feat(redis-ha): Add tls ports to netpol if defined

Signed-off-by: OpenGuidou <[email protected]>
DandyDeveloper · Jan 6, 2025 · 02d131d · 02d131d
1 parent 697cba5
commit 02d131d
Show file tree

Hide file tree

Showing 4 changed files with 32 additions and 29 deletions.
diff --git a/charts/redis-ha/Chart.yaml b/charts/redis-ha/Chart.yaml
@@ -5,7 +5,7 @@ keywords:
 - redis
 - keyvalue
 - database
-version: 4.32.0
+version: 4.33.0
 appVersion: 7.2.4
 description: This Helm chart provides a highly available Redis implementation with a master/slave configuration and uses Sentinel sidecars for failover management
 icon: https://upload.wikimedia.org/wikipedia/en/thumb/6/6b/Redis_Logo.svg/1200px-Redis_Logo.svg.png

diff --git a/charts/redis-ha/templates/_helpers.tpl b/charts/redis-ha/templates/_helpers.tpl
@@ -127,4 +127,28 @@ Usage:
   {{- $adaptedContext = omit $adaptedContext "capabilities" "seLinuxOptions" -}}
 {{- end -}}
 {{- omit $adaptedContext "enabled" | toYaml -}}
+{{- end -}}
+
+{{/*
+Defines the redis ports to be used inside network policies
+Usage:
+{{- include "redis-ports" . -}}
+*/}}
+{{- define "redis-ports" -}}
+{{- if ne (int .Values.redis.port) 0 }}
+- port: {{ .Values.redis.port }}
+  protocol: TCP
+{{- end -}}
+{{- if ne (int .Values.sentinel.port) 0 }}
+- port: {{ .Values.sentinel.port }}
+  protocol: TCP
+{{- end -}}
+{{- if ne (int .Values.redis.tlsPort) 0 }}
+- port: {{ .Values.redis.tlsPort }}
+  protocol: TCP
+{{- end -}}
+{{- if ne (int .Values.sentinel.tlsPort) 0 }}
+- port: {{ .Values.sentinel.tlsPort }}
+  protocol: TCP
+{{- end -}}
 {{- end -}}
diff --git a/charts/redis-ha/templates/redis-ha-network-policy.yaml b/charts/redis-ha/templates/redis-ha-network-policy.yaml
@@ -31,10 +31,7 @@ spec:
             release: {{ .Release.Name }}
             app: {{ template "redis-ha.name" . }}
       ports:
-        - port: {{ .Values.redis.port }}
-          protocol: TCP
-        - port: {{ .Values.sentinel.port }}
-          protocol: TCP
+      {{- include "redis-ports" . | nindent 6 }}
 {{-  range $rule := .Values.networkPolicy.egressRules }}
     - to:
 {{ (tpl (toYaml $rule.selectors) $) | indent 7 }}
@@ -48,21 +45,15 @@ spec:
             release: {{ .Release.Name }}
             app: {{ template "redis-ha.name" . }}
       ports: 
-        - port: {{ .Values.redis.port }}
-          protocol: TCP
-        - port: {{ .Values.sentinel.port }}
-          protocol: TCP
+      {{- include "redis-ports" . | nindent 6 }}
 {{- if .Values.haproxy.enabled }}
     - from:
         - podSelector:
             matchLabels:
               release: {{ .Release.Name }}
               app: {{ template "redis-ha.name" . }}-haproxy
       ports:
-        - port: {{ .Values.redis.port }}
-          protocol: TCP
-        - port: {{ .Values.sentinel.port }}
-          protocol: TCP
+      {{- include "redis-ports" . | nindent 6 }}
 {{- end }}
 {{-  range $rule := .Values.networkPolicy.ingressRules }}
     - from:
@@ -71,10 +62,7 @@ spec:
 {{- if $rule.ports }}
 {{ toYaml $rule.ports | indent 7 }}
 {{- else }}
-        - port: {{ $root.Values.redis.port }}
-          protocol: TCP
-        - port: {{ $root.Values.sentinel.port }}
-          protocol: TCP
+      {{- include "redis-ports" . | nindent 6 }}
 {{- end }}
 {{- end }}
 {{- end }}
diff --git a/charts/redis-ha/templates/redis-haproxy-network-policy.yaml b/charts/redis-ha/templates/redis-haproxy-network-policy.yaml
@@ -31,10 +31,7 @@ spec:
               release: {{ .Release.Name }}
               app: {{ template "redis-ha.name" . }}
       ports:
-        - port: {{ .Values.redis.port }}
-          protocol: TCP
-        - port: {{ .Values.sentinel.port }}
-          protocol: TCP
+      {{- include "redis-ports" . | nindent 6 }}
     - to:
         - namespaceSelector: {}
       ports:
@@ -55,20 +52,14 @@ spec:
               release: {{ .Release.Name }}
               app: {{ template "redis-ha.name" . }}
       ports:
-        - port: {{ .Values.redis.port }}
-          protocol: TCP
-        - port: {{ .Values.sentinel.port }}
-          protocol: TCP
+      {{- include "redis-ports" . | nindent 8 }}
     {{-  range $rule := .Values.haproxy.networkPolicy.ingressRules }}
     - from:
         {{- (tpl (toYaml $rule.selectors) $) | nindent 8 }}
       ports:
         {{- if $rule.ports }}
         {{- toYaml $rule.ports | nindent 8 }}
         {{- end }}
-        - port: {{ $root.Values.redis.port }}
-          protocol: TCP
-        - port: {{ $root.Values.sentinel.port }}
-          protocol: TCP
+        {{- include "redis-ports" . | nindent 8 }}
     {{- end }}
 {{- end }}