我正在尝试创建一个Helm模板来创建NetworkPolicy,并且在迭代地图时遇到了一些问题。这就是我的值文件中的内容(示例):
extraPolicies:
- name: dashboard
policyType:
- Ingress
- Egress
ingress:
from:
- ipBlock:
cidr: 172.17.0.0/16
except:
- 172.17.1.0/24
- namespaceSelector:
matchLabels:
project: myproject
ports:
- protocol: TCP
port: 6379
- protocol: TCP
port: 8080
egress:
to:
- ipBlock:
cidr: 10.0.0.0/24
ports:
- protocol: TCP
port: 5978
- name: dashurboard-integ
policyType:
- Ingress
- Egress
ingress:
from:
- ipBlock:
cidr: 172.17.0.0/16
except:
- 172.17.1.0/24
- namespaceSelector:
matchLabels:
project: myproject
ports:
- protocol: TCP
port: 6379
- protocol: TCP
port: 8080
egress:
to:
- ipBlock:
cidr: 10.0.0.0/24
ports:
- protocol: TCP
port: 5978
这是我到目前为止在模板中所拥有的:
{{- if .Values.extraPolicies -}}
{{- $fullName := include "network-policies.fullname" . -}}
{{- $namespace := .Values.deployNamespace }}
{{- range $i, $policy := .Values.extraPolicies }}
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: {{ $policy.name }}
namespace: {{ $namespace }}
spec:
policyTypes:
{{- range $i2, $type := $policy.policyType }}
- {{ $type -}}
{{- end }}
ingress:
- from: |-
{{- range $i3, $ingress := $policy.ingress }}
- {{ $ingress }}
{{- end }}
egress:
- to:
- ipBlock:
cidr: 10.0.0.0/24
ports:
- protocol: TCP
port: 5978
{{- end }}
{{- end }}
带有|-的'from'块表示我正在处理地图,但是我不知道如何遍历地图并获得格式如values.yml的输出。
非常感谢您的帮助。
发现我从一开始就采用了错误的方法来构造数据。它可能不是最好的解决方案,我欢迎任何和所有改进和/或建议,但我不再受阻。
我让它满足我的需要。
values.yml
extraPolicies:
- name: dashboard
policyType:
- Ingress
ingress:
- name: podSelector
settings:
all: {}
- name: ipBlock
settings:
cidr: "172.17.0.0/16"
- name: namespaceSelector
settings:
matchLabels:
project: test
namespace: mynamespace
ingressPorts:
- protocol: TCP
port: 6379
- protocol: TCP
port: 8080
- name: dasboard-integ
policyType:
- Ingress
ingress:
- name: podSelector
settings:
all: {}
- name: ipBlock
settings:
cidr: "172.17.0.0/16"
ingressPorts:
- protocol: TCP
port: 3000
- protocol: TCP
port: 8000
- protocol: TCP
port: 443
- protocol: TCP
port: 80
和模板:
{{- if .Values.extraPolicies -}}
{{- $fullName := include "network-policies.fullname" . -}}
{{- $namespace := .Values.deployNamespace }}
{{- range .Values.extraPolicies }}
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: {{ .name }}
namespace: {{ $namespace }}
spec:
policyTypes:
{{- range $i, $type := .policyType }}
- {{ $type }}
{{- end }}
{{- if .ingress }}
ingress:
- from:
{{- range $i, $ingress := .ingress }}
- {{ .name -}}: {{ if eq .name "podSelector" }}{}{{ end -}}
{{- if eq .name "ipBlock" }}
{{- range $k, $v := .settings }}
cidr: {{ $v -}}
{{ end -}}
{{ end -}}
{{- if eq .name "namespaceSelector" }}
{{- range $k, $v := .settings }}
matchLabels:
{{- range $k, $v := . }}
{{ $k }}: {{ $v }}
{{- end -}}
{{ end -}}
{{ end -}}
{{- end }}
ports:
{{ range $i, $port := .ingressPorts }}
{{- range $k, $v := . -}}
{{- if eq $k "port" -}}
- {{ $k }}: {{ $v }}
{{- end -}}
{{ if eq $k "protocol" }}
{{ $k }}: {{ $v }}
{{ end -}}
{{ end -}}
{{- end }}
{{- end }}
{{- if .egress }}
egress:
- to:
ports:
{{- end }}
{{- end }}
{{- end }}
这给了我结果:
---
# Source: network-policies/templates/extra-policies.yml
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: dashur
namespace: default
spec:
policyTypes:
- Ingress
ingress:
- from:
- podSelector: {}
- ipBlock:
cidr: 172.17.0.0/16
- namespaceSelector:
matchLabels:
namespace: mynamespace
project: test
ports:
- port: 6379
protocol: TCP
- port: 8080
protocol: TCP
---
# Source: network-policies/templates/extra-policies.yml
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: dashur-integ
namespace: default
spec:
policyTypes:
- Ingress
ingress:
- from:
- podSelector: {}
- ipBlock:
cidr: 172.17.0.0/16
ports:
- port: 3000
protocol: TCP
- port: 8000
protocol: TCP
- port: 443
protocol: TCP
- port: 80
protocol: TCP
希望它可以帮助遇到我遇到的相同问题的人:-)