From 07eddcdb42680f1e0429d76a55be59dce8acb630 Mon Sep 17 00:00:00 2001
From: Henrik Henriksson <henrik.henriksson@liu.se>
Date: Thu, 8 Oct 2020 17:10:57 +0200
Subject: [PATCH] Apply a network policy to explicitly permit postgres

---
 .gitlab-ci.yml                         |  1 +
 realworld/postgres-network-policy.yaml | 15 +++++++++++++++
 2 files changed, 16 insertions(+)
 create mode 100644 realworld/postgres-network-policy.yaml

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 59caa87..0f05eea 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -117,6 +117,7 @@ deploy-realworld:
     - kubectl get all
     - kubectl apply -f realworld/backend-service.yaml
     - kubectl apply -f realworld/frontend-service.yaml
+    - kubectl apply -f realworld/postgres-network-policy.yaml
     - kubectl apply -f realworld/ingress.yaml
 
 deploy-realworld-postgres:
diff --git a/realworld/postgres-network-policy.yaml b/realworld/postgres-network-policy.yaml
new file mode 100644
index 0000000..0f452d8
--- /dev/null
+++ b/realworld/postgres-network-policy.yaml
@@ -0,0 +1,15 @@
+apiVersion: extensions/v1beta1
+kind: NetworkPolicy
+metadata:
+  name: realworld-postgres-network-policy
+spec:
+  ingress:
+  - ports:
+    - port: 5432
+      protocol: TCP
+  podSelector:
+    matchLabels:
+      service: postgres
+      app: realworld
+  policyTypes:
+  - Ingress
-- 
GitLab