network policy is configurable and optional now :) (#63)

small-hack · Aug 18, 2023 · fd837bf · fd837bf
1 parent 1095a07
commit fd837bf
Show file tree

Hide file tree

Showing 4 changed files with 14 additions and 3 deletions.
diff --git a/charts/bitwarden-eso-provider/Chart.yaml b/charts/bitwarden-eso-provider/Chart.yaml
@@ -15,7 +15,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.3.0
+version: 0.3.1
 
 # renovate: image=jessebot/bweso
 appVersion: "v0.2.0"

diff --git a/charts/bitwarden-eso-provider/README.md b/charts/bitwarden-eso-provider/README.md
@@ -1,6 +1,6 @@
 # bitwarden-eso-provider
 
-![Version: 0.3.0](https://img.shields.io/badge/Version-0.3.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.2.0](https://img.shields.io/badge/AppVersion-v0.2.0-informational?style=flat-square)
+![Version: 0.3.1](https://img.shields.io/badge/Version-0.3.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.2.0](https://img.shields.io/badge/AppVersion-v0.2.0-informational?style=flat-square)
 
 Helm chart to use Bitwarden as a Provider for External Secrets Operator
 
@@ -36,6 +36,8 @@ Helm chart to use Bitwarden as a Provider for External Secrets Operator
 | image.tag | string | `""` | Overrides the image tag whose default is the chart appVersion. |
 | imagePullSecrets | list | `[]` |  |
 | nameOverride | string | `""` | this overrides the name of the chart |
+| network_policy.enabled | bool | `true` | enable a network policy between bitwarden_eso_provider and external-secrets-operator |
+| network_policy.labels | object | `{"app.kubernetes.io/name":"external-secrets"}` | specify the labels you'd like to match against for the network policy |
 | nodeSelector | object | `{}` |  |
 | podAnnotations | object | `{}` | additional annotations to apply to the bitwarden ESO provider pod |
 | podSecurityContext | object | `{}` |  |

diff --git a/charts/bitwarden-eso-provider/templates/network-policy.yaml b/charts/bitwarden-eso-provider/templates/network-policy.yaml
@@ -1,3 +1,4 @@
+{{- if .Values.network_policy }}
 ---
 kind: NetworkPolicy
 apiVersion: networking.k8s.io/v1
@@ -12,4 +13,5 @@ spec:
     - from:
       - namespaceSelector:
           matchLabels:
-            kubernetes.io/metadata.name: external-secrets
+          {{ toYaml .Values.network_policy.labels | indent 2 }}
+{{- end }}
diff --git a/charts/bitwarden-eso-provider/values.yaml b/charts/bitwarden-eso-provider/values.yaml
@@ -100,3 +100,10 @@ nodeSelector: {}
 tolerations: []
 
 affinity: {}
+
+network_policy:
+  # -- enable a network policy between bitwarden_eso_provider and external-secrets-operator
+  enabled: true
+  # -- specify the labels you'd like to match against for the network policy
+  labels:
+    app.kubernetes.io/name: external-secrets