platform/manifests
1
0
Fork 0
Code Issues 7 Pull Requests 6 Actions Packages Projects Releases Wiki Activity

refactor: move resorces and policies to system

Browse Source
This commit is contained in:
Jonas Juselius
2025-06-19 16:55:23 +02:00
parent 7cd6cc352b
commit cea7ff8537
47 changed files with 0 additions and 69 deletions
Download Patch File Download Diff File Expand all files Collapse all files
policies/default.nix
-7
View File
@@ -1,7 +0,0 @@
{ ... }:
{
imports = [
./oceanbox/network
# ./oceanbox/kyverno
];
}
policies/oceanbox/network/default.nix
-7
View File
@@ -1,7 +0,0 @@
{ ... }:
{
imports = [
./external-ceph.nix
./microsoftonline.nix
];
}
policies/oceanbox/network/external-ceph.nix
-22
View File
@@ -1,22 +0,0 @@
{ ... }:
{
applications.netpol-external-ceph = {
resources = {
ciliumClusterwideNetworkPolicies = {
allow-external-ceph-egress.spec = {
egress = [
{
toCIDR = [
"10.255.241.30/32"
"10.255.241.31/32"
"10.255.241.32/32"
"10.255.244.0/24"
];
}
];
endpointSelector = { };
};
};
};
};
}
policies/oceanbox/network/microsoftonline.nix
-21
View File
@@ -1,21 +0,0 @@
{ ... }:
{
applications.netpol-microsoftonline = {
project = "netpol";
resources = {
ciliumClusterwideNetworkPolicies = {
allow-microsoftonline.spec = {
endpointSelector = { };
egress = [
{
toFQDNs = [
{ matchName = "login.microsoftonline.com"; }
{ matchPattern = "*.microsoftonline.com"; }
];
}
];
};
};
};
};
}
policies/oceanbox/network/templ.nix
-12
View File
@@ -1,12 +0,0 @@
{ ... }:
{
applications.xxx = {
resources = {
ciliumClusterwideNetworkPolicies = {
xxx.spec =
{
};
};
};
};
}
policies/ekman/kyverno/add-ingress-whitelist.yaml → values/system/ekman/kyverno/add-ingress-whitelist.yaml
View File
policies/ekman/kyverno/sync-keyvault-secret.yaml → values/system/ekman/kyverno/sync-keyvault-secret.yaml
View File
policies/ekman/kyverno/sync-oceanbox-regcred.yaml → values/system/ekman/kyverno/sync-oceanbox-regcred.yaml
View File
policies/ekman/kyverno/sync-sorcerer-secrets.yaml → values/system/ekman/kyverno/sync-sorcerer-secrets.yaml
View File
values/system/oceanbox/empty.yaml
View File
resources/oceanbox/ingress/hubble-ui-ingress.yaml → values/system/oceanbox/hubble-ui-ingress.yaml
View File
policies/oceanbox/kyverno/add-ingress-whitelist.yaml → values/system/oceanbox/kyverno/add-ingress-whitelist.yaml
View File
policies/oceanbox/kyverno/add-openfga-secret.yaml → values/system/oceanbox/kyverno/add-openfga-secret.yaml
View File
policies/oceanbox/kyverno/remove-argocd-tracking-id.yaml → values/system/oceanbox/kyverno/remove-argocd-tracking-id.yaml
View File
policies/oceanbox/kyverno/sync-atlantis-secrets.yaml → values/system/oceanbox/kyverno/sync-atlantis-secrets.yaml
View File
policies/oceanbox/kyverno/sync-keyvault-secret.yaml → values/system/oceanbox/kyverno/sync-keyvault-secret.yaml
View File
policies/oceanbox/kyverno/sync-regcred.yaml → values/system/oceanbox/kyverno/sync-regcred.yaml
View File
policies/oceanbox/network/allow-azure-egress.yaml → values/system/oceanbox/network/allow-azure-egress.yaml
View File
policies/oceanbox/network/allow-ceph-egress.yaml → values/system/oceanbox/network/allow-ceph-egress.yaml
View File
policies/oceanbox/network/allow-microsoft-oidc-login.yaml → values/system/oceanbox/network/allow-microsoft-oidc-login.yaml
View File
policies/oceanbox/network/atlantis/allow-api-server.yaml → values/system/oceanbox/network/atlantis/allow-api-server.yaml
View File
policies/oceanbox/network/atlantis/atlantis-policies.yaml → values/system/oceanbox/network/atlantis/atlantis-policies.yaml
