Skip to content

Commit

Permalink
[bitnami/grafana-tempo] Network policy review
Browse files Browse the repository at this point in the history 
Apply the same changes made in PR bitnami#25519 to the Tempo chart

Signed-off-by: Ben Foster <[email protected]>
  • Loading branch information
@bpfoster
bpfoster committed May 15, 2024
1 parent 1ee381b commit e825b76
Show file tree
Hide file tree
Showing 10 changed files with 299 additions and 222 deletions.
2 changes: 1 addition & 1 deletion bitnami/grafana-tempo/Chart.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,4 +39,4 @@ maintainers:
name: grafana-tempo
sources:
- https://github.com/bitnami/charts/tree/main/bitnami/grafana-tempo
version: 3.2.0
version: 3.3.0
316 changes: 165 additions & 151 deletions bitnami/grafana-tempo/README.md
View file

Large diffs are not rendered by default.

16 changes: 8 additions & 8 deletions bitnami/grafana-tempo/templates/compactor/networkpolicy.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -100,21 +100,21 @@ spec:
- port: {{ .Values.tempo.containerPorts.grpc }}
{{- if not .Values.compactor.networkPolicy.allowExternal }}
from:
{{- if .Values.compactor.networkPolicy.addExternalClientAccess }}
- podSelector:
matchLabels:
{{ template "grafana-tempo.compactor.fullname" . }}-compactor: "true"
{{- end }}
{{- if .Values.compactor.networkPolicy.ingressPodMatchLabels }}
- podSelector:
matchLabels: {{- include "common.tplvalues.render" (dict "value" .Values.compactor.networkPolicy.ingressPodMatchLabels "context" $ ) | nindent 14 }}
{{- end }}
{{- if .Values.compactor.networkPolicy.ingressNSMatchLabels }}
- namespaceSelector:
matchLabels:
{{- range $key, $value := .Values.compactor.networkPolicy.ingressNSMatchLabels }}
{{ $key | quote }}: {{ $value | quote }}
{{- end }}
matchLabels: {{- include "common.tplvalues.render" (dict "value" $ingressNSMatchLabels "context" $ ) | nindent 14 }}
{{- if .Values.compactor.networkPolicy.ingressNSPodMatchLabels }}
podSelector:
matchLabels:
{{- range $key, $value := .Values.compactor.networkPolicy.ingressNSPodMatchLabels }}
{{ $key | quote }}: {{ $value | quote }}
{{- end }}
matchLabels: {{- include "common.tplvalues.render" (dict "value" $ingressNSPodMatchLabels "context" $ ) | nindent 14 }}
{{- end }}
{{- end }}
{{- end }}
Expand Down
16 changes: 8 additions & 8 deletions bitnami/grafana-tempo/templates/distributor/networkpolicy.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -127,21 +127,21 @@ spec:
{{- end }}
{{- if not .Values.distributor.networkPolicy.allowExternal }}
from:
{{- if .Values.distributor.networkPolicy.addExternalClientAccess }}
- podSelector:
matchLabels:
{{ template "grafana-tempo.distributor.fullname" . }}-distributor: "true"
{{- end }}
{{- if .Values.distributor.networkPolicy.ingressPodMatchLabels }}
- podSelector:
matchLabels: {{- include "common.tplvalues.render" (dict "value" .Values.distributor.networkPolicy.ingressPodMatchLabels "context" $ ) | nindent 14 }}
{{- end }}
{{- if .Values.distributor.networkPolicy.ingressNSMatchLabels }}
- namespaceSelector:
matchLabels:
{{- range $key, $value := .Values.distributor.networkPolicy.ingressNSMatchLabels }}
{{ $key | quote }}: {{ $value | quote }}
{{- end }}
matchLabels: {{- include "common.tplvalues.render" (dict "value" $ingressNSMatchLabels "context" $ ) | nindent 14 }}
{{- if .Values.distributor.networkPolicy.ingressNSPodMatchLabels }}
podSelector:
matchLabels:
{{- range $key, $value := .Values.distributor.networkPolicy.ingressNSPodMatchLabels }}
{{ $key | quote }}: {{ $value | quote }}
{{- end }}
matchLabels: {{- include "common.tplvalues.render" (dict "value" $ingressNSPodMatchLabels "context" $ ) | nindent 14 }}
{{- end }}
{{- end }}
