From 07eddcdb42680f1e0429d76a55be59dce8acb630 Mon Sep 17 00:00:00 2001 From: Henrik Henriksson <henrik.henriksson@liu.se> Date: Thu, 8 Oct 2020 17:10:57 +0200 Subject: [PATCH] Apply a network policy to explicitly permit postgres --- .gitlab-ci.yml | 1 + realworld/postgres-network-policy.yaml | 15 +++++++++++++++ 2 files changed, 16 insertions(+) create mode 100644 realworld/postgres-network-policy.yaml diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 59caa87..0f05eea 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -117,6 +117,7 @@ deploy-realworld: - kubectl get all - kubectl apply -f realworld/backend-service.yaml - kubectl apply -f realworld/frontend-service.yaml + - kubectl apply -f realworld/postgres-network-policy.yaml - kubectl apply -f realworld/ingress.yaml deploy-realworld-postgres: diff --git a/realworld/postgres-network-policy.yaml b/realworld/postgres-network-policy.yaml new file mode 100644 index 0000000..0f452d8 --- /dev/null +++ b/realworld/postgres-network-policy.yaml @@ -0,0 +1,15 @@ +apiVersion: extensions/v1beta1 +kind: NetworkPolicy +metadata: + name: realworld-postgres-network-policy +spec: + ingress: + - ports: + - port: 5432 + protocol: TCP + podSelector: + matchLabels: + service: postgres + app: realworld + policyTypes: + - Ingress -- GitLab