View File
policies/oceanbox/network/clusterpolicy-allow-api-server.yaml → values/system/oceanbox/network/clusterpolicy-allow-api-server.yaml
View File
policies/oceanbox/network/clusterpolicy-allow-ekman-egress.yaml → values/system/oceanbox/network/clusterpolicy-allow-ekman-egress.yaml
View File
policies/oceanbox/network/clusterpolicy-allow-namespace-traffic.yaml → values/system/oceanbox/network/clusterpolicy-allow-namespace-traffic.yaml
View File
policies/oceanbox/network/clusterpolicy-allow-oceanboxio.yaml → values/system/oceanbox/network/clusterpolicy-allow-oceanboxio.yaml
View File
policies/oceanbox/network/clusterpolicy-allow-remote-node.yaml → values/system/oceanbox/network/clusterpolicy-allow-remote-node.yaml
View File
policies/oceanbox/network/csi-addons-controller/allow-9070-host.yaml → values/system/oceanbox/network/csi-addons-controller/allow-9070-host.yaml
View File
policies/oceanbox/network/dapr/allow-api-server.yaml → values/system/oceanbox/network/dapr/allow-api-server.yaml
View File
policies/oceanbox/network/dapr/allow-remote-node.yaml → values/system/oceanbox/network/dapr/allow-remote-node.yaml
View File
policies/oceanbox/network/geoserver/allow-geoserver-ingress.yaml → values/system/oceanbox/network/geoserver/allow-geoserver-ingress.yaml
View File
policies/oceanbox/network/idp/allow-api-server.yaml → values/system/oceanbox/network/idp/allow-api-server.yaml
View File
policies/oceanbox/network/idp/allow-gitlab.yaml → values/system/oceanbox/network/idp/allow-gitlab.yaml
View File
policies/oceanbox/network/idp/allow-idp-external-access.yaml → values/system/oceanbox/network/idp/allow-idp-external-access.yaml
View File
policies/oceanbox/network/idp/allow-itp-smtpgw.yaml → values/system/oceanbox/network/idp/allow-itp-smtpgw.yaml
View File
policies/oceanbox/network/idp/allow-keycloak.yaml → values/system/oceanbox/network/idp/allow-keycloak.yaml
View File
policies/oceanbox/network/jaeger/allow-api-server.yaml → values/system/oceanbox/network/jaeger/allow-api-server.yaml
View File
policies/oceanbox/network/jaeger/allow-remote-node.yaml → values/system/oceanbox/network/jaeger/allow-remote-node.yaml
View File
policies/oceanbox/network/loki/CiliumNetworkPolicy-allow-loki-backend-to-api-server.yaml → values/system/oceanbox/network/loki/CiliumNetworkPolicy-allow-loki-backend-to-api-server.yaml
View File
policies/oceanbox/network/loki/CiliumNetworkPolicy-allow-prometheus-metrics.yaml → values/system/oceanbox/network/loki/CiliumNetworkPolicy-allow-prometheus-metrics.yaml
View File
policies/oceanbox/network/loki/CiliumNetworkPolicy-allow-promtail-to-api-server.yaml → values/system/oceanbox/network/loki/CiliumNetworkPolicy-allow-promtail-to-api-server.yaml
View File
policies/oceanbox/network/loki/CiliumNetworkPolicy-allow-s3-traffic.yaml → values/system/oceanbox/network/loki/CiliumNetworkPolicy-allow-s3-traffic.yaml
View File
policies/oceanbox/network/loki/CiliumNetworkPolicy-allow-s3.yaml → values/system/oceanbox/network/loki/CiliumNetworkPolicy-allow-s3.yaml
View File
policies/oceanbox/network/loki/CiliumNetworkPolicy-allow-stats-grafana.yaml → values/system/oceanbox/network/loki/CiliumNetworkPolicy-allow-stats-grafana.yaml
View File
policies/oceanbox/network/rabbitmq/policy-allow-rabbitmq.yaml → values/system/oceanbox/network/rabbitmq/policy-allow-rabbitmq.yaml
View File
resources/oceanbox/redis-sso-sync-cronjob.yaml → values/system/oceanbox/redis-sso-sync-cronjob.yaml
View File
resources/oceanbox/vcluster-rabc.yaml → values/system/oceanbox/vcluster-rabc.yaml
View File