network policies simplification, fix certificate typo
All checks were successful
/ continuous-deploy (push) Successful in 22s
All checks were successful
/ continuous-deploy (push) Successful in 22s
This commit is contained in:
Márcio Fernandes
@@ -5,7 +5,7 @@ metadata:
|
||||
spec:
|
||||
secretName: limbosolutions-com-tls
|
||||
issuerRef:
|
||||
name: leftencrypt-prod
|
||||
name: letsencrypt-prod
|
||||
kind: ClusterIssuer
|
||||
dnsNames:
|
||||
- git.limbosolutions.com
|
||||
@@ -1,13 +1,18 @@
|
||||
apiVersion: cilium.io/v2
|
||||
kind: CiliumNetworkPolicy
|
||||
metadata:
|
||||
name: deny-default
|
||||
name: allow-same-namespace-ingress
|
||||
spec:
|
||||
endpointSelector: {}
|
||||
ingressDeny:
|
||||
- fromEndpoints: []
|
||||
---
|
||||
endpointSelector: {} # All pods in this namespace
|
||||
ingress:
|
||||
- fromEndpoints:
|
||||
- matchExpressions:
|
||||
- key: k8s:io.kubernetes.pod.namespace
|
||||
operator: In
|
||||
values:
|
||||
- git-limbosolutions-com
|
||||
|
||||
---
|
||||
|
||||
apiVersion: cilium.io/v2
|
||||
kind: CiliumNetworkPolicy
|
||||
@@ -45,64 +50,3 @@ spec:
|
||||
- port: "2222"
|
||||
protocol: TCP
|
||||
|
||||
|
||||
---
|
||||
|
||||
apiVersion: cilium.io/v2
|
||||
kind: CiliumNetworkPolicy
|
||||
metadata:
|
||||
name: allow-postgresql-ingress
|
||||
namespace: git-limbosolutions-com
|
||||
spec:
|
||||
endpointSelector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: postgresql
|
||||
|
||||
ingress:
|
||||
- fromEndpoints:
|
||||
- matchLabels:
|
||||
app.kubernetes.io/name: gitea
|
||||
matchExpressions:
|
||||
- key: k8s:io.kubernetes.pod.namespace
|
||||
operator: In
|
||||
values:
|
||||
- git-limbosolutions-com
|
||||
- matchLabels:
|
||||
dbAccess: "true"
|
||||
matchExpressions:
|
||||
- key: k8s:io.kubernetes.pod.namespace
|
||||
operator: In
|
||||
values:
|
||||
- git-limbosolutions-com
|
||||
toPorts:
|
||||
- ports:
|
||||
- port: "5432"
|
||||
protocol: TCP
|
||||
|
||||
---
|
||||
|
||||
apiVersion: cilium.io/v2
|
||||
kind: CiliumNetworkPolicy
|
||||
metadata:
|
||||
name: allow-valkey-ingress
|
||||
namespace: git-limbosolutions-com
|
||||
spec:
|
||||
endpointSelector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: valkey
|
||||
|
||||
ingress:
|
||||
- fromEndpoints:
|
||||
- matchLabels:
|
||||
app.kubernetes.io/name: gitea
|
||||
matchExpressions:
|
||||
- key: k8s:io.kubernetes.pod.namespace
|
||||
operator: In
|
||||
values:
|
||||
- git-limbosolutions-com
|
||||
toPorts:
|
||||
- ports:
|
||||
- port: "6379"
|
||||
protocol: TCP
|
||||
|
||||
|
||||
|
||||
Reference in New Issue
Block a user