feat: add NetworkPolicy template

Author: GabboPenna

charts/nginx-ingress/templates/controller-networkpolicy.yaml

@@ -0,0 +1,23 @@
+{{- if .Values.networkPolicy.enabled }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ include "nginx-ingress.fullname" . }}-network-policy
+  labels:
+    {{- include "nginx-ingress.labels" . | nindent 4 }}
+spec:
+  podSelector:
+    {{- toYaml .Values.networkPolicy.podSelector | nindent 4 }}
+  policyTypes:
+    {{- toYaml .Values.networkPolicy.policyTypes | nindent 4 }}
+
+  {{- if has "Ingress" .Values.networkPolicy.policyTypes }}
+  ingress:
+    {{- toYaml .Values.networkPolicy.ingress | nindent 4 }}
+  {{- end }}
+
+  {{- if has "Egress" .Values.networkPolicy.policyTypes }}
+  egress:
+    {{- toYaml .Values.networkPolicy.egress | nindent 4 }}
+  {{- end }}
+{{- end }}

charts/nginx-ingress/values.yaml

@@ -766,3 +766,23 @@ nginxAgent:
     processorBufferSize: 50000
   ## The name of a custom ConfigMap to use instead of the one provided by default
   customConfigMap: ""
+
+# Default values for nginx-ingress with optional NetworkPolicy
+networkPolicy:
+  enabled: false            # Set to true to enable the NetworkPolicy
+  policyTypes:             # Types of policy to create
+    - Ingress
+    - Egress
+  podSelector: {}           # Label selector for pods (defaults to ingress controller pods)
+  ingress:                  # Ingress rules
+    - from: []              # List of peer selectors (e.g. namespaces, pods)
+      ports:
+        - protocol: TCP
+          port: 80
+        - protocol: TCP
+          port: 443
+  egress:                   # Egress rules
+    - to: []                # List of peer selectors
+      ports:
+        - protocol: UDP
+          port: 53