mrtz
1bb720840d
Move most of helmfiles into temp to test only velero. File structure: ```bash / ├── helmfile.d/ # Helmfiles, *.yaml.gotmpl ├── charts/ # Our own charts, e.g `Atlantis` ├── values # Values for helmfiles │ ├── <chart> │ │ ├── values.yaml.gotmpl # Values to be templated in `values/` │ │ ├── kustomize # Kustomizations per environment │ │ ├── manifests # Raw manifests │ │ │ ├── <chart>.yaml # Argo App for bootstrap │ │ │ ├── dashboards # Grafana dashboards │ │ │ │ └── <chart>-metrics.yaml │ │ │ └── policies # Cilium and Kyverno policies │ │ │ ├── CiliumNetworkPolicy-allow-api-server.yaml │ │ │ └── KyvernoPolicy-regred-secret.yaml │ │ └── values # Values for each environment │ │ ├── <chart>-staging.yaml.gotmpl # Values for staging environment │ │ ├── <chart>-prod.yaml.gotmpl # Values for prod environment │ │ └── <chart>.yaml.gotmpl # Standard values for all environments │ │ │ ├── values.yaml # Standard values for all cluster │ ├── values-oceanbox.yaml # Values overrides for oceanbox │ ├── values-ekman.yaml # Values overrides for ekman ```
15 lines
355 B
YAML
15 lines
355 B
YAML
apiVersion: cilium.io/v2
|
|
kind: CiliumNetworkPolicy
|
|
metadata:
|
|
name: allow-hubble-traffic
|
|
namespace: ingress-nginx
|
|
spec:
|
|
egress:
|
|
- toFQDNs:
|
|
- matchPattern: hubble.*.*.*
|
|
- matchPattern: hubble.*.*.*.*
|
|
endpointSelector:
|
|
matchLabels:
|
|
app.kubernetes.io/component: controller
|
|
app.kubernetes.io/instance: ingress-nginx
|