--- apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: dragonfly namespace: memelord-raiko spec: podSelector: matchLabels: app: memelord-raiko-redis app.kubernetes.io/name: dragonfly policyTypes: - Ingress ingress: # App -> Redis - from: - podSelector: matchLabels: app: memelord ports: - protocol: TCP port: 6379 # Prom -> Redis - from: - namespaceSelector: matchLabels: kubernetes.io/metadata.name: monitoring ports: - protocol: TCP port: 6379 --- apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: postgres namespace: memelord-raiko spec: podSelector: matchLabels: cnpg.io/cluster: memelord-raiko-database policyTypes: - Ingress ingress: # App -> Postgres SQL - from: - podSelector: matchLabels: app: memelord ports: - protocol: TCP port: 5432 # Primary-secondary replication (jääb alles) - from: - podSelector: matchLabels: cnpg.io/cluster: memelord-raiko-database ports: - protocol: TCP port: 5432 # CNPG operator/controller -> Postgres management/health (sinu log näitas port 8000) - from: - namespaceSelector: matchLabels: kubernetes.io/metadata.name: cnpg-system ports: - protocol: TCP port: 8000 # Prometheus -> Postgres (vali õige port vastavalt exporterile/metricsile) - from: - namespaceSelector: matchLabels: kubernetes.io/metadata.name: monitoring ports: - protocol: TCP port: 5432 # - protocol: TCP # port: 9187 --- apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: memelord namespace: memelord-raiko spec: podSelector: matchLabels: app: memelord policyTypes: - Ingress ingress: - from: - namespaceSelector: matchLabels: kubernetes.io/metadata.name: traefik ports: - protocol: TCP port: 8000