From 9aeea7b830e4b70da2bf31a25e623d866f5f9b7c Mon Sep 17 00:00:00 2001 From: Raiko Oll Date: Tue, 17 Feb 2026 15:03:22 +0200 Subject: [PATCH] NetworkPolicy --- templates/NetworkPolicy.yaml | 118 +++++++++++++---------------------- 1 file changed, 45 insertions(+), 73 deletions(-) diff --git a/templates/NetworkPolicy.yaml b/templates/NetworkPolicy.yaml index 84c49f8..e428f65 100644 --- a/templates/NetworkPolicy.yaml +++ b/templates/NetworkPolicy.yaml @@ -3,101 +3,73 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: dragonfly - namespace: memelord-raiko + namespace: memelord-laurivosandi spec: podSelector: matchLabels: - app: memelord-raiko-redis + app: memelord-laurivosandi-redis + app.kubernetes.io/name: dragonfly policyTypes: - - Ingress + - Ingress ingress: - # App -> Redis - - from: - - podSelector: - matchLabels: - app: memelord-raiko - ports: - - protocol: TCP - port: 6379 - - # Prom -> Redis - - from: - - namespaceSelector: - matchLabels: - kubernetes.io/metadata.name: monitoring - ports: - - protocol: TCP - port: 6379 + - from: + - podSelector: + matchLabels: + app: memelord + ports: + - protocol: TCP + port: 6379 + - from: # Dragonfly replication + - podSelector: + matchLabels: + app: memelord-laurivosandi-redis + app.kubernetes.io/name: dragonfly + ports: + - protocol: TCP + port: 9999 --- apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: postgres - namespace: memelord-raiko + namespace: memelord-laurivosandi spec: podSelector: matchLabels: - cnpg.io/cluster: memelord-raiko-database + cnpg.io/cluster: memelord-laurivosandi-database policyTypes: - - Ingress + - Ingress ingress: - # App -> Postgres SQL - - from: - - podSelector: - matchLabels: - app: memelord - ports: - - protocol: TCP - port: 5432 - - # Primary-secondary replication (jääb alles) - - from: - - podSelector: - matchLabels: - cnpg.io/cluster: memelord-raiko-database - ports: - - protocol: TCP - port: 5432 - - # CNPG operator/controller -> Postgres management/health (sinu log näitas port 8000) - - from: - - namespaceSelector: - matchLabels: - kubernetes.io/metadata.name: cnpg-system - ports: - - protocol: TCP - port: 8000 - - # Prometheus -> Postgres (vali õige port vastavalt exporterile/metricsile) - - from: - - namespaceSelector: - matchLabels: - kubernetes.io/metadata.name: monitoring - ports: - - protocol: TCP - port: 5432 - # - protocol: TCP - # port: 9187 - + - from: + - podSelector: + matchLabels: + app: memelord + - podSelector: # Primary-secondary replication! + matchLabels: + cnpg.io/cluster: memelord-laurivosandi-database + ports: + - protocol: TCP + port: 5432 + - ports: # Probes do work now! + - protocol: TCP + port: 8000 --- apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: memelord - namespace: memelord-raiko + namespace: memelord-laurivosandi spec: podSelector: matchLabels: - app: memelord + app: memelord policyTypes: - - Ingress + - Ingress ingress: - - from: - - namespaceSelector: - matchLabels: - kubernetes.io/metadata.name: traefik - ports: - - protocol: TCP - port: 8000 - - + - from: + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: traefik + ports: + - protocol: TCP + port: 8000