diff --git a/kubernetes/rpi5-cluster/apps/cilium/ks.yaml b/kubernetes/rpi5-cluster/apps/cilium/ks.yaml index 512f204..8c82c5a 100644 --- a/kubernetes/rpi5-cluster/apps/cilium/ks.yaml +++ b/kubernetes/rpi5-cluster/apps/cilium/ks.yaml @@ -12,19 +12,4 @@ spec: kind: GitRepository namespace: flux-system name: home-cluster-ops ---- -apiVersion: kustomize.toolkit.fluxcd.io/v1 -kind: Kustomization -metadata: - name: cilium-networkpolicies - namespace: kube-system -spec: - interval: 1h - path: ./kubernetes/rpi5-cluster/apps/cilium/networkpolicies - prune: true - sourceRef: - kind: GitRepository - namespace: flux-system - name: home-cluster-ops - dependsOn: - - name: cilium-app + diff --git a/kubernetes/rpi5-cluster/apps/cilium/networkpolicies/coredns.yaml b/kubernetes/rpi5-cluster/apps/cilium/networkpolicies/coredns.yaml deleted file mode 100644 index 5b7826c..0000000 --- a/kubernetes/rpi5-cluster/apps/cilium/networkpolicies/coredns.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: cilium.io/v2 -kind: CiliumNetworkPolicy -metadata: - name: coredns - namespace: kube-system -spec: - endpointSelector: - matchLabels: - k8s-app: kube-dns - egress: - - toEntities: - - world - toPorts: - - ports: - - port: "53" - - toEntities: - - host - - remote-node - toPorts: - - ports: - - port: "6443" \ No newline at end of file diff --git a/kubernetes/rpi5-cluster/apps/cilium/networkpolicies/egress-kube-dns.yaml b/kubernetes/rpi5-cluster/apps/cilium/networkpolicies/egress-kube-dns.yaml deleted file mode 100644 index 1003e85..0000000 --- a/kubernetes/rpi5-cluster/apps/cilium/networkpolicies/egress-kube-dns.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: cilium.io/v2 -kind: CiliumClusterwideNetworkPolicy -metadata: - name: egress-kube-dns -spec: - endpointSelector: - matchExpressions: - - key: rpi5.cluster.policy/egress-kube-dns - operator: NotIn - values: - - "false" - egress: - - toEndpoints: - - matchLabels: - io.kubernetes.pod.namespace: kube-system - k8s-app: kube-dns - toPorts: - - ports: - - port: "53" diff --git a/kubernetes/rpi5-cluster/apps/cilium/networkpolicies/egress-kubeapi.yaml b/kubernetes/rpi5-cluster/apps/cilium/networkpolicies/egress-kubeapi.yaml deleted file mode 100644 index 3e54454..0000000 --- a/kubernetes/rpi5-cluster/apps/cilium/networkpolicies/egress-kubeapi.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: cilium.io/v2 -kind: CiliumClusterwideNetworkPolicy -metadata: - name: egress-kubeapi -spec: - endpointSelector: - matchLabels: - rpi5.cluster.policy/egress-kubeapi: "true" - egress: - - toEntities: - - host - - remote-node - toPorts: - - ports: - - port: "6443" - - toEntities: - - kube-apiserver - toPorts: - - ports: - - port: "443" - - port: "6443" diff --git a/kubernetes/rpi5-cluster/apps/cilium/networkpolicies/egress-namespace.yaml b/kubernetes/rpi5-cluster/apps/cilium/networkpolicies/egress-namespace.yaml deleted file mode 100644 index 7173deb..0000000 --- a/kubernetes/rpi5-cluster/apps/cilium/networkpolicies/egress-namespace.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: cilium.io/v2 -kind: CiliumClusterwideNetworkPolicy -metadata: - name: egress-namespace -spec: - endpointSelector: - matchLabels: - rpi5.cluster.policy/egress-namespace: "true" - egress: - - toEndpoints: - - {} diff --git a/kubernetes/rpi5-cluster/apps/cilium/networkpolicies/egress-nodes.yaml b/kubernetes/rpi5-cluster/apps/cilium/networkpolicies/egress-nodes.yaml deleted file mode 100644 index 08bb2fa..0000000 --- a/kubernetes/rpi5-cluster/apps/cilium/networkpolicies/egress-nodes.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: cilium.io/v2 -kind: CiliumClusterwideNetworkPolicy -metadata: - name: egress-nodes -spec: - endpointSelector: - matchLabels: - rpi5.cluster.policy/egress-nodes: "true" - egress: - - toEntities: - - host - - remote-node diff --git a/kubernetes/rpi5-cluster/apps/cilium/networkpolicies/egress-world-with-lan.yaml b/kubernetes/rpi5-cluster/apps/cilium/networkpolicies/egress-world-with-lan.yaml deleted file mode 100644 index 0b55a55..0000000 --- a/kubernetes/rpi5-cluster/apps/cilium/networkpolicies/egress-world-with-lan.