Skip to content
Snippets Groups Projects
Commit 651b9a9c authored by Pierre Ozoux's avatar Pierre Ozoux
Browse files

Fixes networkploicies.

parent 64db0f8e
No related branches found
No related tags found
No related merge requests found
#!/bin/bash -eu
for NS in `kubectl get ns -A --no-headers -o custom-columns=":metadata.name"`; do
echo $NS
kubectl label --overwrite ns/$NS name=$NS
done
#!/bin/bash -eu
for NS in `kubectl get ns -A --no-headers -o custom-columns=":metadata.name"`; do
echo $NS
kubectl -n $NS label --overwrite rs -l app.kubernetes.io/name=hedgedoc app.kubernetes.io/component=app
kubectl -n $NS label --overwrite po -l app.kubernetes.io/name=hedgedoc app.kubernetes.io/component=app
done
#!/bin/bash -eux
for NS in `kubectl get ns --no-headers -o custom-columns=":metadata.name" -l libre.sh/scope=user`; do
kubctl -n ${NS} delete networkpolicies allow-from-ingress-namespace
cat "/root/domains/common/networkpolicies.yml" | envsubst '$NS' | kubectl -n ${NS} diff -f -
done
#!/bin/bash -eux
for NS in `kubectl get ns --no-headers -o custom-columns=":metadata.name" | grep -v "cert-manager\|default\|kube\|flux-system\|ingress\|operator\|monitoring"`; do
kubectl label ns $NS libre.sh/scope=user
done
for NS in `kubectl get ns --no-headers -o custom-columns=":metadata.name" | grep "cert-manager\|default\|kube\|flux-system\|ingress\|operator\|monitoring"`; do
kubectl label ns $NS libre.sh/scope=system
done
kind: NetworkPolicy
apiVersion: networking.k8s.io/v1
metadata:
name: allow-from-ingress-namespace
name: allow-from-pg-operator-to-pg
spec:
podSelector:
matchLabels:
app.kubernetes.io/component: web
application: spilo
ingress:
- from:
- namespaceSelector:
matchLabels:
name: ingress
name: postgres-operator
---
kind: NetworkPolicy
apiVersion: networking.k8s.io/v1
metadata:
name: allow-to-web-pods
spec:
podSelector:
matchLabels:
app.kubernetes.io/component: app
ingress:
- {}
---
kind: NetworkPolicy
apiVersion: networking.k8s.io/v1
metadata:
name: allow-to-app-pods
spec:
podSelector:
matchLabels:
app.kubernetes.io/component: web
ingress:
- {}
---
kind: NetworkPolicy
apiVersion: networking.k8s.io/v1
......@@ -19,7 +41,10 @@ metadata:
spec:
podSelector: {}
ingress:
- {}
- from:
- namespaceSelector:
matchLabels:
name: ${NS}
policyTypes:
- Ingress
---
......
......@@ -19,7 +19,9 @@ function create_buckets_for_gitlab() {
function create_ns() {
mkdir -p /root/domains/${NS}
kubectl create ns ${NS} || true
kubectl -n ${NS} apply -f /root/domains/common/networkpolicies.yml
kubectl label ns $NS libre.sh/scope=user
kubectl label ns/$NS name=$NS
cat "/root/domains/common/networkpolicies.yml" | envsubst '$NS' | kubectl -n ${NS} apply -f -
}
function pg_zero_lag() {
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment