NetworkPolicy

templates/NetworkPolicy.yaml

@@ -1,31 +1,65 @@
+
+---
 apiVersion: networking.k8s.io/v1
 kind: NetworkPolicy
 metadata:
-  name: {{ .Release.Name }}-dragonfly-ingress-lockdown
+  name: dragonfly
+  namespace: memelord-raiko
 spec:
   podSelector:
     matchLabels:
-      app: {{ .Release.Name }}-redis
+      app: memelord-raiko-redis
-
+      app.kubernetes.io/name: dragonfly
   policyTypes:
-    - Ingress
+  - Ingress
-
   ingress:
-    - from:
+  - from:
-        - podSelector:
+    - podSelector:
-            matchLabels:
+        matchLabels:
-              app: {{ .Release.Name }}
+           app: memelord
-      ports:
+    ports:
-        - protocol: TCP
+    - protocol: TCP
-          port: 6379
+      port: 6379
-
+---
-
+apiVersion: networking.k8s.io/v1
-    - from:
+kind: NetworkPolicy
-        - namespaceSelector:
+metadata:
-            matchLabels:
+  name: postgres
-              kubernetes.io/metadata.name: monitoring
+  namespace: memelord-raiko
-      ports:
+spec:
-        - protocol: TCP
+  podSelector:
-          port: 5432
+    matchLabels:
-        # - protocol: TCP
+      cnpg.io/cluster: memelord-raiko-database
-        #   port: 9121
+  policyTypes:
+  - Ingress
+  ingress:
+  - from:
+    - podSelector:
+        matchLabels:
+           app: memelord
+    - podSelector: # Primary-secondary replication!
+        matchLabels:
+          cnpg.io/cluster: memelord-raiko-database
+    ports:
+    - protocol: TCP
+      port: 5432
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: memelord
+  namespace: memelord-raiko
+spec:
+  podSelector:
+    matchLabels:
+       app: memelord
+  policyTypes:
+  - Ingress
+  ingress:
+  - from:
+    - namespaceSelector:
+        matchLabels:
+          kubernetes.io/metadata.name: traefik
+    ports:
+    - protocol: TCP
+      port: 8000