diff --git a/bitnami/mongodb/Chart.yaml b/bitnami/mongodb/Chart.yaml index 68adb2cbf066a1..31e8cd312c9f41 100644 --- a/bitnami/mongodb/Chart.yaml +++ b/bitnami/mongodb/Chart.yaml @@ -1,4 +1,4 @@ -# Copyright VMware, Inc. +# Copyright Broadcom, Inc. All Rights Reserved. # SPDX-License-Identifier: APACHE-2.0 annotations: @@ -39,4 +39,4 @@ maintainers: name: mongodb sources: - https://github.com/bitnami/charts/tree/main/bitnami/mongodb -version: 15.1.7 +version: 15.2.0 diff --git a/bitnami/mongodb/README.md b/bitnami/mongodb/README.md index ba6ee31a31175d..dc92a5b8bbab5b 100644 --- a/bitnami/mongodb/README.md +++ b/bitnami/mongodb/README.md @@ -602,10 +602,12 @@ If you encounter errors when working with persistent volumes, refer to our [trou | `networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` | | `networkPolicy.allowExternal` | Don't require server label for connections | `true` | | `networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` | +| `networkPolicy.addExternalClientAccess` | Allow access from pods with client label set to "true". Ignored if `networkPolicy.allowExternal` is true. | `true` | | `networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolicy | `[]` | | `networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` | -| `networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` | -| `networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` | +| `networkPolicy.ingressPodMatchLabels` | Labels to match to allow traffic from other pods. Ignored if `networkPolicy.allowExternal` is true. | `{}` | +| `networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces. Ignored if `networkPolicy.allowExternal` is true. | `{}` | +| `networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces. Ignored if `networkPolicy.allowExternal` is true. | `{}` | | `persistence.enabled` | Enable MongoDB(®) data persistence using PVC | `true` | | `persistence.name` | Name of the PVC and mounted volume | `datadir` | | `persistence.medium` | Provide a medium for `emptyDir` volumes. | `""` | diff --git a/bitnami/mongodb/templates/networkpolicy.yaml b/bitnami/mongodb/templates/networkpolicy.yaml index 68a57b0aa38a98..4e9f2f2942eb0b 100644 --- a/bitnami/mongodb/templates/networkpolicy.yaml +++ b/bitnami/mongodb/templates/networkpolicy.yaml @@ -68,26 +68,26 @@ spec: {{- end }} {{- if not .Values.networkPolicy.allowExternal }} from: - - podSelector: - matchLabels: - {{ template "common.names.fullname" . }}-client: "true" - podSelector: matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 14 }} app.kubernetes.io/component: mongodb + {{- if .Values.networkPolicy.addExternalClientAccess }} + - podSelector: + matchLabels: + {{ template "common.names.fullname" . }}-client: "true" + {{- end }} + {{- if .Values.networkPolicy.ingressPodMatchLabels }} + - podSelector: + matchLabels: {{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.ingressPodMatchLabels "context" $ ) | nindent 14 }} + {{- end }} {{- $ingressNSMatchLabels := coalesce .Values.networkPolicy.ingressNSMatchLabels .Values.networkPolicy.namespaceSelector }} {{- if $ingressNSMatchLabels }} - namespaceSelector: - matchLabels: - {{- range $key, $value := $ingressNSMatchLabels }} - {{ $key | quote }}: {{ $value | quote }} - {{- end }} + matchLabels: {{- include "common.tplvalues.render" (dict "value" $ingressNSMatchLabels "context" $ ) | nindent 14 }} {{- $ingressNSPodMatchLabels := coalesce .Values.networkPolicy.ingressNSPodMatchLabels .Values.networkPolicy.podSelector }} {{- if $ingressNSPodMatchLabels }} podSelector: - matchLabels: - {{- range $key, $value := $ingressNSPodMatchLabels }} - {{ $key | quote }}: {{ $value | quote }} - {{- end }} + matchLabels: {{- include "common.tplvalues.render" (dict "value" $ingressNSPodMatchLabels "context" $ ) | nindent 14 }} {{- end }} {{- end }} {{- end }} diff --git a/bitnami/mongodb/values.yaml b/bitnami/mongodb/values.yaml index 80cd1450336f9f..cc9b2af355061c 100644 --- a/bitnami/mongodb/values.yaml +++ b/bitnami/mongodb/values.yaml @@ -1051,6 +1051,9 @@ networkPolicy: ## @param networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations. ## allowExternalEgress: true + ## @param networkPolicy.addExternalClientAccess Allow access from pods with client label set to "true". Ignored if `networkPolicy.allowExternal` is true. + ## + addExternalClientAccess: true ## @param networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy ## e.g: ## extraIngress: @@ -1084,8 +1087,14 @@ networkPolicy: ## - frontend ## extraEgress: [] - ## @param networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces - ## @param networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces + ## @param networkPolicy.ingressPodMatchLabels [object] Labels to match to allow traffic from other pods. Ignored if `networkPolicy.allowExternal` is true. + ## e.g: + ## ingressPodMatchLabels: + ## my-client: "true" + # + ingressPodMatchLabels: {} + ## @param networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces. Ignored if `networkPolicy.allowExternal` is true. + ## @param networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces. Ignored if `networkPolicy.allowExternal` is true. ## ingressNSMatchLabels: {} ingressNSPodMatchLabels: {}