diff --git a/projects/drone/project.yml b/projects/drone/project.yml index 30231977..2c477bba 100644 --- a/projects/drone/project.yml +++ b/projects/drone/project.yml @@ -8,6 +8,9 @@ config: - allow-runner - allow-minio + labels: + environment: external + apps: - name: drone repoURL: https://github.com/nold360/drone-charts.git diff --git a/projects/gitea/project.yml b/projects/gitea/project.yml index 0c45492a..70fd98fe 100644 --- a/projects/gitea/project.yml +++ b/projects/gitea/project.yml @@ -5,6 +5,10 @@ config: - internet rules: - allow-ssh + + labels: + environment: external + apps: - name: gitea repoURL: https://dl.gitea.io/charts/ diff --git a/projects/ingress-external/project.yml b/projects/ingress-external/project.yml index b5fa46d1..ed75e316 100644 --- a/projects/ingress-external/project.yml +++ b/projects/ingress-external/project.yml @@ -3,6 +3,8 @@ config: networkPolicy: rules: - allow-dns + - allow-ingress-traffic + - allow-external-services apps: - name: ingress-external diff --git a/projects/nextcloud/project.yaml b/projects/nextcloud/project.yaml index e80e0010..590cbaff 100644 --- a/projects/nextcloud/project.yaml +++ b/projects/nextcloud/project.yaml @@ -3,6 +3,10 @@ config: networkPolicy: groups: - internet + + labels: + environment: external + apps: - name: nextcloud repoURL: https://nextcloud.github.io/helm diff --git a/resources/networkpolicy.yml b/resources/networkpolicy.yml index cf969cac..12b82c9f 100644 --- a/resources/networkpolicy.yml +++ b/resources/networkpolicy.yml @@ -68,7 +68,7 @@ networkPolicy: - from: - namespaceSelector: matchLabels: - app.heqet.gnu.one/name: ingress-external + project.heqet.gnu.one/name: ingress-external # Allow SSH for Gitea allow-ssh: @@ -134,3 +134,22 @@ networkPolicy: - namespaceSelector: matchLabels: name: minio + + allow-ingress-traffic: + podSelector: {} + policyTypes: + - Ingress + ingress: + - {} + + allow-external-services: + podSelector: {} + policyTypes: + - Egress + egress: + - to: + - namespaceSelector: + matchLabels: + environment: external + +