1 files changed, 35 insertions, 0 deletions

diff --git a/astroshop-platform/argocd-helmchart/templates/redis/networkpolicy.yaml b/astroshop-platform/argocd-helmchart/templates/redis/networkpolicy.yaml
new file mode 100644
index 0000000..ccf0699
--- /dev/null
+++ b/astroshop-platform/argocd-helmchart/templates/redis/networkpolicy.yaml
@@ -0,0 +1,35 @@
+{{- $redisHa := (index .Values "redis-ha") -}}
+{{- if and (or .Values.redis.networkPolicy.create .Values.global.networkPolicy.create) .Values.redis.enabled (not $redisHa.enabled) }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  labels:
+    {{- include "argo-cd.labels" (dict "context" . "component" .Values.redis.name "name" .Values.redis.name) | nindent 4 }}
+  name: {{ template "argo-cd.redis.fullname" . }}
+  namespace: {{ include  "argo-cd.namespace" . }}
+spec:
+  ingress:
+  - from:
+    - podSelector:
+        matchLabels:
+          {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.server.name) | nindent 10 }}
+    - podSelector:
+        matchLabels:
+          {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.repoServer.name) | nindent 10 }}
+    - podSelector:
+        matchLabels:
+          {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 10 }}
+    ports:
+    - port: redis
+      protocol: TCP
+  - from:
+    - namespaceSelector: {}
+    ports:
+    - port: metrics
+      protocol: TCP
+  podSelector:
+    matchLabels:
+      {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.redis.name) | nindent 6 }}
+  policyTypes:
+  - Ingress
+{{- end }}