stefanprodan · wanddynosios · Mar 4, 2024 · Mar 4, 2024 · Mar 5, 2024 · Mar 5, 2024
diff --git a/charts/podinfo/README.md b/charts/podinfo/README.md
@@ -62,6 +62,9 @@ The following tables lists the configurable parameters of the podinfo chart and
 | `redis.enabled`                   | `false`                        | Create Redis deployment for caching purposes                                                                           |
 | `redis.repository`                | `docker.io/redis`              | Redis image repository                                                                                                 |
 | `redis.tag`                       | `<VERSION>`                    | Redis image tag                                                                                                        |
+| `redis.securityContext`           | `{}`                           | The security context to be set on the redis pod                                                                        |
+| `redis.containerSecurityContext`  | `{}`                           | The security context to be set on the redis container                                                                  |
+| `redis.persistence.enabled     `  | `false`                        | Enabled the PVC for redis cache                                                                                        |
 | `redis.imagePullSecrets`          | `[]`                           | Redis image pull secrets                                                                                               |
 | `ui.color`                        | `#34577c`                      | UI color                                                                                                               |
 | `ui.message`                      | `None`                         | UI greetings message                                                                                                   |
@@ -122,6 +125,7 @@ The following tables lists the configurable parameters of the podinfo chart and
 | `resources.requests.memory`       | `16Mi`                         | Pod memory request                                                                                                     |
 | `resources.limits.cpu`            | `None`                         | Pod CPU limit                                                                                                          |
 | `resources.limits.memory`         | `None`                         | Pod memory limit                                                                                                       |
+| `networkPolicy.enabled`           | `false`                | Whether network policies between podinfo and redis should be created                                                   |
 | `nodeSelector`                    | `{}`                           | Node labels for pod assignment                                                                                         |
 | `tolerations`                     | `[]`                           | List of node taints to tolerate                                                                                        |
 | `affinity`                        | `None`                         | Node/pod affinities                                                                                                    |

diff --git a/charts/podinfo/templates/deployment.yaml b/charts/podinfo/templates/deployment.yaml
@@ -5,6 +5,7 @@ metadata:
   namespace: {{ include "podinfo.namespace" . }}
   labels:
     {{- include "podinfo.labels" . | nindent 4 }}
+    app.kubernetes.io/component: server
 spec:
   {{- if not .Values.hpa.enabled }}
   replicas: {{ .Values.replicaCount }}
@@ -20,6 +21,7 @@ spec:
     metadata:
       labels:
         {{- include "podinfo.selectorLabels" . | nindent 8 }}
+        app.kubernetes.io/component: server
       annotations:
         prometheus.io/scrape: "true"
         prometheus.io/port: "{{ .Values.service.httpPort }}"

