--- # NetworkPolicies for the dedicated State Hub CNPG cluster. # Namespaces that need database access must carry: # railiance.io/postgres-client: state-hub-db apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: allow-egress-kube-api-state-hub-db namespace: databases labels: app.kubernetes.io/name: state-hub-db railiance.io/layer: s3-platform spec: podSelector: matchLabels: cnpg.io/cluster: state-hub-db policyTypes: - Egress egress: - ports: - protocol: TCP port: 443 - protocol: TCP port: 6443 --- apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: allow-ingress-from-cnpg-operator-state-hub-db namespace: databases labels: app.kubernetes.io/name: state-hub-db railiance.io/layer: s3-platform spec: podSelector: matchLabels: cnpg.io/cluster: state-hub-db policyTypes: - Ingress ingress: - from: - namespaceSelector: matchLabels: kubernetes.io/metadata.name: cnpg-system ports: - protocol: TCP port: 5432 - protocol: TCP port: 8000 - protocol: TCP port: 9187 --- apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: allow-ingress-from-state-hub-namespace-state-hub-db namespace: databases labels: app.kubernetes.io/name: state-hub-db railiance.io/layer: s3-platform spec: podSelector: matchLabels: cnpg.io/cluster: state-hub-db policyTypes: - Ingress ingress: - from: - namespaceSelector: matchLabels: railiance.io/postgres-client: state-hub-db ports: - protocol: TCP port: 5432