platform/manifests
1
1
Fork 0
Code Issues 7 Pull Requests 6 Actions Packages Projects Releases Wiki Activity

fix: add cilium cluster feature guards to network policies

Browse Source
This commit is contained in:
Jonas Juselius
2025-06-24 14:26:03 +02:00
parent 4cff341fb0
commit d5e0da1692
78 changed files with 158 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
values/argo/manifests/policies/CiliumNetworkPolicy-allow-applicationset-ingress.yaml
+2
View File
@@ -1,3 +1,4 @@
{{- if .Values.clusterConfig.cilium.enabled }}
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
@@ -12,3 +13,4 @@ spec:
- fromEndpoints:
- matchLabels:
io.kubernetes.pod.namespace: ingress-nginx
{{- end }}
values/argo/manifests/policies/CiliumNetworkPolicy-allow-argo-notifications.yaml
+2
View File
@@ -1,3 +1,4 @@
{{- if .Values.clusterConfig.cilium.enabled }}
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
@@ -11,3 +12,4 @@ spec:
endpointSelector:
matchLabels:
app.kubernetes.io/component: notifications-controller
{{- end }}
values/argo/manifests/policies/CiliumNetworkPolicy-allow-argo-repo-access-applicationset.yaml
+2
View File
@@ -1,3 +1,4 @@
{{- if .Values.clusterConfig.cilium.enabled }}
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
@@ -11,3 +12,4 @@ spec:
endpointSelector:
matchLabels:
app.kubernetes.io/component: applicationset-controller
{{- end }}
values/argo/manifests/policies/CiliumNetworkPolicy-allow-argo-repo-access.yaml
+2
View File
@@ -1,3 +1,4 @@
{{- if .Values.clusterConfig.cilium.enabled }}
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
@@ -11,3 +12,4 @@ spec:
endpointSelector:
matchLabels:
app.kubernetes.io/component: repo-server
{{- end }}
values/argo/manifests/policies/CiliumNetworkPolicy-allow-chartmuseum-ingress.yaml
+2
View File
@@ -1,3 +1,4 @@
{{- if .Values.clusterConfig.cilium.enabled }}
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
@@ -12,3 +13,4 @@ spec:
- fromEndpoints:
- matchLabels:
io.kubernetes.pod.namespace: ingress-nginx
{{- end }}
values/argo/manifests/policies/CiliumNetworkPolicy-allow-image-updater-repo-access.yaml
+2
View File
@@ -1,3 +1,4 @@
{{- if .Values.clusterConfig.cilium.enabled }}
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
@@ -11,3 +12,4 @@ spec:
endpointSelector:
matchLabels:
app.kubernetes.io/name: argocd-image-updater
{{- end }}
values/argo/manifests/policies/CiliumNetworkPolicy-allow-ingress.yaml
+2
View File
@@ -1,3 +1,4 @@
{{- if .Values.clusterConfig.cilium.enabled }}
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
@@ -12,3 +13,4 @@ spec:
- fromEndpoints:
- matchLabels:
io.kubernetes.pod.namespace: ingress-nginx
{{- end }}
values/argo/manifests/policies/CiliumNetworkPolicy-allow-kube-api.yaml
+2
View File
@@ -1,3 +1,4 @@
{{- if .Values.clusterConfig.cilium.enabled }}
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
@@ -14,3 +15,4 @@ spec:
protocol: TCP
endpointSelector:
matchLabels: {}
{{- end }}
values/argo/manifests/policies/CiliumNetworkPolicy-allow-microsoft-sso.yaml
+2
View File
@@ -1,3 +1,4 @@
{{- if .Values.clusterConfig.cilium.enabled }}
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
@@ -14,3 +15,4 @@ spec:
endpointSelector:
matchLabels:
app.kubernetes.io/name: argocd-dex-server
{{- end }}
values/argo/manifests/policies/CiliumNetworkPolicy-allow-prometheus-metrics-rollout.yaml
+2
View File
@@ -1,3 +1,4 @@
{{- if .Values.clusterConfig.cilium.enabled }}
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
@@ -16,3 +17,4 @@ spec:
- ports:
- port: "8090"
protocol: TCP
{{- end }}
values/argo/manifests/policies/CiliumNetworkPolicy-allow-prometheus-metrics-workflows.yaml
+2
View File
@@ -1,3 +1,4 @@
{{- if .Values.clusterConfig.cilium.enabled }}
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
@@ -16,3 +17,4 @@ spec:
- ports:
- port: "9090"
protocol: TCP
{{- end }}
values/argo/manifests/policies/CiliumNetworkPolicy-allow-prometheus-metrics.yaml
+2
View File
@@ -1,3 +1,4 @@
{{- if .Values.clusterConfig.cilium.enabled }}
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
@@ -28,3 +29,4 @@ spec:
protocol: TCP
- port: "5558"
protocol: TCP
{{- end }}
values/atlantis/manifests/network/allow-api-server.yaml
+2
View File
@@ -1,3 +1,4 @@
{{- if .Values.clusterConfig.cilium.enabled }}
# apiVersion: cilium.io/v2
# kind: CiliumNetworkPolicy
# metadata:
@@ -13,3 +14,4 @@
# - ports:
# - port: "6443"
# protocol: TCP
{{- end }}
values/atlantis/manifests/network/allow-external-services.yaml
+2
View File
@@ -1,3 +1,4 @@
{{- if .Values.clusterConfig.cilium.enabled }}
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
@@ -9,3 +10,4 @@ spec:
- matchName: id.barentswatch.no
endpointSelector:
matchLabels: {}
{{- end }}
values/atlantis/manifests/network/allow-sentry.yaml
+2
View File
@@ -1,3 +1,4 @@
{{- if .Values.clusterConfig.cilium.enabled }}
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
@@ -10,3 +11,4 @@ spec:
endpointSelector:
matchLabels:
app.kubernetes.io/name: atlantis
{{- end }}
values/atlantis/manifests/network/atlantis-policies.yaml
+2
View File
@@ -1,3 +1,4 @@
{{- if .Values.clusterConfig.cilium.enabled }}
# apiVersion: cilium.io/v2
# kind: CiliumClusterwideNetworkPolicy
# metadata:
@@ -23,3 +24,4 @@
# # - matchPattern: '*.gitlab.com'
# endpointSelector:
# matchLabels: {}
{{- end }}
values/cert-manager/manifests/policies/CiliumNetworkPolicy-allow-api-server-to-cert-manager.yaml
+2
View File
@@ -1,3 +1,4 @@
{{- if .Values.clusterConfig.cilium.enabled }}
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
@@ -11,3 +12,4 @@ spec:
ingress:
- fromEntities:
- remote-node
{{- end }}
values/cert-manager/manifests/policies/CiliumNetworkPolicy-allow-api-server.yaml
+2
View File
@@ -1,3 +1,4 @@
{{- if .Values.clusterConfig.cilium.enabled }}
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
@@ -10,3 +11,4 @@ spec:
- kube-apiserver
endpointSelector:
matchLabels: {}
{{- end }}
values/cert-manager/manifests/policies/CiliumNetworkPolicy-allow-prometheus-metrics.yaml
+2
View File
@@ -1,3 +1,4 @@
{{- if .Values.clusterConfig.cilium.enabled }}
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
@@ -16,3 +17,4 @@ spec:
- ports:
- port: "9402"
protocol: TCP
{{- end }}
values/cert-manager/manifests/policies/CiliumNetworkPolicy-allow-world-traffic.yaml
+2
View File
@@ -1,3 +1,4 @@
{{- if .Values.clusterConfig.cilium.enabled }}
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
@@ -10,3 +11,4 @@ spec:
- world
endpointSelector:
matchLabels: {}
{{- end }}
values/cilium/cilium-manifests/dashboards/cilium-policy-verdicts.yaml
+2
View File
@@ -1,3 +1,4 @@
{{- if .Values.clusterConfig.cilium.enabled }}
apiVersion: v1
kind: ConfigMap
metadata:
@@ -1112,3 +1113,4 @@ data:
"version": 1,
"weekStart": ""
}
{{- end }}
values/cilium/cilium-manifests/loadbalancer.yaml
+2
View File
@@ -1,3 +1,4 @@
{{- if .Values.clusterConfig.cilium.enabled }}
{{if .Values.cilium.loadbalancerPool.enabled }}
