platform/manifests
1
0
Fork 0
Code Issues 7 Pull Requests 5 Actions Packages Projects Releases Wiki Activity

fix: update white-listing annotation

Browse Source
This commit is contained in:
Jonas Juselius
2025-06-22 08:33:29 +02:00
parent 561c620f98
commit 383477822a
141 changed files with 1854 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files
apps/charts/cilium/templates/argocd/CiliumNetworkPolicy-allow-applicationset-ingress.yaml
+14
View File
@@ -0,0 +1,14 @@
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
name: allow-applicationset-ingress
namespace: argocd
spec:
description: Allow access from the ingress controller
endpointSelector:
matchLabels:
app.kubernetes.io/component: applicationset-controller
ingress:
- fromEndpoints:
- matchLabels:
io.kubernetes.pod.namespace: ingress-nginx
apps/charts/cilium/templates/argocd/CiliumNetworkPolicy-allow-argo-notifications.yaml
+13
View File
@@ -0,0 +1,13 @@
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
name: allow-argo-notifications
namespace: argocd
spec:
description: Allow access to the ArgoCD Notifications
egress:
- toFQDNs:
- matchName: slack.com
endpointSelector:
matchLabels:
app.kubernetes.io/component: notifications-controller
apps/charts/cilium/templates/argocd/CiliumNetworkPolicy-allow-argo-repo-access-applicationset.yaml
+13
View File
@@ -0,0 +1,13 @@
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
name: allow-argo-repo-access-applicationset
namespace: argocd
spec:
description: Allow access to the ArgoCD repo Applicationset
egress:
- toEntities:
- world
endpointSelector:
matchLabels:
app.kubernetes.io/component: applicationset-controller
apps/charts/cilium/templates/argocd/CiliumNetworkPolicy-allow-argo-repo-access.yaml
+13
View File
@@ -0,0 +1,13 @@
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
name: allow-argo-repo-access
namespace: argocd
spec:
description: Allow access to the ArgoCD repo server
egress:
- toEntities:
- world
endpointSelector:
matchLabels:
app.kubernetes.io/component: repo-server
apps/charts/cilium/templates/argocd/CiliumNetworkPolicy-allow-chartmuseum-ingress.yaml
+14
View File
@@ -0,0 +1,14 @@
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
name: allow-chartmuseum-ingress
namespace: argocd
spec:
description: Allow access to the chartmuseum ingress
endpointSelector:
matchLabels:
app.kubernetes.io/name: chartmuseum
ingress:
- fromEndpoints:
- matchLabels:
io.kubernetes.pod.namespace: ingress-nginx
apps/charts/cilium/templates/argocd/CiliumNetworkPolicy-allow-image-updater-repo-access.yaml
+13
View File
@@ -0,0 +1,13 @@
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
name: allow-image-updater-repo-access
namespace: argocd
spec:
description: Allow argoCD image updater to access github container registry
egress:
- toFQDNs:
- matchName: ghcr.io
endpointSelector:
matchLabels:
app.kubernetes.io/name: argocd-image-updater
apps/charts/cilium/templates/argocd/CiliumNetworkPolicy-allow-ingress.yaml
+14
View File
@@ -0,0 +1,14 @@
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
name: allow-ingress
namespace: argocd
spec:
description: Allow access from the ingress controller
endpointSelector:
matchLabels:
app.kubernetes.io/component: server
ingress:
- fromEndpoints:
- matchLabels:
io.kubernetes.pod.namespace: ingress-nginx
apps/charts/cilium/templates/argocd/CiliumNetworkPolicy-allow-kube-api.yaml
+16
View File
@@ -0,0 +1,16 @@
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
name: allow-kube-api
namespace: argocd
spec:
description: Allow access to the Kube API server
egress:
- toEntities:
- kube-apiserver
toPorts:
- ports:
- port: "6443"
protocol: TCP
endpointSelector:
matchLabels: {}
apps/charts/cilium/templates/argocd/CiliumNetworkPolicy-allow-microsoft-sso.yaml
+16
View File
@@ -0,0 +1,16 @@
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
name: allow-microsoft-sso
namespace: argocd
spec:
description: Allow argoCD dex server to authenticate to microsoft online azure oatuh
egress:
- toFQDNs:
- matchName: login.microsoftonline.com
- matchPattern: '*.microsoftonline.com'
- matchName: github.com
- matchName: api.github.com
endpointSelector:
matchLabels:
app.kubernetes.io/name: argocd-dex-server
apps/charts/cilium/templates/argocd/CiliumNetworkPolicy-allow-prometheus-metrics-rollout.yaml
+18
View File
@@ -0,0 +1,18 @@
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
name: allow-prometheus-metrics-rollout
namespace: argocd
spec:
description: Allow access to the Prometheus metrics
endpointSelector:
matchLabels:
app.kubernetes.io/instance: argo-rollouts
ingress:
- fromEndpoints:
- matchLabels:
io.kubernetes.pod.namespace: prometheus
toPorts:
- ports:
- port: "8090"
protocol: TCP
apps/charts/cilium/templates/argocd/CiliumNetworkPolicy-allow-prometheus-metrics-workflows.yaml
+18
View File
@@ -0,0 +1,18 @@
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
name: allow-prometheus-metrics-workflows
namespace: argocd
spec:
description: Allow access to the Prometheus metrics
endpointSelector:
matchLabels:
app.kubernetes.io/instance: argo-workflows
ingress:
- fromEndpoints:
- matchLabels:
io.kubernetes.pod.namespace: prometheus
toPorts:
- ports:
- port: "9090"
protocol: TCP
apps/charts/cilium/templates/argocd/CiliumNetworkPolicy-allow-prometheus-metrics.yaml
+30
View File
@@ -0,0 +1,30 @@
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
name: allow-prometheus-metrics
namespace: argocd
spec:
description: Allow access to the Prometheus metrics
endpointSelector:
matchLabels:
app.kubernetes.io/instance: argocd
ingress:
- fromEndpoints:
- matchLabels:
io.kubernetes.pod.namespace: prometheus
toPorts:
- ports:
- port: "8082"
protocol: TCP
- port: "8080"
protocol: TCP
- port: "9001"
protocol: TCP
- port: "9121"
protocol: TCP
- port: "8084"
protocol: TCP
- port: "8083"
protocol: TCP
- port: "5558"
protocol: TCP