From b77d8da90ee4846db0d64854a09eec875d66d1a5 Mon Sep 17 00:00:00 2001 From: Wolfgang Hottgenroth Date: Sun, 15 Oct 2023 16:57:28 +0200 Subject: [PATCH] initial --- namespace.yml | 4 ++ sinkserver/deploy.yml | 141 ++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 145 insertions(+) create mode 100644 namespace.yml create mode 100644 sinkserver/deploy.yml diff --git a/namespace.yml b/namespace.yml new file mode 100644 index 0000000..faf72f5 --- /dev/null +++ b/namespace.yml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: mainscnt diff --git a/sinkserver/deploy.yml b/sinkserver/deploy.yml new file mode 100644 index 0000000..ef33396 --- /dev/null +++ b/sinkserver/deploy.yml @@ -0,0 +1,141 @@ +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + namespace: mainscnt + name: deny-all-but-dns +spec: + podSelector: + matchLabels: {} + policyTypes: + - Egress + - Ingress + egress: + - to: + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: kube-system + ports: + - protocol: UDP + port: 53 + - protocol: TCP + port: 53 +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: sinkserver + namespace: mainscnt + labels: + app: sinkserver +spec: + replicas: 3 + selector: + matchLabels: + app: sinkserver + template: + metadata: + labels: + app: sinkserver + spec: + containers: + - name: sinkserver + image: wollud1969/sinkserver:e5f9d3e3 + ports: + - containerPort: 20169 + protocol: UDP + env: + - name: PGHOST + valueFrom: + configMapKeyRef: + name: sinkserver-config + key: dbhost + - name: PGPASSWORD + valueFrom: + secretKeyRef: + name: sinkserver-secret + key: dbpass +--- +apiVersion: v1 +kind: Service +metadata: + name: sinkserver + namespace: mainscnt + labels: + app: sinkserver +spec: + type: LoadBalancer + selector: + app: sinkserver + ports: + - protocol: UDP + port: 20169 + targetPort: 20169 +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: allow-database-sinkserver + namespace: database +spec: + podSelector: + matchLabels: + app: timescaledb + policyTypes: + - Ingress + ingress: + - from: + - podSelector: + matchLabels: + app: sinkserver + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: mainscnt + ports: + - protocol: TCP + port: 5432 +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: allow-sinkserver-database + namespace: mainscnt +spec: + podSelector: + matchLabels: + app: sinkserver + policyTypes: + - Egress + egress: + - to: + - podSelector: + matchLabels: + app: timescaledb + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: database + ports: + - protocol: TCP + port: 5432 +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: allow-sinkserver-ingress + namespace: mainscnt +spec: + podSelector: + matchLabels: + app: sinkserver + policyTypes: + - Ingress + ingress: + - from: + - ipBlock: + cidr: 0.0.0.0/0 + ports: + - protocol: UDP + port: 20169 + + + +