apiVersion: "cilium.io/v2alpha1"
kind: CiliumLoadBalancerIPPool
@@ -21,3 +22,4 @@ spec:
externalIPs: true
loadBalancerIPs: true
{{- end}}
{{- end }}
values/cilium/cilium-manifests/policies/CiliumClusterwideNetworkPolicy-cilium-health-checks.yaml
+2
View File
@@ -1,3 +1,4 @@
{{- if .Values.clusterConfig.cilium.enabled }}
apiVersion: cilium.io/v2
kind: CiliumClusterwideNetworkPolicy
metadata:
@@ -13,3 +14,4 @@ spec:
ingress:
- fromEntities:
- remote-node
{{- end }}
values/cilium/spire-manifests/CiliumNetworkPolicy-allow-api-server.yaml
+2
View File
@@ -1,3 +1,4 @@
{{- if .Values.clusterConfig.cilium.enabled }}
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
@@ -13,3 +14,4 @@ spec:
protocol: TCP
endpointSelector:
matchLabels: {}
{{- end }}
values/cilium/spire-manifests/CiliumNetworkPolicy-allow-remote-node-to-server.yaml
+2
View File
@@ -1,3 +1,4 @@
{{- if .Values.clusterConfig.cilium.enabled }}
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
@@ -13,3 +14,4 @@ spec:
- ports:
- port: "8081"
protocol: TCP
{{- end }}
values/csi-addons-system/manifests/allow-9070-host.yaml
+2
View File
@@ -1,3 +1,4 @@
{{- if .Values.clusterConfig.cilium.enabled }}
apiVersion: "cilium.io/v2"
kind: CiliumNetworkPolicy
metadata:
@@ -26,3 +27,4 @@ spec:
- toEntities:
- remote-node
endpointSelector: {}
{{- end }}
values/dapr/manifests/network/allow-api-server.yaml
+2
View File
@@ -1,3 +1,4 @@
{{- if .Values.clusterConfig.cilium.enabled }}
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
@@ -13,3 +14,4 @@ spec:
- ports:
- port: "6443"
protocol: TCP
{{- end }}
values/dapr/manifests/network/allow-remote-node.yaml
+2
View File
@@ -1,3 +1,4 @@
{{- if .Values.clusterConfig.cilium.enabled }}
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
@@ -14,3 +15,4 @@ spec:
- ports:
- port: "4000"
protocol: TCP
{{- end }}
values/ingress-nginx/manifests/policies/CiliumNetworkPolicy-allow-host-traffic.yaml
+2
View File
@@ -1,3 +1,4 @@
{{- if .Values.clusterConfig.cilium.enabled }}
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
@@ -12,3 +13,4 @@ spec:
matchLabels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: ingress-nginx
{{- end }}
values/ingress-nginx/manifests/policies/CiliumNetworkPolicy-allow-hubble-traffic.yaml
+2
View File
@@ -1,3 +1,4 @@
{{- if .Values.clusterConfig.cilium.enabled }}
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
@@ -12,3 +13,4 @@ spec:
matchLabels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: ingress-nginx
{{- end }}
values/ingress-nginx/manifests/policies/CiliumNetworkPolicy-allow-prometheus-metrics.yaml
+2
View File
@@ -1,3 +1,4 @@
{{- if .Values.clusterConfig.cilium.enabled }}
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
@@ -15,3 +16,4 @@ spec:
- ports:
- port: "9913"
protocol: TCP
{{- end }}
values/ingress-nginx/manifests/policies/CiliumNetworkPolicy-allow-s3-traffic.yaml
+2
View File
@@ -1,3 +1,4 @@
{{- if .Values.clusterConfig.cilium.enabled }}
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
@@ -17,3 +18,4 @@ spec:
matchLabels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: ingress-nginx
{{- end }}
values/ingress-nginx/manifests/policies/CiliumNetworkPolicy-allow-world-to-ingress-nginx.yaml
+2
View File
@@ -1,3 +1,4 @@
{{- if .Values.clusterConfig.cilium.enabled }}
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
@@ -17,3 +18,4 @@ spec:
protocol: TCP
- port: "443"
protocol: TCP
{{- end }}
