platform/manifests
1
1
Fork 0
Code Issues 7 Pull Requests 6 Actions Packages Projects Releases Wiki Activity

fix: add cilium cluster feature guards to network policies

Browse Source
This commit is contained in:
Jonas Juselius
2025-06-24 14:26:03 +02:00
parent 4cff341fb0
commit d5e0da1692
78 changed files with 158 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
values/system/oceanbox/network/allow-azure-egress.yaml
+2
View File
@@ -1,3 +1,4 @@
{{- if .Values.clusterConfig.cilium.enabled }}
apiVersion: cilium.io/v2
kind: CiliumClusterwideNetworkPolicy
metadata:
@@ -13,3 +14,4 @@ spec:
protocol: TCP
endpointSelector: {}
{{- end }}
values/system/oceanbox/network/allow-ceph-egress.yaml
+2
View File
@@ -1,3 +1,4 @@
{{- if .Values.clusterConfig.cilium.enabled }}
apiVersion: cilium.io/v2
kind: CiliumClusterwideNetworkPolicy
metadata:
@@ -15,3 +16,4 @@ spec:
# protocol: TCP
endpointSelector: {}
{{- end }}
values/system/oceanbox/network/allow-microsoft-oidc-login.yaml
+2
View File
@@ -1,3 +1,4 @@
{{- if .Values.clusterConfig.cilium.enabled }}
apiVersion: cilium.io/v2
kind: CiliumClusterwideNetworkPolicy
metadata:
@@ -8,3 +9,4 @@ spec:
- toFQDNs:
- matchName: login.microsoftonline.com
- matchPattern: '*.microsoftonline.com'
{{- end }}
values/system/oceanbox/network/clusterpolicy-allow-api-server.yaml
+2
View File
@@ -1,3 +1,4 @@
{{- if .Values.clusterConfig.cilium.enabled }}
apiVersion: cilium.io/v2
kind: CiliumClusterwideNetworkPolicy
metadata:
@@ -8,3 +9,4 @@ spec:
egress:
- toEntities:
- kube-apiserver
{{- end }}
values/system/oceanbox/network/clusterpolicy-allow-ekman-egress.yaml
+2
View File
@@ -1,3 +1,4 @@
{{- if .Values.clusterConfig.cilium.enabled }}
apiVersion: cilium.io/v2
kind: CiliumClusterwideNetworkPolicy
metadata:
@@ -20,3 +21,4 @@ spec:
protocol: TCP
- port: "30080"
protocol: TCP
{{- end }}
values/system/oceanbox/network/clusterpolicy-allow-namespace-traffic.yaml
+2
View File
@@ -1,3 +1,4 @@
{{- if .Values.clusterConfig.cilium.enabled }}
apiVersion: cilium.io/v2
kind: CiliumClusterwideNetworkPolicy
metadata:
@@ -26,3 +27,4 @@ spec:
rules:
dns:
- matchPattern: "*"
{{- end }}
values/system/oceanbox/network/clusterpolicy-allow-oceanboxio.yaml
+2
View File
@@ -1,3 +1,4 @@
{{- if .Values.clusterConfig.cilium.enabled }}
apiVersion: cilium.io/v2
kind: CiliumClusterwideNetworkPolicy
metadata:
@@ -10,3 +11,4 @@ spec:
- matchPattern: "*oceanbox.io"
- matchPattern: "*.oceanbox.io"
{{- end }}
values/system/oceanbox/network/clusterpolicy-allow-remote-node.yaml
+2
View File
@@ -1,3 +1,4 @@
{{- if .Values.clusterConfig.cilium.enabled }}
apiVersion: cilium.io/v2
kind: CiliumClusterwideNetworkPolicy
metadata:
@@ -8,3 +9,4 @@ spec:
ingress:
- fromEntities:
- kube-apiserver
{{- end }}