler.networkPolicy.ingressNSPodMatchLabels }}
podSelector:
matchLabels:
{{- range $key, $value := .Values.queryScheduler.networkPolicy.ingressNSPodMatchLabels }}
{{ $key | quote }}: {{ $value | quote }}
{{- end }}
matchLabels: {{- include "common.tplvalues.render" (dict "value" .Values.queryScheduler.networkPolicy.ingressNSPodMatchLabels "context" $ ) | nindent 14 }}
{{- end }}
{{- end }}
{{- end }}
Expand Down
16 changes: 8 additions & 8 deletions bitnami/grafana-loki/templates/ruler/networkpolicy.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -114,21 +114,21 @@ spec:
- podSelector:
matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 14 }}
app.kubernetes.io/part-of: grafana-loki
{{- if .Values.ruler.networkPolicy.addExternalClientAccess }}
- podSelector:
matchLabels:
{{ template "grafana-loki.ruler.fullname" . }}-ruler: "true"
{{- end }}
{{- if .Values.ruler.networkPolicy.ingressPodMatchLabels }}
- podSelector:
matchLabels: {{- include "common.tplvalues.render" (dict "value" .Values.ruler.networkPolicy.ingressPodMatchLabels "context" $ ) | nindent 14 }}
{{- end }}
{{- if .Values.ruler.networkPolicy.ingressNSMatchLabels }}
- namespaceSelector:
matchLabels:
{{- range $key, $value := .Values.ruler.networkPolicy.ingressNSMatchLabels }}
{{ $key | quote }}: {{ $value | quote }}
{{- end }}
matchLabels: {{- include "common.tplvalues.render" (dict "value" .Values.ruler.networkPolicy.ingressNSMatchLabels "context" $ ) | nindent 14 }}
{{- if .Values.ruler.networkPolicy.ingressNSPodMatchLabels }}
podSelector:
matchLabels:
{{- range $key, $value := .Values.ruler.networkPolicy.ingressNSPodMatchLabels }}
{{ $key | quote }}: {{ $value | quote }}
{{- end }}
matchLabels: {{- include "common.tplvalues.render" (dict "value" .Values.ruler.networkPolicy.ingressNSPodMatchLabels "context" $ ) | nindent 14 }}
{{- end }}
{{- end }}
{{- end }}
Expand Down
16 changes: 8 additions & 8 deletions bitnami/grafana-loki/templates/table-manager/networkpolicy.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -114,21 +114,21 @@ spec:
- podSelector:
matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 14 }}
app.kubernetes.io/part-of: grafana-loki
{{- if .Values.tableManager.networkPolicy.addExternalClientAccess }}
- podSelector:
matchLabels:
{{ template "grafana-loki.table-manager.fullname" . }}-table-manager: "true"
{{- end }}
{{- if .Values.tableManager.networkPolicy.ingressPodMatchLabels }}
- podSelector:
matchLabels: {{- include "common.tplvalues.render" (dict "value" .Values.tableManager.networkPolicy.ingressPodMatchLabels "context" $ ) | nindent 14 }}
{{- end }}
{{- if .Values.tableManager.networkPolicy.ingressNSMatchLabels }}
- namespaceSelector:
matchLabels:
{{- range $key, $value := .Values.tableManager.networkPolicy.ingressNSMatchLabels }}
{{ $key | quote }}: {{ $value | quote }}
{{- end }}
matchLabels: {{- include "common.tplvalues.render" (dict "value" .Values.tableManager.networkPolicy.ingressNSMatchLabels "context" $ ) | nindent 14 }}
{{- if .Values.tableManager.networkPolicy.ingressNSPodMatchLabels }}
podSelector:
matchLabels:
{{- range $key, $value := .Values.tableManager.networkPolicy.ingressNSPodMatchLabels }}
{{ $key | quote }}: {{ $value | quote }}
{{- end }}
matchLabels: {{- include "common.tplvalues.render" (dict "value" .Values.tableManager.networkPolicy.ingressNSPodMatchLabels "context" $ ) | nindent 14 }}
{{- end }}
{{- end }}
{{- end }}
Expand Down
Loading

0 comments on commit c6b5d76

Please sign in to comment.