{{- end }}
Expand Down
16 changes: 8 additions & 8 deletions bitnami/grafana-tempo/templates/ingester/networkpolicy.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -100,21 +100,21 @@ spec:
- port: {{ .Values.tempo.containerPorts.grpc }}
{{- if not .Values.ingester.networkPolicy.allowExternal }}
from:
{{- if .Values.ingester.networkPolicy.addExternalClientAccess }}
- podSelector:
matchLabels:
{{ template "grafana-tempo.ingester.fullname" . }}-ingester: "true"
{{- end }}
{{- if .Values.ingester.networkPolicy.ingressPodMatchLabels }}
- podSelector:
matchLabels: {{- include "common.tplvalues.render" (dict "value" .Values.ingester.networkPolicy.ingressPodMatchLabels "context" $ ) | nindent 14 }}
{{- end }}
{{- if .Values.ingester.networkPolicy.ingressNSMatchLabels }}
- namespaceSelector:
matchLabels:
{{- range $key, $value := .Values.ingester.networkPolicy.ingressNSMatchLabels }}
{{ $key | quote }}: {{ $value | quote }}
{{- end }}
matchLabels: {{- include "common.tplvalues.render" (dict "value" $ingressNSMatchLabels "context" $ ) | nindent 14 }}
{{- if .Values.ingester.networkPolicy.ingressNSPodMatchLabels }}
podSelector:
matchLabels:
{{- range $key, $value := .Values.ingester.networkPolicy.ingressNSPodMatchLabels }}
{{ $key | quote }}: {{ $value | quote }}
{{- end }}
matchLabels: {{- include "common.tplvalues.render" (dict "value" $ingressNSPodMatchLabels "context" $ ) | nindent 14 }}
{{- end }}
{{- end }}
{{- end }}
Expand Down
16 changes: 8 additions & 8 deletions bitnami/grafana-tempo/templates/metrics-generator/networkpolicy.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -100,21 +100,21 @@ spec:
- port: {{ .Values.tempo.containerPorts.grpc }}
{{- if not .Values.metricsGenerator.networkPolicy.allowExternal }}
from:
{{- if .Values.metricsGenerator.networkPolicy.addExternalClientAccess }}
- podSelector:
matchLabels:
{{ template "grafana-tempo.metrics-generator.fullname" . }}-metrics-generator: "true"
{{- end }}
{{- if .Values.metricsGenerator.networkPolicy.ingressPodMatchLabels }}
- podSelector:
matchLabels: {{- include "common.tplvalues.render" (dict "value" .Values.metricsGenerator.networkPolicy.ingressPodMatchLabels "context" $ ) | nindent 14 }}
{{- end }}
{{- if .Values.metricsGenerator.networkPolicy.ingressNSMatchLabels }}
- namespaceSelector:
matchLabels:
{{- range $key, $value := .Values.metricsGenerator.networkPolicy.ingressNSMatchLabels }}
{{ $key | quote }}: {{ $value | quote }}
{{- end }}
matchLabels: {{- include "common.tplvalues.render" (dict "value" $ingressNSMatchLabels "context" $ ) | nindent 14 }}
{{- if .Values.metricsGenerator.networkPolicy.ingressNSPodMatchLabels }}
podSelector:
matchLabels:
{{- range $key, $value := .Values.metricsGenerator.networkPolicy.ingressNSPodMatchLabels }}
{{ $key | quote }}: {{ $value | quote }}
{{- end }}
matchLabels: {{- include "common.tplvalues.render" (dict "value" $ingressNSPodMatchLabels "context" $ ) | nindent 14 }}
{{- end }}
{{- end }}
{{- end }}
Expand Down
16 changes: 8 additions & 8 deletions bitnami/grafana-tempo/templates/querier/networkpolicy.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -100,21 +100,21 @@ spec:
- port: {{ .Values.tempo.containerPorts.grpc }}
{{- if not .Values.querier.networkPolicy.allowExternal }}
from:
{{- if .Values.querier.networkPolicy.addExternalClientAccess }}
- podSelector:
matchLabels:
{{ template "grafana-tempo.querier.fullname" . }}-querier: "true"
{{- end }}
{{- if .Values.querier.networkPolicy.ingressPodMatchLabels }}
- podSelector:
matchLabels: {{- include "common.tplvalues.render" (dict "value" .Values.querier.networkPolicy.ingressPodMatchLabels "context" $ ) | nindent 14 }}
{{- end }}
{{- if .Values.querier.networkPolicy.ingressNSMatchLabels }}
