imfreedom/k8s-cluster

Add additional NetworkPolicies to all other services

2019-09-25, Gary Kramlich
285b647aea94
Parents 39e1eb69027a
Children e66d37205a07
Add additional NetworkPolicies to all other services
4 files changed, 127 insertions(+), 30 deletions(-)
  • +25 -1
    50-carrier.pidgin.im.yaml
  • +38 -14
    50-data.imfreedom.org.yaml
  • +25 -1
    50-nest.pidgin.im.yaml
  • +39 -14
    50-reaperworld.com.yaml
    • --- a/50-carrier.pidgin.im.yaml Wed Sep 25 02:42:16 2019 -0500
    +++ b/50-carrier.pidgin.im.yaml Wed Sep 25 02:59:19 2019 -0500
    @@ -44,9 +44,9 @@
    kind: Service
    metadata:
    namespace: pidgin
    + name: carrier
    labels:
    app: carrier
    - name: carrier
    spec:
    ports:
    - port: 3333
    @@ -54,6 +54,30 @@
    selector:
    app: carrier
    ---
    +apiVersion: networking.k8s.io/v1
    +kind: NetworkPolicy
    +metadata:
    + namespace: pidgin
    + name: carrier
    + labels:
    + app: carrier
    +spec:
    + podSelector:
    + matchLabels:
    + app: carrier
    + ingress:
    + - from:
    + - namespaceSelector:
    + matchLabels:
    + name: kube-public
    + podSelector:
    + matchLabels:
    + app: ingress
    + role: controller
    + ports:
    + - port: 3333
    + protocol: TCP
    +---
    apiVersion: apps/v1
    kind: Deployment
    metadata:
    --- a/50-data.imfreedom.org.yaml Wed Sep 25 02:42:16 2019 -0500
    +++ b/50-data.imfreedom.org.yaml Wed Sep 25 02:59:19 2019 -0500
    @@ -24,20 +24,6 @@
    - data.imfreedom.org
    secretName: data-tls
    ---
    -apiVersion: v1
    -kind: Service
    -metadata:
    - namespace: imfreedom
    - labels:
    - app: data
    - name: data
    -spec:
    - ports:
    - - port: 9000
    - protocol: TCP
    - selector:
    - app: data
    ----
    apiVersion: certmanager.k8s.io/v1alpha1
    kind: Certificate
    metadata:
    @@ -57,6 +43,44 @@
    domains:
    - data.imfreedom.org
    ---
    +apiVersion: v1
    +kind: Service
    +metadata:
    + namespace: imfreedom
    + name: data
    + labels:
    + app: data
    +spec:
    + ports:
    + - port: 9000
    + protocol: TCP
    + selector:
    + app: data
    +---
    +apiVersion: networking.k8s.io/v1
    +kind: NetworkPolicy
    +metadata:
    + namespace: imfreedom
    + name: data
    + labels:
    + app: data
    +spec:
    + podSelector:
    + matchLabels:
    + app: data
    + ingress:
    + - from:
    + - namespaceSelector:
    + matchLabels:
    + name: kube-public
    + podSelector:
    + matchLabels:
    + app: ingress
    + role: controller
    + ports:
    + - port: 9000
    + protocol: TCP
    +---
    apiVersion: apps/v1
    kind: Deployment
    metadata:
    --- a/50-nest.pidgin.im.yaml Wed Sep 25 02:42:16 2019 -0500
    +++ b/50-nest.pidgin.im.yaml Wed Sep 25 02:59:19 2019 -0500
    @@ -46,9 +46,9 @@
    kind: Service
    metadata:
    namespace: pidgin
    + name: nest
    labels:
    app: nest
    - name: nest
    spec:
    ports:
    - port: 3000
    @@ -56,6 +56,30 @@
    selector:
    app: nest
    ---
    +apiVersion: networking.k8s.io/v1
    +kind: NetworkPolicy
    +metadata:
    + namespace: pidgin
    + name: nest
    + labels:
    + app: nest
    +spec:
    + podSelector:
    + matchLabels:
    + app: nest
    + ingress:
    + - from:
    + - namespaceSelector:
    + matchLabels:
    + name: kube-public
    + podSelector:
    + matchLabels:
    + app: ingress
    + role: controller
    + ports:
    + - port: 3000
    + protocol: TCP
    +---
    apiVersion: apps/v1
    kind: Deployment
    metadata:
    --- a/50-reaperworld.com.yaml Wed Sep 25 02:42:16 2019 -0500
    +++ b/50-reaperworld.com.yaml Wed Sep 25 02:59:19 2019 -0500
    @@ -1,3 +1,4 @@
    +---
    apiVersion: extensions/v1beta1
    kind: Ingress
    metadata:
    @@ -31,20 +32,6 @@
    - www.reaperworld.com
    secretName: www-tls
    ---
    -apiVersion: v1
    -kind: Service
    -metadata:
    - namespace: reaperworld
    - labels:
    - app: www
    - name: www
    -spec:
    - ports:
    - - port: 80
    - protocol: TCP
    - selector:
    - app: www
    ----
    apiVersion: certmanager.k8s.io/v1alpha1
    kind: Certificate
    metadata:
    @@ -66,6 +53,44 @@
    - reaperworld.com
    - www.reaperworld.com
    ---
    +apiVersion: v1
    +kind: Service
    +metadata:
    + namespace: reaperworld
    + name: www
    + labels:
    + app: www
    +spec:
    + ports:
    + - port: 80
    + protocol: TCP
    + selector:
    + app: www
    +---
    +apiVersion: networking.k8s.io/v1
    +kind: NetworkPolicy
    +metadata:
    + namespace: reaperworld
    + name: www
    + labels:
    + app: www
    +spec:
    + podSelector:
    + matchLabels:
    + app: www
    + ingress:
    + - from:
    + - namespaceSelector:
    + matchLabels:
    + name: kube-public
    + podSelector:
    + matchLabels:
    + app: ingress
    + role: controller
    + ports:
    + - port: 80
    + protocol: TCP
    +---
    apiVersion: apps/v1
    kind: Deployment
    metadata: