imfreedom/k8s-cluster

Add network policies for all the docs pods

2019-09-25, Gary Kramlich
02c6a2ff1647
Parents a4f1885a042a
Children 39e1eb69027a
Add network policies for all the docs pods
1 files changed, 163 insertions(+), 6 deletions(-)
  • +163 -6
    50-docs.pidgin.im.yaml
    • --- a/50-docs.pidgin.im.yaml Wed Sep 25 02:14:22 2019 -0500
    +++ b/50-docs.pidgin.im.yaml Wed Sep 25 02:31:34 2019 -0500
    @@ -1,5 +1,6 @@
    # this manifest contains an ingress that does path based matching to route to
    # individual services that are runnings the docs via a simple http server.
    +---
    apiVersion: extensions/v1beta1
    kind: Ingress
    metadata:
    @@ -75,10 +76,10 @@
    kind: Service
    metadata:
    namespace: pidgin
    + name: docs-gplugin-latest
    labels:
    app: gplugin
    version: latest
    - name: docs-gplugin-latest
    spec:
    ports:
    - port: 3000
    @@ -87,6 +88,32 @@
    app: gplugin
    version: latest
    ---
    +apiVersion: networking.k8s.io/v1
    +kind: NetworkPolicy
    +metadata:
    + namespace: pidgin
    + name: docs-gplugin-latest
    + labels:
    + app: gplugin
    + version: latest
    +spec:
    + podSelector:
    + matchLabels:
    + app: gplugin
    + version: latest
    + ingress:
    + - from:
    + - namespaceSelector:
    + matchLabels:
    + name: kube-public
    + podSelector:
    + matchLabels:
    + app: ingress
    + role: controller
    + ports:
    + - port: 3000
    + protocol: TCP
    +---
    apiVersion: apps/v1
    kind: Deployment
    metadata:
    @@ -141,10 +168,10 @@
    kind: Service
    metadata:
    namespace: pidgin
    + name: docs-gplugin-gtk-latest
    labels:
    app: gplugin-gtk
    version: latest
    - name: docs-gplugin-gtk-latest
    spec:
    ports:
    - port: 3000
    @@ -153,6 +180,32 @@
    app: gplugin-gtk
    version: latest
    ---
    +apiVersion: networking.k8s.io/v1
    +kind: NetworkPolicy
    +metadata:
    + namespace: pidgin
    + name: docs-gplugin-gtk-latest
    + labels:
    + app: gplugin-gtk
    + version: latest
    +spec:
    + podSelector:
    + matchLabels:
    + app: gplugin-gtk
    + version: latest
    + ingress:
    + - from:
    + - namespaceSelector:
    + matchLabels:
    + name: kube-public
    + podSelector:
    + matchLabels:
    + app: ingress
    + role: controller
    + ports:
    + - port: 3000
    + protocol: TCP
    +---
    apiVersion: apps/v1
    kind: Deployment
    metadata:
    @@ -207,10 +260,10 @@
    kind: Service
    metadata:
    namespace: pidgin
    + name: docs-libgnt-latest
    labels:
    app: libgnt
    version: latest
    - name: docs-libgnt-latest
    spec:
    ports:
    - port: 3000
    @@ -219,6 +272,32 @@
    app: libgnt
    version: latest
    ---
    +apiVersion: networking.k8s.io/v1
    +kind: NetworkPolicy
    +metadata:
    + namespace: pidgin
    + name: docs-libgnt-latest
    + labels:
    + app: libgnt
    + version: latest
    +spec:
    + podSelector:
    + matchLabels:
    + app: libgnt
    + version: latest
    + ingress:
    + - from:
    + - namespaceSelector:
    + matchLabels:
    + name: kube-public
    + podSelector:
    + matchLabels:
    + app: ingress
    + role: controller
    + ports:
    + - port: 3000
    + protocol: TCP
    +---
    apiVersion: apps/v1
    kind: Deployment
    metadata:
    @@ -273,10 +352,10 @@
    kind: Service
    metadata:
    namespace: pidgin
    + name: docs-libgnt-next
    labels:
    app: libgnt
    version: next
    - name: docs-libgnt-next
    spec:
    ports:
    - port: 3000
    @@ -285,6 +364,32 @@
    app: libgnt
    version: next
    ---
    +apiVersion: networking.k8s.io/v1
    +kind: NetworkPolicy
    +metadata:
    + namespace: pidgin
    + name: docs-libgnt-next
    + labels:
    + app: libgnt
    + version: next
    +spec:
    + podSelector:
    + matchLabels:
    + app: libgnt
    + version: next
    + ingress:
    + - from:
    + - namespaceSelector:
    + matchLabels:
    + name: kube-public
    + podSelector:
    + matchLabels:
    + app: ingress
    + role: controller
    + ports:
    + - port: 3000
    + protocol: TCP
    +---
    apiVersion: apps/v1
    kind: Deployment
    metadata:
    @@ -339,10 +444,10 @@
    kind: Service
    metadata:
    namespace: pidgin
    + name: docs-pidgin-2-x-y
    labels:
    app: pidgin
    version: 2.x.y
    - name: docs-pidgin-2-x-y
    spec:
    ports:
    - port: 3000
    @@ -351,6 +456,32 @@
    app: pidgin
    version: 2.x.y
    ---
    +apiVersion: networking.k8s.io/v1
    +kind: NetworkPolicy
    +metadata:
    + namespace: pidgin
    + name: docs-pidgin-2-x-y
    + labels:
    + app: pidgin
    + version: 2.x.y
    +spec:
    + podSelector:
    + matchLabels:
    + app: pidgin
    + version: 2.x.y
    + ingress:
    + - from:
    + - namespaceSelector:
    + matchLabels:
    + name: kube-public
    + podSelector:
    + matchLabels:
    + app: ingress
    + role: controller
    + ports:
    + - port: 3000
    + protocol: TCP
    +---
    apiVersion: apps/v1
    kind: Deployment
    metadata:
    @@ -405,10 +536,10 @@
    kind: Service
    metadata:
    namespace: pidgin
    + name: docs-talkatu-latest
    labels:
    app: talkatu
    version: latest
    - name: docs-talkatu-latest
    spec:
    ports:
    - port: 3000
    @@ -417,6 +548,32 @@
    app: talkatu
    version: latest
    ---
    +apiVersion: networking.k8s.io/v1
    +kind: NetworkPolicy
    +metadata:
    + namespace: pidgin
    + name: docs-talkatu-latest
    + labels:
    + app: talkatu
    + version: latest
    +spec:
    + podSelector:
    + matchLabels:
    + app: talkatu
    + version: latest
    + ingress:
    + - from:
    + - namespaceSelector:
    + matchLabels:
    + name: kube-public
    + podSelector:
    + matchLabels:
    + app: ingress
    + role: controller
    + ports:
    + - port: 3000
    + protocol: TCP
    +---
    apiVersion: apps/v1
    kind: Deployment
    metadata: