docs

Author: evict

charts/sourcegraph-executor/k8s/README.md

@@ -85,6 +85,10 @@ In addition to the documented values, the `executor` and `private-docker-registr
 | executor.maximumNumJobs | int | `10` | The maximum amount of jobs that can be executed concurrently. |
 | executor.maximumRuntimePerJob | string | `"30m"` |  |
 | executor.namespace | string | `"default"` | The namespace in which jobs are generated by the executor. |
+| executor.networkPolicy.enabled | bool | `false` | Enable network policies to deny egress to private, multicast, and metadata server networks. |
+| executor.networkPolicy.metadataServers | list | `["169.254.169.254"]` | List of metadata server IPs to explicitly deny egress to. |
+| executor.networkPolicy.multicastNetworks | list | `[{"cidr":"224.0.0.0/4"}]` | List of multicast network CIDR blocks to deny egress to. |
+| executor.networkPolicy.privateNetworks | list | `[{"cidr":"10.0.0.0/8"},{"cidr":"172.16.0.0/12"},{"cidr":"192.168.0.0/16"}]` | List of private network CIDR blocks to deny egress to. Each entry supports an optional `except` list of CIDRs to exclude from the deny rule. |
 | executor.nodeSelector | object | `{}` | NodeSelector, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector) |
 | executor.queueName | string | `""` | The name of the queue to pull jobs from to. Possible values: batches and codeintel. **Either this or queueNames is required.** |
 | executor.queueNames | list | `[]` | The names of multiple queues to pull jobs from to. Possible values: batches and codeintel. **Either this or queueName is required.** |