- namespaceSelector:
matchLabels:
{{- range $key, $value := .Values.querier.networkPolicy.ingressNSMatchLabels }}
{{ $key | quote }}: {{ $value | quote }}
{{- end }}
matchLabels: {{- include "common.tplvalues.render" (dict "value" $ingressNSMatchLabels "context" $ ) | nindent 14 }}
{{- if .Values.querier.networkPolicy.ingressNSPodMatchLabels }}
podSelector:
matchLabels:
{{- range $key, $value := .Values.querier.networkPolicy.ingressNSPodMatchLabels }}
{{ $key | quote }}: {{ $value | quote }}
{{- end }}
matchLabels: {{- include "common.tplvalues.render" (dict "value" $ingressNSPodMatchLabels "context" $ ) | nindent 14 }}
{{- end }}
{{- end }}
{{- end }}
Expand Down
16 changes: 8 additions & 8 deletions bitnami/grafana-tempo/templates/query-frontend/networkpolicy.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -110,21 +110,21 @@ spec:
- port: {{ .Values.queryFrontend.query.containerPorts.jaegerMetrics }}
{{- if not .Values.queryFrontend.networkPolicy.allowExternal }}
from:
{{- if .Values.queryFrontend.networkPolicy.addExternalClientAccess }}
- podSelector:
matchLabels:
{{ template "grafana-tempo.query-frontend.fullname" . }}-query-frontend: "true"
{{- end }}
{{- if .Values.queryFrontend.networkPolicy.ingressPodMatchLabels }}
- podSelector:
matchLabels: {{- include "common.tplvalues.render" (dict "value" .Values.queryFrontend.networkPolicy.ingressPodMatchLabels "context" $ ) | nindent 14 }}
{{- end }}
{{- if .Values.queryFrontend.networkPolicy.ingressNSMatchLabels }}
- namespaceSelector:
matchLabels:
{{- range $key, $value := .Values.queryFrontend.networkPolicy.ingressNSMatchLabels }}
{{ $key | quote }}: {{ $value | quote }}
{{- end }}
matchLabels: {{- include "common.tplvalues.render" (dict "value" $ingressNSMatchLabels "context" $ ) | nindent 14 }}
{{- if .Values.queryFrontend.networkPolicy.ingressNSPodMatchLabels }}
podSelector:
matchLabels:
{{- range $key, $value := .Values.queryFrontend.networkPolicy.ingressNSPodMatchLabels }}
{{ $key | quote }}: {{ $value | quote }}
{{- end }}
matchLabels: {{- include "common.tplvalues.render" (dict "value" $ingressNSPodMatchLabels "context" $ ) | nindent 14 }}
{{- end }}
{{- end }}
{{- end }}
Expand Down
16 changes: 8 additions & 8 deletions bitnami/grafana-tempo/templates/vulture/networkpolicy.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -98,21 +98,21 @@ spec:
- port: {{ .Values.vulture.containerPorts.http }}
{{- if not .Values.vulture.networkPolicy.allowExternal }}
from:
{{- if .Values.vulture.networkPolicy.addExternalClientAccess }}
- podSelector:
matchLabels:
{{ template "grafana-tempo.vulture.fullname" . }}-vulture: "true"
{{- end }}
{{- if .Values.vulture.networkPolicy.ingressPodMatchLabels }}
- podSelector:
matchLabels: {{- include "common.tplvalues.render" (dict "value" .Values.vulture.networkPolicy.ingressPodMatchLabels "context" $ ) | nindent 14 }}
{{- end }}
{{- if .Values.vulture.networkPolicy.ingressNSMatchLabels }}
- namespaceSelector:
matchLabels:
{{- range $key, $value := .Values.vulture.networkPolicy.ingressNSMatchLabels }}
{{ $key | quote }}: {{ $value | quote }}
{{- end }}
matchLabels: {{- include "common.tplvalues.render" (dict "value" $ingressNSMatchLabels "context" $ ) | nindent 14 }}
{{- if .Values.vulture.networkPolicy.ingressNSPodMatchLabels }}
podSelector:
matchLabels:
{{- range $key, $value := .Values.vulture.networkPolicy.ingressNSPodMatchLabels }}
{{ $key | quote }}: {{ $value | quote }}
{{- end }}
matchLabels: {{- include "common.tplvalues.render" (dict "value" $ingressNSPodMatchLabels "context" $ ) | nindent 14 }}
{{- end }}
{{- end }}
{{- end }}
Expand Down
Loading

0 comments on commit e825b76

Please sign in to comment.