mirror of
https://github.com/nold360/hive-apps
synced 2024-12-22 13:01:21 +00:00
Add: repos & policies
This commit is contained in:
parent
f41d7cc028
commit
d5fb35a18b
2 changed files with 154 additions and 0 deletions
136
resources/networkpolicy.yml
Normal file
136
resources/networkpolicy.yml
Normal file
|
@ -0,0 +1,136 @@
|
|||
# NetworkPolicies predefinition
|
||||
# rules can be added to groups. Groups or rules can be applied to projects.
|
||||
#
|
||||
networkPolicy:
|
||||
config:
|
||||
# Generate NetworkPolicy to allow communication inside of the project namespace?
|
||||
# Only gets applied when other networkpolices are active on the project
|
||||
allowNamespace: true
|
||||
|
||||
default:
|
||||
groups: []
|
||||
rules: []
|
||||
|
||||
groups:
|
||||
internet:
|
||||
- allow-dns
|
||||
- allow-proxy
|
||||
- allow-ingress
|
||||
|
||||
rules:
|
||||
# Allow DNS to all Namespaces, deny everything else
|
||||
allow-dns:
|
||||
podSelector: {}
|
||||
policyTypes:
|
||||
- Egress
|
||||
egress:
|
||||
- ports:
|
||||
- port: 53
|
||||
protocol: UDP
|
||||
to:
|
||||
- namespaceSelector: {}
|
||||
|
||||
allow-kubeapi:
|
||||
podSelector: {}
|
||||
policyTypes:
|
||||
- Egress
|
||||
egress:
|
||||
- ports:
|
||||
- port: 443
|
||||
protocol: TCP
|
||||
to:
|
||||
- namespaceSelector:
|
||||
matchLabels:
|
||||
name: kube-system
|
||||
|
||||
# Allow access to internet proxy
|
||||
allow-proxy:
|
||||
podSelector: {}
|
||||
policyTypes:
|
||||
- Egress
|
||||
egress:
|
||||
- ports:
|
||||
- port: 80
|
||||
protocol: TCP
|
||||
- port: 3128
|
||||
protocol: TCP
|
||||
to:
|
||||
- namespaceSelector:
|
||||
matchLabels:
|
||||
app.heqet.gnu.one/name: proxy
|
||||
|
||||
# Allow access from ingress-external
|
||||
allow-ingress:
|
||||
podSelector: {}
|
||||
policyTypes:
|
||||
- Ingress
|
||||
ingress:
|
||||
- from:
|
||||
- namespaceSelector:
|
||||
matchLabels:
|
||||
app.heqet.gnu.one/name: ingress-external
|
||||
|
||||
# Allow SSH for Gitea
|
||||
allow-ssh:
|
||||
podSelector: {}
|
||||
policyTypes:
|
||||
- Ingress
|
||||
ingress:
|
||||
- from:
|
||||
- ipBlock:
|
||||
cidr: 192.168.1.0/24
|
||||
- namespaceSelector:
|
||||
matchLabels:
|
||||
app.heqet.gnu.one/name: wiki
|
||||
ports:
|
||||
- port: 2222
|
||||
protocol: TCP
|
||||
|
||||
# Allow direct access to gitea
|
||||
allow-gitea:
|
||||
podSelector: {}
|
||||
policyTypes:
|
||||
- Egress
|
||||
egress:
|
||||
- to:
|
||||
- namespaceSelector:
|
||||
matchLabels:
|
||||
app.heqet.gnu.one/name: gitea
|
||||
ports:
|
||||
- port: 2222
|
||||
protocol: TCP
|
||||
|
||||
# Allow Drone-Runner to access Drone
|
||||
allow-runner:
|
||||
podSelector: {}
|
||||
policyTypes:
|
||||
- Ingress
|
||||
ingress:
|
||||
- from:
|
||||
- namespaceSelector:
|
||||
matchLabels:
|
||||
app.heqet.gnu.one/name: drone-runner
|
||||
|
||||
# Allow Woodpacker-Agent to access Woodpacker Server
|
||||
allow-agent:
|
||||
podSelector: {}
|
||||
policyTypes:
|
||||
- Ingress
|
||||
ingress:
|
||||
- from:
|
||||
- namespaceSelector:
|
||||
matchLabels:
|
||||
app.heqet.gnu.one/name: woodpacker-agent
|
||||
|
||||
allow-minio:
|
||||
podSelector: {}
|
||||
policyTypes:
|
||||
- Egress
|
||||
egress:
|
||||
- ports:
|
||||
- port: 9000
|
||||
protocol: TCP
|
||||
to:
|
||||
- namespaceSelector:
|
||||
matchLabels:
|
||||
name: minio
|
18
resources/repos.yml
Normal file
18
resources/repos.yml
Normal file
|
@ -0,0 +1,18 @@
|
|||
# Dict of helm or git repos we want to add to ArgoCD
|
||||
# Parameters:
|
||||
# name-of-repo:
|
||||
# url: https://...
|
||||
# type: [default: helm | git]
|
||||
#
|
||||
repos:
|
||||
argo:
|
||||
url: https://argoproj.github.io/argo-helm
|
||||
bitnami:
|
||||
url: https://charts.bitnami.com/bitnami
|
||||
k8s-at-home:
|
||||
url: https://k8s-at-home.com/charts
|
||||
jetstack:
|
||||
url: https://charts.jetstack.io
|
||||
heqet:
|
||||
url: https://git.nold.in/nold/heqet
|
||||
type: git
|
Loading…
Reference in a new issue