From 39faa757cc0971567339f2e5e8e5664ae398d85e Mon Sep 17 00:00:00 2001 From: Maxime Brunet Date: Tue, 7 Jul 2020 07:51:58 -0400 Subject: [PATCH] [stable/prometheus-pushgateway] Fix networkPolicy podSelector and ingress rule (#23053) * Fix `podSelector` by adding `release` label * Fix ingress rule by ensuring port is restricted Before it was: * Source: any, Port: `targetPort` * Source: `customSelectors`, Port: any Now it is: * Source: `customSelectors`, Port: `targetPort` and `allowAll` does not add an any/any rule anymore. Signed-off-by: Maxime Brunet Signed-off-by: Adrien Loiseau --- stable/prometheus-pushgateway/Chart.yaml | 2 +- stable/prometheus-pushgateway/templates/networkpolicy.yaml | 5 ++--- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/stable/prometheus-pushgateway/Chart.yaml b/stable/prometheus-pushgateway/Chart.yaml index c9461d1dfe82..f612e0847817 100644 --- a/stable/prometheus-pushgateway/Chart.yaml +++ b/stable/prometheus-pushgateway/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 appVersion: "1.2.0" description: A Helm chart for prometheus pushgateway name: prometheus-pushgateway -version: 1.4.0 +version: 1.4.1 home: https://github.com/prometheus/pushgateway sources: - https://github.com/prometheus/pushgateway diff --git a/stable/prometheus-pushgateway/templates/networkpolicy.yaml b/stable/prometheus-pushgateway/templates/networkpolicy.yaml index f1e1dc0627d3..aa490585838c 100644 --- a/stable/prometheus-pushgateway/templates/networkpolicy.yaml +++ b/stable/prometheus-pushgateway/templates/networkpolicy.yaml @@ -15,13 +15,12 @@ spec: podSelector: matchLabels: app: {{ template "prometheus-pushgateway.name" .}} + release: {{ .Release.Name }} ingress: - ports: - port: {{ .Values.service.targetPort }} {{- if .Values.networkPolicy.customSelectors }} - - from: + from: {{ toYaml .Values.networkPolicy.customSelectors | indent 8 }} -{{- else if .Values.networkPolicy.allowAll }} - - {} {{- end -}} {{- end -}}