K
Q

Helm template looping over map

4/16/2020

I'm trying to create a Helm template to create NetworkPolicy and am facing some issue iterating over the maps. This is what I have in my values file (example):

extraPolicies:
  - name: dashboard
    policyType:
      - Ingress
      - Egress
    ingress:
      from:
        - ipBlock:
            cidr: 172.17.0.0/16
            except:
              - 172.17.1.0/24
        - namespaceSelector:
            matchLabels:
              project: myproject
      ports:
        - protocol: TCP
          port: 6379
        - protocol: TCP
          port: 8080
    egress:
      to:
        - ipBlock:
            cidr: 10.0.0.0/24
      ports:
        - protocol: TCP
          port: 5978
  - name: dashurboard-integ
    policyType:
      - Ingress
      - Egress
    ingress:
      from:
        - ipBlock:
            cidr: 172.17.0.0/16
            except:
              - 172.17.1.0/24
        - namespaceSelector:
            matchLabels:
              project: myproject
      ports:
        - protocol: TCP
          port: 6379
        - protocol: TCP
          port: 8080
    egress:
      to:
        - ipBlock:
            cidr: 10.0.0.0/24
      ports:
        - protocol: TCP
          port: 5978

and this is what I have up to now in my template:

{{- if .Values.extraPolicies -}}
{{- $fullName := include "network-policies.fullname" . -}}
{{- $namespace := .Values.deployNamespace }}
{{- range $i, $policy := .Values.extraPolicies }}
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: {{ $policy.name }}
  namespace: {{ $namespace }}
spec:
  policyTypes:
  {{- range $i2, $type := $policy.policyType }}
  - {{ $type -}}
  {{- end }}
  ingress:
  - from: |-
      {{- range $i3, $ingress := $policy.ingress }}
      - {{ $ingress }}
      {{- end }}
  egress:
  - to:
    - ipBlock:
        cidr: 10.0.0.0/24
    ports:
    - protocol: TCP
      port: 5978
  {{- end }}
{{- end }}

The block 'from' with the |- shows that I'm dealing with maps but I can't figure out how to iterate over them and get the output formatted like in the values.yml.

Any help is greatly appreciated.

-- Eric V.
go
kubernetes-helm
templates

Similar Questions

How to fix conflicts with this error message?
running goharbor behind a reverse proxy
Time difference with dotNET core on Kubernetes
Every time pod is restarted in kube it changes permissions on .ssh folder

1 Answer

4/17/2020

Found out I took the wrong approach from the beginning with how I structured my data. It might not be the best solution and I welcome any and all improvements and/or suggestions but I'm not blocked anymore.

I got this to work for what I need.

values.yml

extraPolicies:
- name: dashboard
  policyType:
    - Ingress
  ingress:
    - name: podSelector
      settings:
        all: {}
    - name: ipBlock
      settings:
        cidr: "172.17.0.0/16"
    - name: namespaceSelector
      settings:
        matchLabels:
          project: test
          namespace: mynamespace
  ingressPorts:
    - protocol: TCP
      port: 6379
    - protocol: TCP
      port: 8080
- name: dasboard-integ
  policyType:
    - Ingress
  ingress:
    - name: podSelector
      settings:
        all: {}
    - name: ipBlock
      settings:
        cidr: "172.17.0.0/16"
  ingressPorts:
    - protocol: TCP
      port: 3000
    - protocol: TCP
      port: 8000
    - protocol: TCP
      port: 443
    - protocol: TCP
      port: 80

and the template:

{{- if .Values.extraPolicies -}}
{{- $fullName := include "network-policies.fullname" . -}}
{{- $namespace := .Values.deployNamespace }}
{{- range .Values.extraPolicies }}
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: {{ .name }}
  namespace: {{ $namespace }}
spec:
  policyTypes:
  {{- range $i, $type := .policyType }}
  - {{ $type }}
  {{- end }}
  {{- if .ingress }}
  ingress:
  - from:
  {{- range $i, $ingress := .ingress }}
    - {{ .name -}}: {{ if eq .name "podSelector" }}{}{{ end -}}
      {{- if eq .name "ipBlock" }}
      {{- range $k, $v := .settings }}
      cidr: {{ $v -}}
      {{ end -}}
      {{ end -}}
      {{- if eq .name "namespaceSelector" }}
      {{- range $k, $v := .settings }}
      matchLabels:
        {{- range $k, $v := . }}
        {{ $k }}: {{ $v }}
        {{- end -}}
      {{ end -}}
      {{ end -}}
    {{- end }}
    ports:
    {{ range $i, $port := .ingressPorts }}
    {{- range $k, $v := . -}}
    {{- if eq $k "port" -}}
    - {{ $k }}: {{ $v }}
    {{- end -}}
    {{ if eq $k "protocol" }}
      {{ $k }}: {{ $v }}
    {{ end -}}
    {{ end -}}
    {{- end }}
  {{- end }}
  {{- if .egress }}
  egress:
    - to:
      ports:
  {{- end }}
{{- end }}
{{- end }}

which gives me the result:

---
# Source: network-policies/templates/extra-policies.yml
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: dashur
  namespace: default
spec:
  policyTypes:
  - Ingress
  ingress:
  - from:
    - podSelector: {}
    - ipBlock: 
      cidr: 172.17.0.0/16
    - namespaceSelector: 
      matchLabels:
        namespace: mynamespace
        project: test
    ports:
    - port: 6379
      protocol: TCP
    - port: 8080
      protocol: TCP
---
# Source: network-policies/templates/extra-policies.yml
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: dashur-integ
  namespace: default
spec:
  policyTypes:
  - Ingress
  ingress:
  - from:
    - podSelector: {}
    - ipBlock: 
      cidr: 172.17.0.0/16
    ports:
    - port: 3000
      protocol: TCP
    - port: 8000
      protocol: TCP
    - port: 443
      protocol: TCP
    - port: 80
      protocol: TCP

Hope it helps someone who faces the same problem I had :-)

-- Eric V.
Source: StackOverflow