raikoo2/memelord-raiko
1
0
Fork 0
Code Issues Pull Requests Packages Releases Activity

NetworkPolicy

Browse Source
This commit is contained in:
Raiko Oll
2026-02-17 15:03:22 +02:00
parent 23ea92636e
commit 9aeea7b830
1 changed files with 45 additions and 73 deletions
Download Patch File Download Diff File Expand all files Collapse all files

90
templates/NetworkPolicy.yaml
View File

@@ -3,88 +3,62 @@ apiVersion: networking.k8s.io/v1
kind: NetworkPolicy kind: NetworkPolicy
metadata: metadata:
name: dragonfly name: dragonfly
namespace: memelord-raiko namespace: memelord-laurivosandi
spec: spec:
podSelector: podSelector:
matchLabels: matchLabels:
app: memelord-raiko-redis app: memelord-laurivosandi-redis
app.kubernetes.io/name: dragonfly
policyTypes: policyTypes:
- Ingress - Ingress
ingress: ingress:
# App -> Redis
- from:
- podSelector:
matchLabels:
app: memelord-raiko
ports:
- protocol: TCP
port: 6379
# Prom -> Redis
- from:
- namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: monitoring
ports:
- protocol: TCP
port: 6379
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: postgres
namespace: memelord-raiko
spec:
podSelector:
matchLabels:
cnpg.io/cluster: memelord-raiko-database
policyTypes:
- Ingress
ingress:
# App -> Postgres SQL
- from: - from:
- podSelector: - podSelector:
matchLabels: matchLabels:
app: memelord app: memelord
ports: ports:
- protocol: TCP - protocol: TCP
port: 5432 port: 6379
- from: # Dragonfly replication
# Primary-secondary replication (jääb alles) - podSelector:
matchLabels:
app: memelord-laurivosandi-redis
app.kubernetes.io/name: dragonfly
ports:
- protocol: TCP
port: 9999
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: postgres
namespace: memelord-laurivosandi
spec:
podSelector:
matchLabels:
cnpg.io/cluster: memelord-laurivosandi-database
policyTypes:
- Ingress
ingress:
- from: - from:
- podSelector: - podSelector:
matchLabels: matchLabels:
cnpg.io/cluster: memelord-raiko-database app: memelord
- podSelector: # Primary-secondary replication!
matchLabels:
cnpg.io/cluster: memelord-laurivosandi-database
ports: ports:
- protocol: TCP - protocol: TCP
port: 5432 port: 5432
- ports: # Probes do work now!
# CNPG operator/controller -> Postgres management/health (sinu log näitas port 8000)
- from:
- namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: cnpg-system
ports:
- protocol: TCP - protocol: TCP
port: 8000 port: 8000
# Prometheus -> Postgres (vali õige port vastavalt exporterile/metricsile)
- from:
- namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: monitoring
ports:
- protocol: TCP
port: 5432
# - protocol: TCP
# port: 9187
--- ---
apiVersion: networking.k8s.io/v1 apiVersion: networking.k8s.io/v1
kind: NetworkPolicy kind: NetworkPolicy
metadata: metadata:
name: memelord name: memelord
namespace: memelord-raiko namespace: memelord-laurivosandi
spec: spec:
podSelector: podSelector:
matchLabels: matchLabels:
@@ -99,5 +73,3 @@ spec:
ports: ports:
- protocol: TCP - protocol: TCP
port: 8000 port: 8000