generated from coulomb/repo-seed
74 lines
1.7 KiB
YAML
74 lines
1.7 KiB
YAML
---
|
|
# NetworkPolicies for the dedicated State Hub CNPG cluster.
|
|
# Namespaces that need database access must carry:
|
|
# railiance.io/postgres-client: state-hub-db
|
|
apiVersion: networking.k8s.io/v1
|
|
kind: NetworkPolicy
|
|
metadata:
|
|
name: allow-egress-kube-api-state-hub-db
|
|
namespace: databases
|
|
labels:
|
|
app.kubernetes.io/name: state-hub-db
|
|
railiance.io/layer: s3-platform
|
|
spec:
|
|
podSelector:
|
|
matchLabels:
|
|
cnpg.io/cluster: state-hub-db
|
|
policyTypes:
|
|
- Egress
|
|
egress:
|
|
- ports:
|
|
- protocol: TCP
|
|
port: 443
|
|
- protocol: TCP
|
|
port: 6443
|
|
---
|
|
apiVersion: networking.k8s.io/v1
|
|
kind: NetworkPolicy
|
|
metadata:
|
|
name: allow-ingress-from-cnpg-operator-state-hub-db
|
|
namespace: databases
|
|
labels:
|
|
app.kubernetes.io/name: state-hub-db
|
|
railiance.io/layer: s3-platform
|
|
spec:
|
|
podSelector:
|
|
matchLabels:
|
|
cnpg.io/cluster: state-hub-db
|
|
policyTypes:
|
|
- Ingress
|
|
ingress:
|
|
- from:
|
|
- namespaceSelector:
|
|
matchLabels:
|
|
kubernetes.io/metadata.name: cnpg-system
|
|
ports:
|
|
- protocol: TCP
|
|
port: 5432
|
|
- protocol: TCP
|
|
port: 8000
|
|
- protocol: TCP
|
|
port: 9187
|
|
---
|
|
apiVersion: networking.k8s.io/v1
|
|
kind: NetworkPolicy
|
|
metadata:
|
|
name: allow-ingress-from-state-hub-namespace-state-hub-db
|
|
namespace: databases
|
|
labels:
|
|
app.kubernetes.io/name: state-hub-db
|
|
railiance.io/layer: s3-platform
|
|
spec:
|
|
podSelector:
|
|
matchLabels:
|
|
cnpg.io/cluster: state-hub-db
|
|
policyTypes:
|
|
- Ingress
|
|
ingress:
|
|
- from:
|
|
- namespaceSelector:
|
|
matchLabels:
|
|
railiance.io/postgres-client: state-hub-db
|
|
ports:
|
|
- protocol: TCP
|
|
port: 5432 |