Signed-off-by: gwg313 <gwg313@pm.me>
This commit is contained in:
parent
ef827b2c69
commit
145721146e
35 changed files with 919 additions and 122 deletions
36
apps/tekton/network-policy.yaml
Normal file
36
apps/tekton/network-policy.yaml
Normal file
|
|
@ -0,0 +1,36 @@
|
|||
apiVersion: cilium.io/v2
|
||||
kind: CiliumNetworkPolicy
|
||||
metadata:
|
||||
name: cicd-egress
|
||||
namespace: cicd
|
||||
spec:
|
||||
endpointSelector: {}
|
||||
egress:
|
||||
# Tekton entrypoint sidecar updates TaskRun status via the K8s API
|
||||
- toEntities:
|
||||
- kube-apiserver
|
||||
toPorts:
|
||||
- ports:
|
||||
- port: "443"
|
||||
protocol: TCP
|
||||
# Push built images to Harbor registry in-cluster
|
||||
- toEndpoints:
|
||||
- matchLabels:
|
||||
io.kubernetes.pod.namespace: harbor
|
||||
app: harbor
|
||||
toPorts:
|
||||
- ports:
|
||||
- port: "80"
|
||||
protocol: TCP
|
||||
# Git clone from internal Forgejo
|
||||
- toEndpoints:
|
||||
- matchLabels:
|
||||
io.kubernetes.pod.namespace: forgejo
|
||||
app: forgejo
|
||||
toPorts:
|
||||
- ports:
|
||||
- port: "3000"
|
||||
protocol: TCP
|
||||
# Tool downloads (kubeconform), schema lookups
|
||||
- toEntities:
|
||||
- world
|
||||
Loading…
Add table
Add a link
Reference in a new issue