WIP: Prepare an extension for cnp

2024-10-13 12:24:50 +02:00 · 2024-10-13 12:24:50 +02:00 · 6b7b319291
commit 6b7b319291
parent b2f3e6b833
4 changed files with 33 additions and 2 deletions
--- a/common/templates.yaml
+++ b/common/templates.yaml
@ -118,3 +118,10 @@ templates:
        alias: ext-secret
    values:
      - '{{ requiredEnv "PWD" }}/values/common/values.secret.yaml'
+  ext-cilium:
+    dependencies:
+      - chart: bedag/raw
+        version: 2.0.0
+        alias: extCilium
+    values:
+      - '{{ requiredEnv "PWD" }}/values/common/values.ext-cilium.yaml'
--- a/values/badhouseplants/secrets.server-xray-public.yaml
+++ b/values/badhouseplants/secrets.server-xray-public.yaml
@ -20,7 +20,7 @@ sops:
        QW9DOWRuZU5uVTY0NGRlR01lcmlsNkkKLS0tIEFGTHY2RkZEYUVDTWpjb1dlRHJL
        OEM3UkxsSWZUUnJwcDBNT0tWS0o2NHcKjh29QXezSS+YaehNzcr99WmyuMLOWXaX
        cwH4lLqv8tgMDPTJ/75xB7beXxeeqcg/nNT82WGcbkHtGb1BhiZbgw==
-        -----END AGE ENCRYPTED FILE-----
+        -----END AGE ENCRYPTED FILE-----        
    - recipient: age17fyzv5mezck364lvyepp9pa3tnjn7jvsgcpykhhz2smnxyq6fdusvl7waf
      enc: |
        -----BEGIN AGE ENCRYPTED FILE-----
@ -29,7 +29,7 @@ sops:
        Z2FyMUI0eU9qYTBmSW8zSm54R2VteEkKLS0tIFlpbmZHaW8wTmd2eFRiOC96ZitF
        S3I1ejZkOGp3TzE4NzRKcTFUS2xhSGsK0YeQkEeFTuyOQA1rV3rQYwInV/npCTYx
        6AsSjpbbOV4F66GxS4HpHYxCJP94FdMOOo8jKRHE9qN4dPseNm2SuA==
-        -----END AGE ENCRYPTED FILE-----
+        -----END AGE ENCRYPTED FILE-----        
  lastmodified: "2024-10-13T19:45:51Z"
  mac: ENC[AES256_GCM,data:wRdylfIvjrZDBSoTYLxP6l6s9UnzBY9i/n4psB9UhqlJj3DYhiGuKJ5ZDIiMXbtoYGd2w5xe1E/N5tI1/UrIpncH96VRhzNVs8tsS+wOdVPIT3LxmD5PJ1MkqGqslPJzz/mBWuUj4wkg6MR8f+luFHVIwBfsSMwnNzQdJSlKJ+U=,iv:MUEKF0d6jdthBQsvMgi1TFtBq8bfulKts8h3U4/Feww=,tag:Kvx1H8RAcDuRWIWB6QYdlA==,type:str]
  pgp: []
--- a/values/badhouseplants/values.server-xray-public.yaml
+++ b/values/badhouseplants/values.server-xray-public.yaml
@ -1,3 +1,9 @@
+extCilium:
+  enabled: true
+  ciliumNetworkPolicies:
+    - name: xray-public
+      endpointSelectors:
+        test: test
 traefik:
  enabled: true
  tcpRoutes:
--- a/values/common/values.ext-cilium.yaml
+++ b/values/common/values.ext-cilium.yaml
@ -0,0 +1,18 @@
+extCilium:
+  templates:
+    - |
+      {{ range .Values.ciliumNetworkPolicies }}
+      ---
+      apiVersion: "cilium.io/v2"
+      kind: CiliumNetworkPolicy
+      metadata:
+        name: {{ $.Release.Name }}-{{ .name }}
+      spec:
+        endpointSelector:
+          matchLabels:
+            {{ .endpointSelectors | toYaml | nindent 6 }}
+        egress:
+          {{ .egress | toYaml | nindent 4 }}
+        egressDeny:
+          {{ .egressDeny | toYaml | nindent 4 }}
+      {{ end }}