values/loki/manifests/network/CiliumNetworkPolicy-allow-loki-backend-to-api-server.yaml
+2
View File
@@ -1,3 +1,4 @@
{{- if .Values.clusterConfig.cilium.enabled }}
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
@@ -16,3 +17,4 @@ spec:
matchLabels:
app.kubernetes.io/component: backend
app.kubernetes.io/instance: loki
{{- end }}
values/loki/manifests/network/CiliumNetworkPolicy-allow-prometheus-metrics.yaml
+2
View File
@@ -1,3 +1,4 @@
{{- if .Values.clusterConfig.cilium.enabled }}
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
@@ -18,3 +19,4 @@ spec:
protocol: TCP
- port: "3500"
protocol: TCP
{{- end }}
values/loki/manifests/network/CiliumNetworkPolicy-allow-promtail-to-api-server.yaml
+2
View File
@@ -1,3 +1,4 @@
{{- if .Values.clusterConfig.cilium.enabled }}
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
@@ -15,3 +16,4 @@ spec:
endpointSelector:
matchLabels:
app.kubernetes.io/instance: promtail
{{- end }}
values/loki/manifests/network/CiliumNetworkPolicy-allow-s3-traffic.yaml
+2
View File
@@ -1,3 +1,4 @@
{{- if .Values.clusterConfig.cilium.enabled }}
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
@@ -10,3 +11,4 @@ spec:
- 10.255.241.30/32
endpointSelector:
matchLabels: {}
{{- end }}
values/loki/manifests/network/CiliumNetworkPolicy-allow-s3.yaml
+2
View File
@@ -1,3 +1,4 @@
{{- if .Values.clusterConfig.cilium.enabled }}
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
@@ -12,3 +13,4 @@ spec:
endpointSelector:
matchLabels:
app.kubernetes.io/instance: loki
{{- end }}
values/loki/manifests/network/CiliumNetworkPolicy-allow-stats-grafana.yaml
+2
View File
@@ -1,3 +1,4 @@
{{- if .Values.clusterConfig.cilium.enabled }}
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
@@ -11,3 +12,4 @@ spec:
endpointSelector:
matchLabels:
app.kubernetes.io/instance: loki
{{- end }}
values/opentelemetry-collector/manifests/network/CiliumNetworkPolicy-allow-otel-collector-loadbalancer-ingress.yaml
+2
View File
@@ -1,3 +1,4 @@
{{- if .Values.clusterConfig.cilium.enabled }}
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
@@ -11,3 +12,4 @@ spec:
ingress:
- fromEntities:
- world
{{- end }}
values/plausible/manifests/network/CiliumNetworkPolicy-allow-ext.yaml
+3 -1
View File
@@ -1,3 +1,4 @@
{{- if .Values.clusterConfig.cilium.enabled }}
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
@@ -11,4 +12,5 @@ spec:
- matchName: raw.githubusercontent.com
endpointSelector:
matchLabels:
app.kubernetes.io/name: plausible-analytics
app.kubernetes.io/name: plausible-analytics
{{- end }}
values/plausible/manifests/network/CiliumNetworkPolicy-allow-gravatar.yaml
+3 -1
View File
@@ -1,3 +1,4 @@
{{- if .Values.clusterConfig.cilium.enabled }}
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
@@ -12,4 +13,5 @@ spec:
- matchName: www.gravatar.com
endpointSelector:
matchLabels:
app.kubernetes.io/name: plausible-analytics
app.kubernetes.io/name: plausible-analytics
{{- end }}
values/postgres-operator/manifests/policies/CiliumNetworkPolicy-allow-api-server.yaml
+2
View File
@@ -1,3 +1,4 @@
{{- if .Values.clusterConfig.cilium.enabled }}
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
@@ -14,3 +15,4 @@ spec:
endpointSelector:
matchLabels:
app.kubernetes.io/instance: postgres-operator
{{- end }}
values/postgres-operator/manifests/policies/CiliumNetworkPolicy-allow-remote-node-webhooks.yaml
+2
View File
@@ -1,3 +1,4 @@
{{- if .Values.clusterConfig.cilium.enabled }}
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
