nold/hive-apps
1
0
Fork 0
mirror of https://github.com/nold360/hive-apps synced 2024-12-22 13:01:21 +00:00
Code Issues Projects Releases Packages Wiki Activity

fix(netpol)

Browse source
This commit is contained in:
nold 2022-12-11 11:30:44 +01:00
parent 19ff908786
commit 7b4ef9c968
2 changed files with 6 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
projects/nextcloud/project.yaml
View file

@ -5,6 +5,7 @@ config:
- internet - internet
rules: rules:
- allow-minio - allow-minio
- allow-cnpg-nextcloud
labels: labels:
environment: external environment: external

12
resources/networkpolicy.yml
View file

@ -16,6 +16,7 @@ networkPolicy:
- allow-dns - allow-dns
- allow-proxy - allow-proxy
- allow-ingress - allow-ingress
- allow-ingress-traffic
rules: rules:
# Allow DNS to all Namespaces, deny everything else # Allow DNS to all Namespaces, deny everything else
@ -45,9 +46,7 @@ networkPolicy:
# Cloudnative PG # Cloudnative PG
allow-cnpg-nextcloud: allow-cnpg-nextcloud:
podSelector: podSelector: {}
matchLabels:
cnpg.io/cluster: nextcloud
policyTypes: policyTypes:
- Egress - Egress
egress: egress:
@ -55,9 +54,8 @@ networkPolicy:
- port: 443 - port: 443
protocol: TCP protocol: TCP
to: to:
- namespaceSelector: - ipBlock:
matchLabels: cidr: 10.43.0.1/32
name: kube-system
# Allow access to internet proxy # Allow access to internet proxy
allow-proxy: allow-proxy:
@ -136,7 +134,7 @@ networkPolicy:
to: to:
- namespaceSelector: - namespaceSelector:
matchLabels: matchLabels:
name: minio app.heqet.gnu.one/name: minio
allow-ingress-traffic: allow-ingress-traffic:
podSelector: {} podSelector: {}