From 46807f93d967bf7830146450eba2b9d49b4b0562 Mon Sep 17 00:00:00 2001 From: Raiko Oll Date: Tue, 17 Feb 2026 14:45:26 +0200 Subject: [PATCH] NetworkPolicy --- templates/NetworkPolicy.yaml | 80 +++++++++++++++++++++++++----------- 1 file changed, 57 insertions(+), 23 deletions(-) diff --git a/templates/NetworkPolicy.yaml b/templates/NetworkPolicy.yaml index 0eb5254..125838d 100644 --- a/templates/NetworkPolicy.yaml +++ b/templates/NetworkPolicy.yaml @@ -1,31 +1,65 @@ + +--- apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: - name: {{ .Release.Name }}-dragonfly-ingress-lockdown + name: dragonfly + namespace: memelord-raiko spec: podSelector: matchLabels: - app: {{ .Release.Name }}-redis - + app: memelord-raiko-redis + app.kubernetes.io/name: dragonfly policyTypes: - - Ingress - + - Ingress ingress: - - from: - - podSelector: - matchLabels: - app: {{ .Release.Name }} - ports: - - protocol: TCP - port: 6379 - - - - from: - - namespaceSelector: - matchLabels: - kubernetes.io/metadata.name: monitoring - ports: - - protocol: TCP - port: 5432 - # - protocol: TCP - # port: 9121 + - from: + - podSelector: + matchLabels: + app: memelord + ports: + - protocol: TCP + port: 6379 +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: postgres + namespace: memelord-raiko +spec: + podSelector: + matchLabels: + cnpg.io/cluster: memelord-raiko-database + policyTypes: + - Ingress + ingress: + - from: + - podSelector: + matchLabels: + app: memelord + - podSelector: # Primary-secondary replication! + matchLabels: + cnpg.io/cluster: memelord-raiko-database + ports: + - protocol: TCP + port: 5432 +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: memelord + namespace: memelord-raiko +spec: + podSelector: + matchLabels: + app: memelord + policyTypes: + - Ingress + ingress: + - from: + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: traefik + ports: + - protocol: TCP + port: 8000