@@ -13,3 +14,4 @@ spec:
- ports:
- port: "9443"
protocol: TCP
{{- end }}
values/prometheus/manifests/policies/CiliumNetworkPolicy-allow-alerting.yaml
+2
View File
@@ -1,3 +1,4 @@
{{- if .Values.clusterConfig.cilium.enabled }}
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
@@ -11,3 +12,4 @@ spec:
endpointSelector:
matchLabels:
app.kubernetes.io/instance: prom-alertmanager
{{- end }}
values/prometheus/manifests/policies/CiliumNetworkPolicy-allow-alertmanager-ingress.yaml
+2
View File
@@ -1,3 +1,4 @@
{{- if .Values.clusterConfig.cilium.enabled }}
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
@@ -12,3 +13,4 @@ spec:
- fromEndpoints:
- matchLabels:
io.kubernetes.pod.namespace: ingress-nginx
{{- end }}
values/prometheus/manifests/policies/CiliumNetworkPolicy-allow-dns-metrics.yaml
+2
View File
@@ -1,3 +1,4 @@
{{- if .Values.clusterConfig.cilium.enabled }}
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
@@ -13,3 +14,4 @@ spec:
endpointSelector:
matchLabels:
app.kubernetes.io/name: prometheus
{{- end }}
values/prometheus/manifests/policies/CiliumNetworkPolicy-allow-etcd-metrics.yaml
+2
View File
@@ -1,3 +1,4 @@
{{- if .Values.clusterConfig.cilium.enabled }}
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
@@ -13,3 +14,4 @@ spec:
endpointSelector:
matchLabels:
app.kubernetes.io/name: prometheus
{{- end }}
values/prometheus/manifests/policies/CiliumNetworkPolicy-allow-grafana-ingress.yaml
+2
View File
@@ -1,3 +1,4 @@
{{- if .Values.clusterConfig.cilium.enabled }}
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
@@ -12,3 +13,4 @@ spec:
- fromEndpoints:
- matchLabels:
io.kubernetes.pod.namespace: ingress-nginx
{{- end }}
values/prometheus/manifests/policies/CiliumNetworkPolicy-allow-grafana-oidc-login.yaml
+2
View File
@@ -1,3 +1,4 @@
{{- if .Values.clusterConfig.cilium.enabled }}
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
@@ -14,3 +15,4 @@ spec:
endpointSelector:
matchLabels:
app.kubernetes.io/name: grafana
{{- end }}
values/prometheus/manifests/policies/CiliumNetworkPolicy-allow-grafana-plugins.yaml
+2
View File
@@ -1,3 +1,4 @@
{{- if .Values.clusterConfig.cilium.enabled }}
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
@@ -13,3 +14,4 @@ spec:
endpointSelector:
matchLabels:
app.kubernetes.io/name: grafana
{{- end }}
values/prometheus/manifests/policies/CiliumNetworkPolicy-allow-grafana-secure-gravatar.yaml
+2
View File
@@ -1,3 +1,4 @@
{{- if .Values.clusterConfig.cilium.enabled }}
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
@@ -12,3 +13,4 @@ spec:
endpointSelector:
matchLabels:
app.kubernetes.io/name: grafana
{{- end }}
values/prometheus/manifests/policies/CiliumNetworkPolicy-allow-host-traffic.yaml
+2
View File
@@ -1,3 +1,4 @@
{{- if .Values.clusterConfig.cilium.enabled }}
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
@@ -12,3 +13,4 @@ spec:
- kube-apiserver
endpointSelector:
matchLabels: {}
{{- end }}
values/prometheus/manifests/policies/CiliumNetworkPolicy-allow-nginx-ingress.yaml
+2
View File
@@ -1,3 +1,4 @@
{{- if .Values.clusterConfig.cilium.enabled }}
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
@@ -12,3 +13,4 @@ spec:
- fromEndpoints:
- matchLabels:
io.kubernetes.pod.namespace: ingress-nginx
{{- end }}
values/prometheus/manifests/policies/CiliumNetworkPolicy-allow-opencost-scrape.yaml
+2
View File
@@ -1,3 +1,4 @@
{{- if .Values.clusterConfig.cilium.enabled }}
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