diff --git a/charts/podinfo/templates/network-policies.yaml b/charts/podinfo/templates/network-policies.yaml
@@ -0,0 +1,51 @@
+{{- if .Values.networkPolicies.enabled -}}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "podinfo.fullname" . }}-egress
+  labels:
+    {{- include "podinfo.labels" . | nindent 4 }}
+spec:
+  podSelector:
+    matchLabels:
+      {{- include "podinfo.selectorLabels" . | nindent 6 }}
+      app.kubernetes.io/component: server
+  egress:
+    - to:
+        - podSelector:
+            matchLabels:
+              {{- include "podinfo.selectorLabels" . | nindent 14 }}
+              app.kubernetes.io/component: cache
+          namespaceSelector:
+            matchLabels:
+              kubernetes.io/metadata.name: {{ .Release.Namespace }}
+      ports:
+        - port: redis
+          protocol: TCP
+  policyTypes:
+    - Egress
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "podinfo.fullname" . }}-ingress
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/component: cache
+      {{- include "podinfo.selectorLabels" . | nindent 6 }}
+  ingress:
+    - from:
+        - podSelector:
+            matchLabels:
+              {{- include "podinfo.selectorLabels" . | nindent 14 }}
+              app.kubernetes.io/component: server
+          namespaceSelector:
+            matchLabels:
+              kubernetes.io/metadata.name: {{ .Release.Namespace }}
+      ports:
+        - port: redis
+          protocol: TCP
+  policyTypes:
+    - Ingress
+{{- end -}}
diff --git a/charts/podinfo/templates/redis/config.yaml b/charts/podinfo/templates/redis/config.yaml
@@ -8,5 +8,9 @@ data:
     maxmemory 64mb
     maxmemory-policy allkeys-lru
     save ""
+    {{- if .Values.redis.persistence.enabled }}
+    appendonly yes
+    {{- else }}
     appendonly no
+    {{- end }}
 {{- end }}
diff --git a/charts/podinfo/templates/redis/deployment.yaml b/charts/podinfo/templates/redis/deployment.yaml
@@ -5,6 +5,8 @@ metadata:
   name: {{ template "podinfo.fullname" . }}-redis
   labels:
     app: {{ template "podinfo.fullname" . }}-redis
+    {{- include "podinfo.labels" . | nindent 4 }}
+    app.kubernetes.io/component: cache
 spec:
   strategy:
     type: Recreate
@@ -15,9 +17,15 @@ spec:
     metadata:
       labels:
         app: {{ template "podinfo.fullname" . }}-redis
+        {{- include "podinfo.labels" . | nindent 8 }}
+        app.kubernetes.io/component: cache
       annotations:
         checksum/config: {{ include (print $.Template.BasePath "/redis/config.yaml") . | sha256sum | quote }}
     spec:
+      {{- if .Values.redis.securityContext }}
+      securityContext:
+        {{- toYaml .Values.redis.securityContext | nindent 8 }}
+      {{- end }}
       {{- if .Values.serviceAccount.enabled }}
       serviceAccountName: {{ template "podinfo.serviceAccountName" . }}
       {{- end }}
@@ -28,6 +36,10 @@ spec:
         - name: redis
           image: "{{ .Values.redis.repository }}:{{ .Values.redis.tag }}"
           imagePullPolicy: IfNotPresent
+          {{- if .Values.redis.containerSecurityContext }}
+          securityContext:
+            {{- toYaml .Values.redis.containerSecurityContext | nindent 12 }}
+          {{- end }}
           command:
             - redis-server
             - "/redis-master/redis.conf"
@@ -56,16 +68,23 @@ spec:
               memory: 32Mi
           volumeMounts:
             - mountPath: /var/lib/redis
-              name: data
+              name: redis-system
             - mountPath: /redis-master
               name: config
+            - mountPath: /data
+              name: data
       volumes:
-        - name: data
+        - name: redis-system
           emptyDir: {}
         - name: config
           configMap:
             name: {{ template "podinfo.fullname" . }}-redis
             items:
               - key: redis.conf
                 path: redis.conf
-{{- end }}
+        {{- if .Values.redis.persistence.enabled }}
+        - name: data
+          persistentVolumeClaim:
+            claimName: {{ template "podinfo.fullname" . }}
+        {{- end }}
+{{- end -}}
diff --git a/charts/podinfo/templates/redis/pvc.yaml b/charts/podinfo/templates/redis/pvc.yaml
@@ -0,0 +1,17 @@
+{{- if and .Values.redis.enabled .Values.redis.persistence.enabled }}
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: {{ template "podinfo.fullname" . }}
+  labels:
+    {{- include "podinfo.labels" . | nindent 4 }}
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: {{ .Values.redis.persistence.size | default "1Gi" }}
+  {{- if .Values.redis.persistence.storageClassName }}    
+  storageClassName: {{ .Values.redis.persistence.storageClassName }}
+  {{- end }}
+{{- end }}
diff --git a/charts/podinfo/values-prod.yaml b/charts/podinfo/values-prod.yaml
@@ -94,6 +94,10 @@ redis:
   enabled: true
   repository: redis
   tag: 8.4.0
+  securityContext: {}
+  containerSecurityContext: {}
+  persistence:
+    enabled: true
 
 serviceAccount:
   # Specifies whether a service account should be created
@@ -172,6 +176,8 @@ resources:
     cpu: 100m
     memory: 64Mi
 
+networkPolicies:
+  enabled: false
 # Extra environment variables for the podinfo container
 extraEnvs: []
 # Example on how to configure extraEnvs

diff --git a/charts/podinfo/values.yaml b/charts/podinfo/values.yaml
@@ -111,6 +111,10 @@ redis:
   repository: docker.io/redis
   tag: 8.4.0
   imagePullSecrets: []
+  securityContext: {}
+  containerSecurityContext: {}
+  persistence:
+    enabled: false
 
 serviceAccount:
   # Specifies whether a service account should be created
@@ -188,6 +192,17 @@ resources:
     cpu: 1m
     memory: 16Mi
 
+networkPolicies:
+  enabled: false
+
+# Extra environment variables for the podinfo container
+extraEnvs: []
+# Example on how to configure extraEnvs
+#  - name: OTEL_EXPORTER_OTLP_TRACES_ENDPOINT
+#    value: "http://otel:4317"
+#  - name: MULTIPLE_VALUES
+#    value: TEST
+
 nodeSelector: {}
 
 tolerations: []