add CiliumNetworkPolicy (#67)

giantswarm · Jan 23, 2024 · ea0ca82 · ea0ca82
1 parent 57ecd63
commit ea0ca82
Show file tree

Hide file tree

Showing 4 changed files with 31 additions and 0 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -7,6 +7,10 @@ and this project's packages adheres to [Semantic Versioning](http://semver.org/s
 
 ## [Unreleased]
 
+### Added
+
+- Add `CiliumNetworkPolicy`.
+
 ## [1.2.1] - 2023-06-27
 
 ### Fixed

diff --git a/helm/sloth/templates/cilium-network-policy.yaml b/helm/sloth/templates/cilium-network-policy.yaml
@@ -0,0 +1,16 @@
+{{- if .Values.ciliumNetworkPolicy.enabled -}}
+apiVersion: "cilium.io/v2"
+kind: CiliumNetworkPolicy
+metadata:
+  labels:
+    {{- include "sloth.labels" . | nindent 4 }}
+  name: {{ include "sloth.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+spec:
+  endpointSelector:
+    matchLabels:
+      {{- include "sloth.selectorLabels" . | nindent 6 }}
+  egress:
+    - toEntities:
+        - kube-apiserver
+{{- end -}}
diff --git a/helm/sloth/values.schema.json b/helm/sloth/values.schema.json
@@ -2,6 +2,14 @@
     "$schema": "http://json-schema.org/schema#",
     "type": "object",
     "properties": {
+        "ciliumNetworkPolicy": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                }
+            }
+        },
         "commonPlugins": {
             "type": "object",
             "properties": {

diff --git a/helm/sloth/values.yaml b/helm/sloth/values.yaml
@@ -5,6 +5,9 @@ image:
   repository: giantswarm/sloth
   tag: v0.11.0
 
+ciliumNetworkPolicy:
+  enabled: true
+
 # -- Container resources: requests and limits for CPU, Memory
 resources:
   limits: