Merge pull request #16 from JupiterOne/SRE-386/add-SecurityGroupPolicy

nealajpatel · web-flow · commit 1427a8e527ee · 2022-09-13T15:40:42.000-04:00
[SRE-386] Adding SecurityGroupPolicy resource to application chart
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1 @@
+.idea/
diff --git a/charts/application/templates/securitygrouppolicy.yaml b/charts/application/templates/securitygrouppolicy.yaml
@@ -0,0 +1,16 @@
+{{- if and .Values.securityGroupPolicy.enabled }}
+apiVersion: vpcresources.k8s.aws/v1beta1
+kind: SecurityGroupPolicy
+metadata:
+  name: {{ .Values.securityGroupPolicy.name }}
+  namespace: {{ template "application.namespace" . }}
+spec:
+  podSelector:
+    matchLabels:
+      role: {{ .Values.securityGroupPolicy.podSelectorRole }}
+  securityGroups:
+    groupIds:
+    {{- range $value := .Values.securityGroupPolicy.securityGroupIds }}
+      - {{ $value }}
+    {{- end }}
+{{- end }}
diff --git a/charts/application/values.yaml b/charts/application/values.yaml
@@ -620,3 +620,10 @@ grafanaDashboard:
       {
         "data"
       }
+# This deploys an AWS EKS security group policy, which allows us to set network security group rules on a per-pod basis
+securityGroupPolicy:
+  enabled: false
+  name: ""
+  podSelectorRole: ""
+  securityGroupIds: []
+

Original file line number	Diff line number	Diff line change
`@@ -620,3 +620,10 @@ grafanaDashboard:`
`620`	`620`	`{`
`621`	`621`	`"data"`
`622`	`622`	`}`
	`623`	`+# This deploys an AWS EKS security group policy, which allows us to set network security group rules on a per-pod basis`
	`624`	`+securityGroupPolicy:`
	`625`	`+ enabled: false`
	`626`	`+ name: ""`
	`627`	`+ podSelectorRole: ""`
	`628`	`+ securityGroupIds: []`
	`629`	`+`