-
Notifications
You must be signed in to change notification settings - Fork 1.7k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge branch 'develop' into BCF-2612-ChainReader-Next
- Loading branch information
Showing
9 changed files
with
145 additions
and
3 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
23 changes: 23 additions & 0 deletions
23
charts/chainlink-cluster/templates/chainlink-db-networkpolicy.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,23 @@ | ||
apiVersion: networking.k8s.io/v1 | ||
kind: NetworkPolicy | ||
metadata: | ||
name: {{ $.Release.Name }}-db | ||
spec: | ||
podSelector: | ||
matchLabels: | ||
app: {{ $.Release.Name }}-db | ||
policyTypes: | ||
- Ingress | ||
ingress: | ||
- from: | ||
# Allow all node pods to access the database pods. | ||
- podSelector: | ||
matchLabels: | ||
app: {{ $.Release.Name }} | ||
# Allow all runner pods to access the database pods. | ||
- podSelector: | ||
matchLabels: | ||
app: runner | ||
ports: | ||
- protocol: TCP | ||
port: 5432 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
19 changes: 19 additions & 0 deletions
19
charts/chainlink-cluster/templates/chainlink-node-networkpolicy.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
apiVersion: networking.k8s.io/v1 | ||
kind: NetworkPolicy | ||
metadata: | ||
name: {{ $.Release.Name }}-node | ||
spec: | ||
podSelector: | ||
matchLabels: | ||
app: {{ $.Release.Name }} | ||
policyTypes: | ||
- Ingress | ||
ingress: | ||
# Allow all ingress traffic between the node pods and from runner pod. | ||
- from: | ||
- podSelector: | ||
matchLabels: | ||
app: {{ $.Release.Name }} | ||
- podSelector: | ||
matchLabels: | ||
app: runner |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
25 changes: 25 additions & 0 deletions
25
charts/chainlink-cluster/templates/geth-networkpolicy.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,25 @@ | ||
apiVersion: networking.k8s.io/v1 | ||
kind: NetworkPolicy | ||
metadata: | ||
name: {{ $.Release.Name }}-geth | ||
spec: | ||
podSelector: | ||
matchLabels: | ||
app: geth | ||
policyTypes: | ||
- Ingress | ||
ingress: | ||
- from: | ||
# Allow http and websocket connections from the node pods. | ||
- podSelector: | ||
matchLabels: | ||
app: {{ $.Release.Name }} | ||
# Allow http and websocket connections from the runner pods. | ||
- podSelector: | ||
matchLabels: | ||
app: runner | ||
ports: | ||
- protocol: TCP | ||
port: 8544 | ||
- protocol: TCP | ||
port: 8546 |
23 changes: 23 additions & 0 deletions
23
charts/chainlink-cluster/templates/mockserver-networkpolicy.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,23 @@ | ||
apiVersion: networking.k8s.io/v1 | ||
kind: NetworkPolicy | ||
metadata: | ||
name: {{ $.Release.Name }}-mockserver | ||
spec: | ||
podSelector: | ||
matchLabels: | ||
app: mockserver | ||
policyTypes: | ||
- Ingress | ||
ingress: | ||
- from: | ||
# Allow http traffic from the node pods. | ||
- podSelector: | ||
matchLabels: | ||
app: {{ $.Release.Name }} | ||
# Allow http traffic from the runner pods. | ||
- podSelector: | ||
matchLabels: | ||
app: runner | ||
ports: | ||
- protocol: TCP | ||
port: 1080 |
27 changes: 27 additions & 0 deletions
27
charts/chainlink-cluster/templates/networkpolicy-default-deny.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,27 @@ | ||
apiVersion: networking.k8s.io/v1 | ||
kind: NetworkPolicy | ||
metadata: | ||
name: default-deny | ||
spec: | ||
podSelector: | ||
matchLabels: {} | ||
policyTypes: | ||
- Ingress | ||
- Egress | ||
egress: | ||
- to: | ||
- namespaceSelector: | ||
matchLabels: | ||
kubernetes.io/metadata.name: "{{ $.Release.Namespace }}" | ||
- to: | ||
- namespaceSelector: | ||
matchLabels: | ||
kubernetes.io/metadata.name: kube-system | ||
podSelector: | ||
matchLabels: | ||
k8s-app: kube-dns | ||
ports: | ||
- protocol: TCP | ||
port: 53 | ||
- protocol: UDP | ||
port: 53 |
19 changes: 19 additions & 0 deletions
19
charts/chainlink-cluster/templates/runner-networkpolicy.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
apiVersion: networking.k8s.io/v1 | ||
kind: NetworkPolicy | ||
metadata: | ||
name: {{ $.Release.Name }}-runner | ||
spec: | ||
podSelector: | ||
matchLabels: | ||
app: runner | ||
policyTypes: | ||
- Ingress | ||
ingress: | ||
# Allow all ingress traffic between the node pods and from runner pod. | ||
- from: | ||
- podSelector: | ||
matchLabels: | ||
app: {{ $.Release.Name }} | ||
- podSelector: | ||
matchLabels: | ||
app: runner |