@@ -17,3 +18,4 @@ spec:
- ports:
- port: "9090"
protocol: TCP
{{- end }}
values/prometheus/manifests/policies/CiliumNetworkPolicy-allow-remote-node-to-metrics-server.yaml
+2
View File
@@ -1,3 +1,4 @@
{{- if .Values.clusterConfig.cilium.enabled }}
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
@@ -11,3 +12,4 @@ spec:
ingress:
- fromEntities:
- remote-node
{{- end }}
values/prometheus/manifests/policies/CiliumNetworkPolicy-allow-remote-node-to-webhook.yaml
+2
View File
@@ -1,3 +1,4 @@
{{- if .Values.clusterConfig.cilium.enabled }}
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
@@ -11,3 +12,4 @@ spec:
ingress:
- fromEntities:
- remote-node
{{- end }}
values/prometheus/manifests/policies/CiliumNetworkPolicy-allow-robusta-ingress.yaml
+2
View File
@@ -1,3 +1,4 @@
{{- if .Values.clusterConfig.cilium.enabled }}
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
@@ -12,3 +13,4 @@ spec:
- fromEndpoints:
- matchLabels:
io.kubernetes.pod.namespace: robusta
{{- end }}
values/prometheus/manifests/policies/CiliumNetworkPolicy-allow-slack.yaml
+2
View File
@@ -1,3 +1,4 @@
{{- if .Values.clusterConfig.cilium.enabled }}
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
@@ -10,3 +11,4 @@ spec:
- matchName: hooks.slack.com
endpointSelector:
matchLabels: {}
{{- end }}
values/prometheus/manifests/policies/CiliumNetworkPolicy-allow-stats-grafana.yaml
+2
View File
@@ -1,3 +1,4 @@
{{- if .Values.clusterConfig.cilium.enabled }}
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
@@ -11,3 +12,4 @@ spec:
endpointSelector:
matchLabels:
app.kubernetes.io/name: grafana
{{- end }}
values/rabbitmq/network.bak/CiliumNetworkPolicy-allow-inter-node-traffic.yaml
+2
View File
@@ -1,3 +1,4 @@
{{- if .Values.clusterConfig.cilium.enabled }}
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
@@ -50,3 +51,4 @@ spec:
- port: "35680"
- port: "35681"
- port: "35682"
{{- end }}
values/rabbitmq/network.bak/CiliumNetworkPolicy-allow-operator-traffic.yaml
+2
View File
@@ -1,3 +1,4 @@
{{- if .Values.clusterConfig.cilium.enabled }}
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
@@ -16,3 +17,4 @@ spec:
- ports:
- port: "15672"
- port: "15671"
{{- end }}
values/rabbitmq/network.bak/CiliumNetworkPolicy-allow-rabbitmq-traffic.yaml
+2
View File
@@ -1,3 +1,4 @@
{{- if .Values.clusterConfig.cilium.enabled }}
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
@@ -25,3 +26,4 @@ spec:
- port: "15675"
- port: "15692"
- port: "15691"
{{- end }}
values/rabbitmq/network.bak/policy-allow-rabbitmq.yaml
+2
View File
@@ -1,3 +1,4 @@
{{- if .Values.clusterConfig.cilium.enabled }}
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
@@ -15,3 +16,4 @@ spec:
- port: "15672"
protocol: TCP
{{- end }}
values/system/oceanbox/network/allow-azure-egress.yaml
+2
View File
@@ -1,3 +1,4 @@
{{- if .Values.clusterConfig.cilium.enabled }}
apiVersion: cilium.io/v2
kind: CiliumClusterwideNetworkPolicy
metadata:
@@ -13,3 +14,4 @@ spec:
protocol: TCP
endpointSelector: {}
{{- end }}
values/system/oceanbox/network/allow-ceph-egress.yaml
+2
View File
@@ -1,3 +1,4 @@
{{- if .Values.clusterConfig.cilium.enabled }}
apiVersion: cilium.io/v2
kind: CiliumClusterwideNetworkPolicy
metadata:
@@ -15,3 +16,4 @@ spec:
# protocol: TCP
endpointSelector: {}
{{- end }}
values/system/oceanbox/network/allow-microsoft-oidc-login.yaml
+2
View File
@@ -1,3 +1,4 @@
{{- if .Values.clusterConfig.cilium.enabled }}
apiVersion: cilium.io/v2
kind: CiliumClusterwideNetworkPolicy
