NetworkPolicy

2026-02-17 14:53:58 +02:00
parent 46807f93d9
commit 3d6b022cad
1 changed files with 40 additions and 11 deletions
--- a/templates/NetworkPolicy.yaml
+++ b/templates/NetworkPolicy.yaml
@@ -33,16 +33,44 @@ spec:
  policyTypes:
    - Ingress
  ingress:
+    # App -> Postgres SQL
    - from:
        - podSelector:
            matchLabels:
              app: memelord
-    - podSelector: # Primary-secondary replication!
+      ports:
+        - protocol: TCP
+          port: 5432
+
+    # Primary-secondary replication (jääb alles)
+    - from:
+        - podSelector:
            matchLabels:
              cnpg.io/cluster: memelord-raiko-database
      ports:
        - protocol: TCP
          port: 5432
+
+    # CNPG operator/controller -> Postgres management/health (sinu log näitas port 8000)
+    - from:
+        - namespaceSelector:
+            matchLabels:
+              kubernetes.io/metadata.name: cnpg-system
+      ports:
+        - protocol: TCP
+          port: 8000
+
+    # Prometheus -> Postgres (vali õige port vastavalt exporterile/metricsile)
+    - from:
+        - namespaceSelector:
+            matchLabels:
+              kubernetes.io/metadata.name: monitoring
+      ports:
+        - protocol: TCP
+          port: 5432
+        # - protocol: TCP
+        #   port: 9187
+
 ---
 apiVersion: networking.k8s.io/v1
 kind: NetworkPolicy
@@ -63,3 +91,4 @@ spec:
    ports:
    - protocol: TCP
      port: 8000
+