[stable/jenkins] Add networkPolicy podLabels (helm#22706)

* [stable/jenkins] Add networkPolicy podLabels Signed-off-by: Olivier Vernin <olivier@vernin.me> * Update changelog Signed-off-by: Olivier Vernin <olivier@vernin.me> * Update version to 2.3.0 Signed-off-by: Olivier Vernin <olivier@vernin.me> Signed-off-by: Miguel Mingorance <miguel.mingorance@deliveryhero.com>
mmingorance-dh · Aug 28, 2020 · 69d00e1 · 69d00e1
1 parent 7fabf2a
commit 69d00e1
Show file tree

Hide file tree

Showing 5 changed files with 10 additions and 1 deletion.
diff --git a/stable/jenkins/CHANGELOG.md b/stable/jenkins/CHANGELOG.md
@@ -5,6 +5,10 @@ numbering uses [semantic versioning](http://semver.org).
 
 NOTE: The change log until version 1.5.7 is auto generated based on git commits. Those include a reference to the git commit to be able to get more details.
 
+## 2.3.0
+
+Add an option to specify pod based on labels that can connect to master if NetworkPolicy is enabled
+
 ## 2.2.0 increase retry for config auto reload
 
 Configure `REQ_RETRY_CONNECT` to `10` to give Jenkins more time to start up.

diff --git a/stable/jenkins/Chart.yaml b/stable/jenkins/Chart.yaml
@@ -1,7 +1,7 @@
 apiVersion: v1
 name: jenkins
 home: https://jenkins.io/
-version: 2.2.0
+version: 2.3.0
 appVersion: lts
 description: Open source continuous integration server. It supports multiple SCM tools
   including CVS, Subversion and Git. It can execute Apache Ant and Apache Maven-based

diff --git a/stable/jenkins/README.md b/stable/jenkins/README.md
@@ -265,6 +265,7 @@ The following tables list the configurable parameters of the Jenkins chart and t
 | `networkPolicy.enabled`           | Enable creation of NetworkPolicy resources. | `false`                            |
 | `networkPolicy.apiVersion`        | NetworkPolicy ApiVersion             | `networking.k8s.io/v1`                    |
 | `networkPolicy.internalAgents.allowed`           | Allow internal agents (from the same cluster) to connect to master. Agent pods would be filtered based on PodLabels. | `false`                            |
+| `networkPolicy.internalAgents.podLabels`           | A map of labels (keys/values) that agents pods must have to be able to connect to master. | `{}`                            |
 | `networkPolicy.internalAgents.namespaceLabels`           | A map of labels (keys/values) that agents namespaces must have to be able to connect to master. | `{}`                            |
 | `networkPolicy.externalAgents.ipCIDR`           | The IP range from which external agents are allowed to connect to master. | ``                            |
 | `networkPolicy.externalAgents.except`           | A list of IP sub-ranges to be excluded from the whitelisted IP range. | `[]`                            |

diff --git a/stable/jenkins/templates/jenkins-master-networkpolicy.yaml b/stable/jenkins/templates/jenkins-master-networkpolicy.yaml
@@ -25,6 +25,9 @@ spec:
       - podSelector:
           matchLabels:
             "jenkins/{{ .Release.Name }}-{{ .Values.agent.componentName }}": "true"
+            {{- range $k,$v:= .Values.networkPolicy.internalAgents.podLabels }}
+            {{ $k }}: {{ $v }}
+            {{- end }}
         {{- if .Values.networkPolicy.internalAgents.namespaceLabels }}
         namespaceSelector:
           matchLabels:

diff --git a/stable/jenkins/values.yaml b/stable/jenkins/values.yaml
@@ -620,6 +620,7 @@ networkPolicy:
   # You can allow agents to connect from both within the cluster (from within specific/all namespaces) AND/OR from a given external IP range
   internalAgents:
     allowed: true
+    podLabels: {}
     namespaceLabels: {}
       # project: myproject
   externalAgents: {}