feat(keycloak): Add networkpolicy for inifispan to helm chart

This patch provides a network policy for infinispan that will allow communication among keycloak pods to the inifispan ping port. This should provide a first layer of firewall protection for the inifspan protocol.

feat(keycloak): Add networkpolicy for inifispan to helm chart
928e57ed · Sheogorath · 56e8408b · 928e57ed · 928e57ed · 928e57ed
Verified Commit 928e57ed authored 2 years ago by Sheogorath
--- a/charts/keycloak/Chart.yaml
+++ b/charts/keycloak/Chart.yaml
@@ -7,5 +7,5 @@ icon: https://www.keycloak.org/resources/images/keycloak_icon_512px.svg
 sources:
  - https://git.shivering-isles.com/shivering-isles/infrastructure-gitops
  - https://github.com/keycloak/keycloak
-version: 0.2.2
+version: 0.3.0
 appVersion: "19.0.2"
--- a/charts/keycloak/README.md
+++ b/charts/keycloak/README.md
 # keycloak
-![Version: 0.2.2](https://img.shields.io/badge/Version-0.2.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 19.0.2](https://img.shields.io/badge/AppVersion-19.0.2-informational?style=flat-square)
+![Version: 0.3.0](https://img.shields.io/badge/Version-0.3.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 19.0.2](https://img.shields.io/badge/AppVersion-19.0.2-informational?style=flat-square)
 (Alpha) A Helm chart for Keycloak on Kubernetes
@@ -43,6 +43,7 @@
 | metrics.interval | string | `nil` |  |
 | metrics.scrapeTimeout | string | `nil` |  |
 | nameOverride | string | `""` |  |
+| networkPolicy.create | bool | `false` | Creates a network policy for inifispan communication, does **not** take care of database or ingress communication |
 | nodeSelector | object | `{}` |  |
 | podAnnotations | object | `{}` |  |
 | podSecurityContext | object | `{}` |  |

--- a/charts/keycloak/templates/networkpolicy.yaml
+++ b/charts/keycloak/templates/networkpolicy.yaml
+{{- if .Values.networkPolicy.create -}}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ include "keycloak.fullname" . }}-allow-infinispan
+  labels:
+    {{- include "keycloak.labels" . | nindent 4 }}
+spec:
+  podSelector:
+    {{- include "keycloak.selectorLabels" . | nindent 4 }}
+  ingress:
+    - from:
+        - podSelector:
+            {{- include "keycloak.selectorLabels" . | nindent 12 }}
+      ports:
+        - port: 7800
+{{- end }}