kube/shared/README.md

# KeyDB

KeyDB can be instantiated by symlinking the generated keydb.yml,
in future this could be handled by an operator.

```
helm template keydb enapter/keydb --set persistentVolume.enabled=false > keydb.yml
```

# To regenerate base network policies

It's quite odd there is no better way to generate these.


cat << EOF > networkpolicy-base.yml
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: kubedns
spec:
  podSelector: {}
  policyTypes:
  - Egress
  egress:
  - to:
    - namespaceSelector:
        matchLabels:
          kubernetes.io/metadata.name: kube-system
    ports:
    - protocol: UDP
      port: 53
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: kubeprobe
spec:
  podSelector: {}
  policyTypes:
  - Ingress
  ingress:
EOF
for j in $(kubectl get nodes -o json   | jq '.items[] | .spec.podCIDR' -r | cut -d "/" -f 1 | sed -e 's/\.0$/\.1\/32/' | xargs); do
cat << EOF >> networkpolicy-base.yml
  - from:
    - ipBlock:
        cidr: $j
EOF
done

cat << EOF >> networkpolicy-base.yml
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: kubeapi
spec:
  podSelector: {}
  policyTypes:
  - Egress
  egress:
  - ports:
    - port: 6443
    to:
EOF
for j in $(kubectl get ep -n default kubernetes -o json | jq '.subsets[].addresses[].ip' -r | xargs); do
cat << EOF >> networkpolicy-base.yml
    - ipBlock:
        cidr: $j/32
EOF
done