This commit is contained in:
6
.woodpecker.yml
Normal file
6
.woodpecker.yml
Normal file
@ -0,0 +1,6 @@
|
||||
steps:
|
||||
build:
|
||||
image: docker:stable
|
||||
commands:
|
||||
- env
|
||||
- echo 'docker build --build-arg="VERSION=$CI_COMMIT_SHA" -t '
|
||||
@ -1,25 +1,3 @@
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: NetworkPolicy
|
||||
metadata:
|
||||
namespace: mainscnt
|
||||
name: deny-all-but-dns
|
||||
spec:
|
||||
podSelector:
|
||||
matchLabels: {}
|
||||
policyTypes:
|
||||
- Egress
|
||||
- Ingress
|
||||
egress:
|
||||
- to:
|
||||
- namespaceSelector:
|
||||
matchLabels:
|
||||
kubernetes.io/metadata.name: kube-system
|
||||
ports:
|
||||
- protocol: UDP
|
||||
port: 53
|
||||
- protocol: TCP
|
||||
port: 53
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
@ -28,7 +6,7 @@ metadata:
|
||||
labels:
|
||||
app: sinkserver
|
||||
spec:
|
||||
replicas: 3
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app: sinkserver
|
||||
@ -70,72 +48,3 @@ spec:
|
||||
- protocol: UDP
|
||||
port: 20169
|
||||
targetPort: 20169
|
||||
---
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: NetworkPolicy
|
||||
metadata:
|
||||
name: allow-database-sinkserver
|
||||
namespace: database
|
||||
spec:
|
||||
podSelector:
|
||||
matchLabels:
|
||||
app: timescaledb
|
||||
policyTypes:
|
||||
- Ingress
|
||||
ingress:
|
||||
- from:
|
||||
- podSelector:
|
||||
matchLabels:
|
||||
app: sinkserver
|
||||
- namespaceSelector:
|
||||
matchLabels:
|
||||
kubernetes.io/metadata.name: mainscnt
|
||||
ports:
|
||||
- protocol: TCP
|
||||
port: 5432
|
||||
---
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: NetworkPolicy
|
||||
metadata:
|
||||
name: allow-sinkserver-database
|
||||
namespace: mainscnt
|
||||
spec:
|
||||
podSelector:
|
||||
matchLabels:
|
||||
app: sinkserver
|
||||
policyTypes:
|
||||
- Egress
|
||||
egress:
|
||||
- to:
|
||||
- podSelector:
|
||||
matchLabels:
|
||||
app: timescaledb
|
||||
- namespaceSelector:
|
||||
matchLabels:
|
||||
kubernetes.io/metadata.name: database
|
||||
ports:
|
||||
- protocol: TCP
|
||||
port: 5432
|
||||
---
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: NetworkPolicy
|
||||
metadata:
|
||||
name: allow-sinkserver-ingress
|
||||
namespace: mainscnt
|
||||
spec:
|
||||
podSelector:
|
||||
matchLabels:
|
||||
app: sinkserver
|
||||
policyTypes:
|
||||
- Ingress
|
||||
ingress:
|
||||
- from:
|
||||
- ipBlock:
|
||||
cidr: 0.0.0.0/0
|
||||
ports:
|
||||
- protocol: UDP
|
||||
port: 20169
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
@ -1,4 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: mainscnt
|
||||
Reference in New Issue
Block a user