kube/shared/README.md
2022-08-25 11:22:50 +03:00

73 lines
1.4 KiB
Markdown

# KeyDB
KeyDB can be instantiated by symlinking the generated keydb.yml,
in future this could be handled by an operator.
```
helm template keydb enapter/keydb --set persistentVolume.enabled=false > keydb.yml
```
# To regenerate base network policies
It's quite odd there is no better way to generate these.
cat << EOF > networkpolicy-base.yml
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: kubedns
spec:
podSelector: {}
policyTypes:
- Egress
egress:
- to:
- namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: kube-system
ports:
- protocol: UDP
port: 53
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: kubeprobe
spec:
podSelector: {}
policyTypes:
- Ingress
ingress:
EOF
for j in $(kubectl get nodes -o json | jq '.items[] | .spec.podCIDR' -r | cut -d "/" -f 1 | sed -e 's/\.0$/\.1\/32/' | xargs); do
cat << EOF >> networkpolicy-base.yml
- from:
- ipBlock:
cidr: $j
EOF
done
cat << EOF >> networkpolicy-base.yml
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: kubeapi
spec:
podSelector: {}
policyTypes:
- Egress
egress:
- ports:
- port: 6443
to:
EOF
for j in $(kubectl get ep -n default kubernetes -o json | jq '.subsets[].addresses[].ip' -r | xargs); do
cat << EOF >> networkpolicy-base.yml
- ipBlock:
cidr: $j/32
EOF
done