diff --git a/helm-chart/Chart.yaml b/helm-chart/Chart.yaml index ca8d107..e0aa7e5 100644 --- a/helm-chart/Chart.yaml +++ b/helm-chart/Chart.yaml @@ -7,5 +7,5 @@ icon: https://raw.githubusercontent.com/waylon/k8s-basic/master/helm-chart/logo. name: k8s-basic description: A helm chart for basic container deployment type: application -version: 1.0.0 +version: 1.0.2 appVersion: "1.0" diff --git a/helm-chart/templates/deployment.yaml b/helm-chart/templates/deployment.yaml index 5cfb98b..31a8d41 100644 --- a/helm-chart/templates/deployment.yaml +++ b/helm-chart/templates/deployment.yaml @@ -14,6 +14,8 @@ spec: metadata: labels: service: {{ .Values.name }} + annotations: + diun.enable: "true" spec: securityContext: {{ toYaml .Values.podSecurityContext | indent 8 }} diff --git a/helm-chart/templates/networkpolicy.yaml b/helm-chart/templates/networkpolicy.yaml index 0190249..33f0314 100644 --- a/helm-chart/templates/networkpolicy.yaml +++ b/helm-chart/templates/networkpolicy.yaml @@ -11,20 +11,15 @@ spec: service: {{ .Values.name }} policyTypes: - Ingress - - Egress ingress: - from: - namespaceSelector: matchLabels: - name: kube-system - podSelector: - matchLabels: - app: traefik - ports: - - protocol: TCP - port: {{ .Values.port }} - egress: - - {} + kubernetes.io/metadata.name: kube-system + # ports: + # - protocol: TCP + # port: {{ .Values.port }} + # egress: # TODO, optionally add egress restriction. # - to: # - namespaceSelector: {} @@ -34,3 +29,21 @@ spec: # port: 53 # - protocol: UDP # port: 53 +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: default-network-dns-policy + namespace: {{ .Values.namespace | default .Values.name }} +spec: + ingress: + - ports: + - port: 53 + protocol: TCP + - port: 53 + protocol: UDP + podSelector: + matchLabels: + k8s-app: kube-dns + policyTypes: + - Ingress