network policies simplification, fix certificate typo
All checks were successful
/ continuous-deploy (push) Successful in 22s
All checks were successful
/ continuous-deploy (push) Successful in 22s
This commit is contained in:
Márcio Fernandes
@@ -5,7 +5,7 @@ metadata:
|
|||||||
spec:
|
spec:
|
||||||
secretName: limbosolutions-com-tls
|
secretName: limbosolutions-com-tls
|
||||||
issuerRef:
|
issuerRef:
|
||||||
name: leftencrypt-prod
|
name: letsencrypt-prod
|
||||||
kind: ClusterIssuer
|
kind: ClusterIssuer
|
||||||
dnsNames:
|
dnsNames:
|
||||||
- git.limbosolutions.com
|
- git.limbosolutions.com
|
||||||
@@ -1,13 +1,18 @@
|
|||||||
apiVersion: cilium.io/v2
|
apiVersion: cilium.io/v2
|
||||||
kind: CiliumNetworkPolicy
|
kind: CiliumNetworkPolicy
|
||||||
metadata:
|
metadata:
|
||||||
name: deny-default
|
name: allow-same-namespace-ingress
|
||||||
spec:
|
spec:
|
||||||
endpointSelector: {}
|
endpointSelector: {} # All pods in this namespace
|
||||||
ingressDeny:
|
ingress:
|
||||||
- fromEndpoints: []
|
- fromEndpoints:
|
||||||
---
|
- matchExpressions:
|
||||||
|
- key: k8s:io.kubernetes.pod.namespace
|
||||||
|
operator: In
|
||||||
|
values:
|
||||||
|
- git-limbosolutions-com
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
apiVersion: cilium.io/v2
|
apiVersion: cilium.io/v2
|
||||||
kind: CiliumNetworkPolicy
|
kind: CiliumNetworkPolicy
|
||||||
@@ -45,64 +50,3 @@ spec:
|
|||||||
- port: "2222"
|
- port: "2222"
|
||||||
protocol: TCP
|
protocol: TCP
|
||||||
|
|
||||||
|
|
||||||
---
|
|
||||||
|
|
||||||
apiVersion: cilium.io/v2
|
|
||||||
kind: CiliumNetworkPolicy
|
|
||||||
metadata:
|
|
||||||
name: allow-postgresql-ingress
|
|
||||||
namespace: git-limbosolutions-com
|
|
||||||
spec:
|
|
||||||
endpointSelector:
|
|
||||||
matchLabels:
|
|
||||||
app.kubernetes.io/name: postgresql
|
|
||||||
|
|
||||||
ingress:
|
|
||||||
- fromEndpoints:
|
|
||||||
- matchLabels:
|
|
||||||
app.kubernetes.io/name: gitea
|
|
||||||
matchExpressions:
|
|
||||||
- key: k8s:io.kubernetes.pod.namespace
|
|
||||||
operator: In
|
|
||||||
values:
|
|
||||||
- git-limbosolutions-com
|
|
||||||
- matchLabels:
|
|
||||||
dbAccess: "true"
|
|
||||||
matchExpressions:
|
|
||||||
- key: k8s:io.kubernetes.pod.namespace
|
|
||||||
operator: In
|
|
||||||
values:
|
|
||||||
- git-limbosolutions-com
|
|
||||||
toPorts:
|
|
||||||
- ports:
|
|
||||||
- port: "5432"
|
|
||||||
protocol: TCP
|
|
||||||
|
|
||||||
---
|
|
||||||
|
|
||||||
apiVersion: cilium.io/v2
|
|
||||||
kind: CiliumNetworkPolicy
|
|
||||||
metadata:
|
|
||||||
name: allow-valkey-ingress
|
|
||||||
namespace: git-limbosolutions-com
|
|
||||||
spec:
|
|
||||||
endpointSelector:
|
|
||||||
matchLabels:
|
|
||||||
app.kubernetes.io/name: valkey
|
|
||||||
|
|
||||||
ingress:
|
|
||||||
- fromEndpoints:
|
|
||||||
- matchLabels:
|
|
||||||
app.kubernetes.io/name: gitea
|
|
||||||
matchExpressions:
|
|
||||||
- key: k8s:io.kubernetes.pod.namespace
|
|
||||||
operator: In
|
|
||||||
values:
|
|
||||||
- git-limbosolutions-com
|
|
||||||
toPorts:
|
|
||||||
- ports:
|
|
||||||
- port: "6379"
|
|
||||||
protocol: TCP
|
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user