metadata:
@@ -8,3 +9,4 @@ spec:
- toFQDNs:
- matchName: login.microsoftonline.com
- matchPattern: '*.microsoftonline.com'
{{- end }}
values/system/oceanbox/network/clusterpolicy-allow-api-server.yaml
+2
View File
@@ -1,3 +1,4 @@
{{- if .Values.clusterConfig.cilium.enabled }}
apiVersion: cilium.io/v2
kind: CiliumClusterwideNetworkPolicy
metadata:
@@ -8,3 +9,4 @@ spec:
egress:
- toEntities:
- kube-apiserver
{{- end }}
values/system/oceanbox/network/clusterpolicy-allow-ekman-egress.yaml
+2
View File
@@ -1,3 +1,4 @@
{{- if .Values.clusterConfig.cilium.enabled }}
apiVersion: cilium.io/v2
kind: CiliumClusterwideNetworkPolicy
metadata:
@@ -20,3 +21,4 @@ spec:
protocol: TCP
- port: "30080"
protocol: TCP
{{- end }}
values/system/oceanbox/network/clusterpolicy-allow-namespace-traffic.yaml
+2
View File
@@ -1,3 +1,4 @@
{{- if .Values.clusterConfig.cilium.enabled }}
apiVersion: cilium.io/v2
kind: CiliumClusterwideNetworkPolicy
metadata:
@@ -26,3 +27,4 @@ spec:
rules:
dns:
- matchPattern: "*"
{{- end }}
values/system/oceanbox/network/clusterpolicy-allow-oceanboxio.yaml
+2
View File
@@ -1,3 +1,4 @@
{{- if .Values.clusterConfig.cilium.enabled }}
apiVersion: cilium.io/v2
kind: CiliumClusterwideNetworkPolicy
metadata:
@@ -10,3 +11,4 @@ spec:
- matchPattern: "*oceanbox.io"
- matchPattern: "*.oceanbox.io"
{{- end }}
values/system/oceanbox/network/clusterpolicy-allow-remote-node.yaml
+2
View File
@@ -1,3 +1,4 @@
{{- if .Values.clusterConfig.cilium.enabled }}
apiVersion: cilium.io/v2
kind: CiliumClusterwideNetworkPolicy
metadata:
@@ -8,3 +9,4 @@ spec:
ingress:
- fromEntities:
- kube-apiserver
{{- end }}
values/tempo/manifests/network/CiliumNetworkPolicy-allow-api-server.yaml
+2
View File
@@ -1,3 +1,4 @@
{{- if .Values.clusterConfig.cilium.enabled }}
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
@@ -12,3 +13,4 @@ spec:
endpointSelector:
matchLabels:
app.kubernetes.io/instance: tempo
{{- end }}
values/velero/manifests/policies/CiliumNetworkPolicy-allow-api-server.yaml
+2
View File
@@ -1,3 +1,4 @@
{{- if .Values.clusterConfig.cilium.enabled }}
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
@@ -14,3 +15,4 @@ spec:
endpointSelector:
matchLabels:
app.kubernetes.io/instance: velero
{{- end }}
values/velero/manifests/policies/CiliumNetworkPolicy-allow-job-api-server.yaml
+2
View File
@@ -1,3 +1,4 @@
{{- if .Values.clusterConfig.cilium.enabled }}
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
@@ -14,3 +15,4 @@ spec:
endpointSelector:
matchLabels:
batch.kubernetes.io/job-name: velero-upgrade-crds
{{- end }}
values/velero/manifests/policies/CiliumNetworkPolicy-allow-prometheus-metrics.yaml
+2
View File
@@ -1,3 +1,4 @@
{{- if .Values.clusterConfig.cilium.enabled }}
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
@@ -15,3 +16,4 @@ spec:
- ports:
- port: "8085"
protocol: TCP
{{- end }}
values/x509-exporter/manifests/policies/CiliumNetworkPolicy-allow-api-server.yaml
+2
View File
@@ -1,3 +1,4 @@
{{- if .Values.clusterConfig.cilium.enabled }}
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
@@ -14,3 +15,4 @@ spec:
endpointSelector:
matchLabels:
app.kubernetes.io/instance: x509-exporter
{{- end }}
values/x509-exporter/manifests/policies/CiliumNetworkPolicy-allow-prometheus-metrics.yaml
+2
View File
@@ -1,3 +1,4 @@
{{- if .Values.clusterConfig.cilium.enabled }}
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
@@ -15,3 +16,4 @@ spec:
- ports:
- port: "9793"
protocol: TCP
{{- end }}