我正在尝试创建一个 Helm 模板来创建 NetworkPolicy,但在迭代 map 时遇到一些问题。 这是我的值文件中的内容(示例):
extraPolicies:
- name: dashboard
policyType:
- Ingress
- Egress
ingress:
from:
- ipBlock:
cidr: 172.17.0.0/16
except:
- 172.17.1.0/24
- namespaceSelector:
matchLabels:
project: myproject
ports:
- protocol: TCP
port: 6379
- protocol: TCP
port: 8080
egress:
to:
- ipBlock:
cidr: 10.0.0.0/24
ports:
- protocol: TCP
port: 5978
- name: dashurboard-integ
policyType:
- Ingress
- Egress
ingress:
from:
- ipBlock:
cidr: 172.17.0.0/16
except:
- 172.17.1.0/24
- namespaceSelector:
matchLabels:
project: myproject
ports:
- protocol: TCP
port: 6379
- protocol: TCP
port: 8080
egress:
to:
- ipBlock:
cidr: 10.0.0.0/24
ports:
- protocol: TCP
port: 5978
这就是我的模板中目前的内容:
{{- if .Values.extraPolicies -}}
{{- $fullName := include "network-policies.fullname" . -}}
{{- $namespace := .Values.deployNamespace }}
{{- range $i, $policy := .Values.extraPolicies }}
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: {{ $policy.name }}
namespace: {{ $namespace }}
spec:
policyTypes:
{{- range $i2, $type := $policy.policyType }}
- {{ $type -}}
{{- end }}
ingress:
- from: |-
{{- range $i3, $ingress := $policy.ingress }}
- {{ $ingress }}
{{- end }}
egress:
- to:
- ipBlock:
cidr: 10.0.0.0/24
ports:
- protocol: TCP
port: 5978
{{- end }}
{{- end }}
带有 |- 的 block “from”表明我正在处理 map ,但我不知道如何迭代它们并获得像values.yml中那样的输出格式。
非常感谢任何帮助。
最佳答案
发现我从一开始就采用了错误的方法来构建数据。它可能不是最好的解决方案,我欢迎任何和所有改进和/或建议,但我不再被阻止。
我让它可以满足我的需要。
值.yml
extraPolicies:
- name: dashboard
policyType:
- Ingress
ingress:
- name: podSelector
settings:
all: {}
- name: ipBlock
settings:
cidr: "172.17.0.0/16"
- name: namespaceSelector
settings:
matchLabels:
project: test
namespace: mynamespace
ingressPorts:
- protocol: TCP
port: 6379
- protocol: TCP
port: 8080
- name: dasboard-integ
policyType:
- Ingress
ingress:
- name: podSelector
settings:
all: {}
- name: ipBlock
settings:
cidr: "172.17.0.0/16"
ingressPorts:
- protocol: TCP
port: 3000
- protocol: TCP
port: 8000
- protocol: TCP
port: 443
- protocol: TCP
port: 80
和模板:
{{- if .Values.extraPolicies -}}
{{- $fullName := include "network-policies.fullname" . -}}
{{- $namespace := .Values.deployNamespace }}
{{- range .Values.extraPolicies }}
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: {{ .name }}
namespace: {{ $namespace }}
spec:
policyTypes:
{{- range $i, $type := .policyType }}
- {{ $type }}
{{- end }}
{{- if .ingress }}
ingress:
- from:
{{- range $i, $ingress := .ingress }}
- {{ .name -}}: {{ if eq .name "podSelector" }}{}{{ end -}}
{{- if eq .name "ipBlock" }}
{{- range $k, $v := .settings }}
cidr: {{ $v -}}
{{ end -}}
{{ end -}}
{{- if eq .name "namespaceSelector" }}
{{- range $k, $v := .settings }}
matchLabels:
{{- range $k, $v := . }}
{{ $k }}: {{ $v }}
{{- end -}}
{{ end -}}
{{ end -}}
{{- end }}
ports:
{{ range $i, $port := .ingressPorts }}
{{- range $k, $v := . -}}
{{- if eq $k "port" -}}
- {{ $k }}: {{ $v }}
{{- end -}}
{{ if eq $k "protocol" }}
{{ $k }}: {{ $v }}
{{ end -}}
{{ end -}}
{{- end }}
{{- end }}
{{- if .egress }}
egress:
- to:
ports:
{{- end }}
{{- end }}
{{- end }}
这给了我结果:
---
# Source: network-policies/templates/extra-policies.yml
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: dashur
namespace: default
spec:
policyTypes:
- Ingress
ingress:
- from:
- podSelector: {}
- ipBlock:
cidr: 172.17.0.0/16
- namespaceSelector:
matchLabels:
namespace: mynamespace
project: test
ports:
- port: 6379
protocol: TCP
- port: 8080
protocol: TCP
---
# Source: network-policies/templates/extra-policies.yml
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: dashur-integ
namespace: default
spec:
policyTypes:
- Ingress
ingress:
- from:
- podSelector: {}
- ipBlock:
cidr: 172.17.0.0/16
ports:
- port: 3000
protocol: TCP
- port: 8000
protocol: TCP
- port: 443
protocol: TCP
- port: 80
protocol: TCP
希望它可以帮助那些面临与我相同问题的人:-)
关于templates - Helm 模板在 map 上循环,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/61251544/