platform/manifests
1
0
Fork 0
Code Issues 7 Pull Requests 5 Actions Packages Projects Releases Wiki Activity

fix: make cilium s3 policies global

Browse Source
This commit is contained in:
Jonas Juselius
2025-05-05 16:06:51 +02:00
parent 46aff6f91e
commit 04f2db17b7
186 changed files with 25 additions and 63 deletions
Download Patch File Download Diff File Expand all files Collapse all files
apps/sys/charts/sys-cilium-policies/templates/ingress-nginx/CiliumNetworkPolicy-allow-host-traffic.yaml
+14
View File
@@ -0,0 +1,14 @@
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
name: allow-host-traffic
namespace: ingress-nginx
spec:
egress:
- toEntities:
- kube-apiserver
- host
endpointSelector:
matchLabels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: ingress-nginx
apps/sys/charts/sys-cilium-policies/templates/ingress-nginx/CiliumNetworkPolicy-allow-hubble-traffic.yaml
+14
View File
@@ -0,0 +1,14 @@
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
name: allow-hubble-traffic
namespace: ingress-nginx
spec:
egress:
- toFQDNs:
- matchPattern: hubble.*.*.*
- matchPattern: hubble.*.*.*.*
endpointSelector:
matchLabels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: ingress-nginx
apps/sys/charts/sys-cilium-policies/templates/ingress-nginx/CiliumNetworkPolicy-allow-prometheus-metrics.yaml
+17
View File
@@ -0,0 +1,17 @@
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
name: allow-prometheus-metrics
namespace: ingress-nginx
spec:
endpointSelector:
matchLabels:
app.kubernetes.io/instance: ingress-nginx
ingress:
- fromEndpoints:
- matchLabels:
io.kubernetes.pod.namespace: prometheus
- toPorts:
- ports:
- port: "9913"
protocol: TCP
apps/sys/charts/sys-cilium-policies/templates/ingress-nginx/CiliumNetworkPolicy-allow-s3-traffic.yaml
+19
View File
@@ -0,0 +1,19 @@
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
name: allow-s3-traffic
namespace: ingress-nginx
spec:
egress:
- toCIDR:
- 10.139.2.10/32
- toCIDR:
- 10.139.2.11/32
- toCIDR:
- 10.139.2.20/32
- toCIDR:
- 10.139.2.21/32
endpointSelector:
matchLabels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: ingress-nginx
apps/sys/charts/sys-cilium-policies/templates/ingress-nginx/CiliumNetworkPolicy-allow-world-to-ingress-nginx.yaml
+19
View File
@@ -0,0 +1,19 @@
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
name: allow-world-to-ingress-nginx
namespace: ingress-nginx
spec:
endpointSelector:
matchLabels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: ingress-nginx
ingress:
- fromEntities:
- world
- toPorts:
- ports:
- port: "80"
protocol: TCP
- port: "443"
protocol: TCP