155 lines
3.6 KiB
YAML
155 lines
3.6 KiB
YAML
---
|
|
apiVersion: networking.k8s.io/v1
|
|
kind: NetworkPolicy
|
|
metadata:
|
|
name: camera-motion-detect
|
|
spec:
|
|
podSelector:
|
|
matchLabels:
|
|
component: camera-motion-detect
|
|
policyTypes:
|
|
- Ingress
|
|
# - Egress # Something wrong with using minio-clusters as namespaceSelector.
|
|
ingress:
|
|
- from:
|
|
- podSelector:
|
|
matchLabels:
|
|
app.kubernetes.io/name: camtiler
|
|
component: camera-tiler
|
|
- from:
|
|
- namespaceSelector:
|
|
matchLabels:
|
|
kubernetes.io/metadata.name: monitoring
|
|
podSelector:
|
|
matchLabels:
|
|
app.kubernetes.io/name: prometheus
|
|
egress:
|
|
- to:
|
|
- ipBlock:
|
|
# Permit access to cameras outside the cluster
|
|
cidr: 100.102.0.0/16
|
|
- to:
|
|
- podSelector:
|
|
matchLabels:
|
|
app: mongodb-svc
|
|
ports:
|
|
- port: 27017
|
|
- to:
|
|
- podSelector:
|
|
matchLabels:
|
|
app.kubernetes.io/name: minio
|
|
ports:
|
|
- port: 9000
|
|
---
|
|
apiVersion: networking.k8s.io/v1
|
|
kind: NetworkPolicy
|
|
metadata:
|
|
name: camera-tiler
|
|
spec:
|
|
podSelector:
|
|
matchLabels:
|
|
app.kubernetes.io/name: camtiler
|
|
component: camera-tiler
|
|
policyTypes:
|
|
- Ingress
|
|
- Egress
|
|
egress:
|
|
- to:
|
|
- podSelector:
|
|
matchLabels:
|
|
component: camera-motion-detect
|
|
ports:
|
|
- port: 5000
|
|
ingress:
|
|
- from:
|
|
- namespaceSelector:
|
|
matchLabels:
|
|
kubernetes.io/metadata.name: monitoring
|
|
podSelector:
|
|
matchLabels:
|
|
app.kubernetes.io/name: prometheus
|
|
- from:
|
|
- namespaceSelector:
|
|
matchLabels:
|
|
kubernetes.io/metadata.name: traefik
|
|
podSelector:
|
|
matchLabels:
|
|
app.kubernetes.io/name: traefik
|
|
---
|
|
apiVersion: networking.k8s.io/v1
|
|
kind: NetworkPolicy
|
|
metadata:
|
|
name: logmower-eventsource
|
|
spec:
|
|
podSelector:
|
|
matchLabels:
|
|
app.kubernetes.io/name: camtiler
|
|
component: logmower-eventsource
|
|
policyTypes:
|
|
- Ingress
|
|
# - Egress # Something wrong with using mongodb-svc as podSelector.
|
|
egress:
|
|
- to:
|
|
- podSelector:
|
|
matchLabels:
|
|
app: mongodb-svc
|
|
- podSelector:
|
|
matchLabels:
|
|
component: logmower-event-broker
|
|
ingress:
|
|
- from:
|
|
- namespaceSelector:
|
|
matchLabels:
|
|
kubernetes.io/metadata.name: traefik
|
|
podSelector:
|
|
matchLabels:
|
|
app.kubernetes.io/name: traefik
|
|
---
|
|
apiVersion: networking.k8s.io/v1
|
|
kind: NetworkPolicy
|
|
metadata:
|
|
name: logmower-event-broker
|
|
spec:
|
|
podSelector:
|
|
matchLabels:
|
|
app.kubernetes.io/name: camtiler
|
|
component: logmower-event-broker
|
|
policyTypes:
|
|
- Ingress
|
|
- Egress
|
|
egress:
|
|
- to:
|
|
# Minio access via Traefik's public endpoint
|
|
- namespaceSelector:
|
|
matchLabels:
|
|
kubernetes.io/metadata.name: traefik
|
|
podSelector:
|
|
matchLabels:
|
|
app.kubernetes.io/name: traefik
|
|
ingress:
|
|
- from:
|
|
- podSelector:
|
|
matchLabels:
|
|
component: logmower-eventsource
|
|
---
|
|
apiVersion: networking.k8s.io/v1
|
|
kind: NetworkPolicy
|
|
metadata:
|
|
name: logmower-frontend
|
|
spec:
|
|
podSelector:
|
|
matchLabels:
|
|
app.kubernetes.io/name: camtiler
|
|
component: logmower-frontend
|
|
policyTypes:
|
|
- Ingress
|
|
- Egress
|
|
ingress:
|
|
- from:
|
|
- namespaceSelector:
|
|
matchLabels:
|
|
kubernetes.io/metadata.name: traefik
|
|
podSelector:
|
|
matchLabels:
|
|
app.kubernetes.io/name: traefik
|