now also supporting linkerd
and some cleanup
This commit is contained in:
parent
c522f16d64
commit
01700876cf
@ -1,6 +1,37 @@
|
|||||||
|
{{- if not .Open }}
|
||||||
---
|
---
|
||||||
####################################################################################
|
kind: NetworkPolicy
|
||||||
# LINKERD NETPOL TBD
|
apiVersion: networking.k8s.io/v1
|
||||||
####################################################################################
|
metadata:
|
||||||
|
name: allow-linkerd # required for OCSP
|
||||||
|
namespace: {{ .Name }}
|
||||||
|
spec:
|
||||||
|
podSelector: {}
|
||||||
|
policyTypes:
|
||||||
|
- Ingress
|
||||||
|
- Egress
|
||||||
|
ingress:
|
||||||
|
- from:
|
||||||
|
- namespaceSelector:
|
||||||
|
matchExpressions:
|
||||||
|
- key: kubernetes.io/metadata.name
|
||||||
|
operator: In
|
||||||
|
values:
|
||||||
|
- linkerd-viz
|
||||||
|
- ports:
|
||||||
|
- port: linkerd-admin
|
||||||
|
from:
|
||||||
|
- namespaceSelector:
|
||||||
|
matchLabels:
|
||||||
|
kubernetes.io/metadata.name: monitoring
|
||||||
|
# podSelector prometheus
|
||||||
|
egress:
|
||||||
|
- to:
|
||||||
|
- namespaceSelector:
|
||||||
|
matchExpressions:
|
||||||
|
- key: kubernetes.io/metadata.name
|
||||||
|
operator: In
|
||||||
|
values:
|
||||||
|
- linkerd
|
||||||
|
- linkerd-jaeger
|
||||||
|
{{- end }}
|
||||||
@ -1,3 +1,4 @@
|
|||||||
|
{{- if not .app.Namespace.Open }}
|
||||||
---
|
---
|
||||||
kind: CiliumNetworkPolicy
|
kind: CiliumNetworkPolicy
|
||||||
apiVersion: cilium.io/v2
|
apiVersion: cilium.io/v2
|
||||||
@ -24,3 +25,4 @@ spec:
|
|||||||
protocol: TCP
|
protocol: TCP
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
|
||||||
|
{{- end }}
|
||||||
@ -1,4 +1,3 @@
|
|||||||
---
|
|
||||||
{{- define "ports" }}
|
{{- define "ports" }}
|
||||||
{{- range $port := . }}
|
{{- range $port := . }}
|
||||||
- port: {{ $port.Port }}
|
- port: {{ $port.Port }}
|
||||||
@ -36,6 +35,7 @@
|
|||||||
{{- end }}
|
{{- end }}
|
||||||
|
|
||||||
{{- if not .app.Namespace.Open }}
|
{{- if not .app.Namespace.Open }}
|
||||||
|
---
|
||||||
kind: NetworkPolicy
|
kind: NetworkPolicy
|
||||||
apiVersion: networking.k8s.io/v1
|
apiVersion: networking.k8s.io/v1
|
||||||
metadata:
|
metadata:
|
||||||
|
|||||||
@ -14,7 +14,7 @@ networks:
|
|||||||
|
|
||||||
namespaces:
|
namespaces:
|
||||||
- name: wamblee-org
|
- name: wamblee-org
|
||||||
open: false
|
#open: true
|
||||||
capabilities:
|
capabilities:
|
||||||
- linkerd
|
- linkerd
|
||||||
applications:
|
applications:
|
||||||
@ -29,6 +29,7 @@ namespaces:
|
|||||||
app: nexus-server
|
app: nexus-server
|
||||||
|
|
||||||
- name: exposure
|
- name: exposure
|
||||||
|
open: false
|
||||||
applications:
|
applications:
|
||||||
- name: httpd-wamblee-org
|
- name: httpd-wamblee-org
|
||||||
matchLabels:
|
matchLabels:
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user