45 lines
1.2 KiB
YAML
45 lines
1.2 KiB
YAML
apiVersion: cilium.io/v2
|
|
kind: CiliumNetworkPolicy
|
|
metadata:
|
|
name: allow-same-namespace-ingress
|
|
spec:
|
|
endpointSelector: {} # All pods in this namespace
|
|
ingress:
|
|
- fromEndpoints:
|
|
- matchExpressions:
|
|
- key: k8s:io.kubernetes.pod.namespace
|
|
operator: In
|
|
values:
|
|
- git-limbosolutions-com
|
|
|
|
|
|
---
|
|
apiVersion: cilium.io/v2
|
|
kind: CiliumNetworkPolicy
|
|
metadata:
|
|
name: allow-traefik-ingress
|
|
spec:
|
|
endpointSelector:
|
|
matchLabels:
|
|
app.kubernetes.io/name: gitea
|
|
|
|
ingress:
|
|
# -------------------------------------------------------------
|
|
# Allow Traefik (in kube-system) to reach Gitea on port 3000 and 2222
|
|
# -------------------------------------------------------------
|
|
- fromEndpoints:
|
|
- matchLabels:
|
|
app.kubernetes.io/name: traefik
|
|
matchExpressions:
|
|
- key: k8s:io.kubernetes.pod.namespace
|
|
operator: In
|
|
values:
|
|
- traefik
|
|
- traefik-public
|
|
toPorts:
|
|
- ports:
|
|
- port: "3000"
|
|
protocol: TCP
|
|
- ports:
|
|
- port: "2222"
|
|
protocol: TCP |