Add network policy to create namespace isolation

charts/portalmodelo/v0.6.0/templates/networkpolicy.yaml

@@ -0,0 +1,23 @@
+{{- if .Values.networkPolicy.enabled }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ include "portalmodelo.fullname" . }}-ingress
+  labels:
+    {{- include "portalmodelo.labels" . | nindent 4 }}
+spec:
+  podSelector:
+    matchLabels:
+      {{- include "portalmodelo.selectorLabels" . | nindent 6 }}
+  policyTypes:
+    - Ingress
+  ingress:
+    # Allow traffic from ingress controller namespace
+    - from:
+        - namespaceSelector:
+            matchLabels:
+              kubernetes.io/metadata.name: {{ .Values.networkPolicy.ingressNamespace }}
+    # Allow traffic from same namespace
+    - from:
+        - podSelector: {}
+{{- end }}

charts/portalmodelo/v0.6.0/values.yaml

@@ -102,6 +102,11 @@ ingress:
   # extra annotations only
   annotations: {}
 
+networkPolicy:
+  enabled: true
+  # Namespace where ingress controller is running
+  ingressNamespace: kube-system
+
 autoscaling:
   enabled: false
   minReplicas: 1