From a4a78abd5aa733df0fdb772c78336114d9063221 Mon Sep 17 00:00:00 2001 From: Matheus Pimenta Date: Sun, 28 Sep 2025 14:30:41 +0100 Subject: [PATCH] feat: add NetworkPolicy Signed-off-by: Matheus Pimenta --- helm/oauth2-proxy/Chart.yaml | 8 ++--- helm/oauth2-proxy/README.md | 3 ++ .../oauth2-proxy/templates/networkpolicy.yaml | 35 +++++++++++++++++++ helm/oauth2-proxy/values.yaml | 6 ++++ 4 files changed, 48 insertions(+), 4 deletions(-) create mode 100644 helm/oauth2-proxy/templates/networkpolicy.yaml diff --git a/helm/oauth2-proxy/Chart.yaml b/helm/oauth2-proxy/Chart.yaml index 68b009e..ac18295 100644 --- a/helm/oauth2-proxy/Chart.yaml +++ b/helm/oauth2-proxy/Chart.yaml @@ -1,5 +1,5 @@ name: oauth2-proxy -version: 8.2.2 +version: 8.3.0 apiVersion: v2 appVersion: 7.12.0 home: https://oauth2-proxy.github.io/oauth2-proxy/ @@ -31,8 +31,8 @@ maintainers: kubeVersion: ">=1.16.0-0" annotations: artifacthub.io/changes: | - - kind: security - description: Adding cosign keyless signing for helm chart artifact + - kind: added + description: Add NetworkPolicy manifest to the helm chart links: - name: Github PR - url: https://github.com/oauth2-proxy/manifests/pull/356 + url: https://github.com/oauth2-proxy/manifests/pull/357 diff --git a/helm/oauth2-proxy/README.md b/helm/oauth2-proxy/README.md index cf7eb7d..9d7de12 100644 --- a/helm/oauth2-proxy/README.md +++ b/helm/oauth2-proxy/README.md @@ -181,6 +181,9 @@ The following table lists the configurable parameters of the oauth2-proxy chart | `livenessProbe.initialDelaySeconds` | number of seconds | 0 | | `livenessProbe.timeoutSeconds` | number of seconds | 1 | | `namespaceOverride` | Override the deployment namespace | `""` | +| `networkPolicy.create` | Create a NetworkPolicy resource | `false` | +| `networkPolicy.ingress` | List of ingress configuration objects | `[]` | +| `networkPolicy.egress` | List of egress configuration objects | `[]` | | `nodeSelector` | node labels for pod assignment | `{}` | | `deploymentAnnotations` | annotations to add to the deployment | `{}` | | `podAnnotations` | annotations to add to each pod | `{}` | diff --git a/helm/oauth2-proxy/templates/networkpolicy.yaml b/helm/oauth2-proxy/templates/networkpolicy.yaml new file mode 100644 index 0000000..fb91778 --- /dev/null +++ b/helm/oauth2-proxy/templates/networkpolicy.yaml @@ -0,0 +1,35 @@ +{{- if .Values.networkPolicy.create }} +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: {{ include "oauth2-proxy.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "oauth2-proxy.labels" . | nindent 4 }} + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.commonAnnotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + policyTypes: + {{- if .Values.networkPolicy.ingress }} + - Ingress + {{- end }} + {{- if .Values.networkPolicy.egress }} + - Egress + {{- end }} + podSelector: + matchLabels: + {{- include "oauth2-proxy.selectorLabels" . | nindent 6 }} + {{- if .Values.networkPolicy.ingress }} + ingress: + {{- toYaml .Values.networkPolicy.ingress | nindent 4 }} + {{- end }} + {{- if .Values.networkPolicy.egress }} + egress: + {{- toYaml .Values.networkPolicy.egress | nindent 4 }} + {{- end }} +{{- end }} diff --git a/helm/oauth2-proxy/values.yaml b/helm/oauth2-proxy/values.yaml index 272b50c..8516e9c 100644 --- a/helm/oauth2-proxy/values.yaml +++ b/helm/oauth2-proxy/values.yaml @@ -177,6 +177,12 @@ serviceAccount: automountServiceAccountToken: true annotations: {} +# Network policy settings. +networkPolicy: + create: false + ingress: [] + egress: [] + ingress: enabled: false # className: nginx