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: cilium.io/v2 -kind: CiliumClusterwideNetworkPolicy -metadata: - name: egress-world-with-lan -spec: - endpointSelector: - matchLabels: - rpi5.cluster.policy/egress-world-with-lan: "true" - egress: - - toCIDRSet: - - cidr: 0.0.0.0/0 diff --git a/kubernetes/rpi5-cluster/apps/cilium/networkpolicies/egress-world.yaml b/kubernetes/rpi5-cluster/apps/cilium/networkpolicies/egress-world.yaml deleted file mode 100644 index f2c2845..0000000 --- a/kubernetes/rpi5-cluster/apps/cilium/networkpolicies/egress-world.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: cilium.io/v2 -kind: CiliumClusterwideNetworkPolicy -metadata: - name: egress-world -spec: - endpointSelector: - matchLabels: - rpi5.cluster.policy/egress-world: "true" - egress: - - toCIDRSet: - - cidr: 0.0.0.0/0 - except: - - 192.168.1.0/24 - - 192.168.2.0/24 - - 100.64.0.0/10 diff --git a/kubernetes/rpi5-cluster/apps/cilium/networkpolicies/ingress-namespace.yaml b/kubernetes/rpi5-cluster/apps/cilium/networkpolicies/ingress-namespace.yaml deleted file mode 100644 index f479a7f..0000000 --- a/kubernetes/rpi5-cluster/apps/cilium/networkpolicies/ingress-namespace.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: cilium.io/v2 -kind: CiliumClusterwideNetworkPolicy -metadata: - name: ingress-namespace -spec: - endpointSelector: - matchLabels: - rpi5.cluster.policy/ingress-namespace: "true" - ingress: - - fromEndpoints: - - {} diff --git a/kubernetes/rpi5-cluster/apps/cilium/networkpolicies/ingress-nginx.yaml b/kubernetes/rpi5-cluster/apps/cilium/networkpolicies/ingress-nginx.yaml deleted file mode 100644 index 4729f28..0000000 --- a/kubernetes/rpi5-cluster/apps/cilium/networkpolicies/ingress-nginx.yaml +++ /dev/null @@ -1,65 +0,0 @@ -apiVersion: cilium.io/v2 -kind: CiliumClusterwideNetworkPolicy -metadata: - name: ingress-ingress -spec: - endpointSelector: - matchLabels: - rpi5.cluster.policy/ingress-ingress: "true" - ingress: - - fromEndpoints: - - matchLabels: - io.kubernetes.pod.namespace: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/component: controller ---- -apiVersion: cilium.io/v2 -kind: CiliumNetworkPolicy -metadata: - name: ingress-nginx - namespace: ingress-nginx -spec: - endpointSelector: - matchLabels: - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/component: controller - egress: - - toEndpoints: - - matchLabels: - rpi5.cluster.policy/ingress-ingress: "true" - matchExpressions: - - key: io.kubernetes.pod.namespace - operator: Exists ---- -apiVersion: cilium.io/v2 -kind: CiliumClusterwideNetworkPolicy -metadata: - name: egress-ingress -spec: - endpointSelector: - matchLabels: - rpi5.cluster.policy/egress-ingress: "true" - egress: - - toEndpoints: - - matchLabels: - io.kubernetes.pod.namespace: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/component: controller ---- -apiVersion: cilium.io/v2 -kind: CiliumNetworkPolicy -metadata: - name: egress-nginx - namespace: ingress-nginx -spec: - endpointSelector: - matchLabels: - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/component: controller - ingress: - - fromEndpoints: - - matchLabels: - rpi5.cluster.policy/egress-ingress: "true" - matchExpressions: - - key: io.kubernetes.pod.namespace - operator: Exists diff --git a/kubernetes/rpi5-cluster/apps/cilium/networkpolicies/ingress-nodes.yaml b/kubernetes/rpi5-cluster/apps/cilium/networkpolicies/ingress-nodes.yaml deleted file mode 100644 index b148425..0000000 --- a/kubernetes/rpi5-cluster/apps/cilium/networkpolicies/ingress-nodes.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: cilium.io/v2 -kind: CiliumClusterwideNetworkPolicy -metadata: - name: ingress-nodes -spec: - endpointSelector: - matchLabels: - rpi5.cluster.policy/ingress-nodes: "true" - ingress: - - fromEntities: - - host - - remote-node diff --git a/kubernetes/rpi5-cluster/apps/cilium/networkpolicies/ingress-world.yaml b/kubernetes/rpi5-cluster/apps/cilium/networkpolicies/ingress-world.yaml deleted file mode 100644 index 24d0ce1..0000000 --- a/kubernetes/rpi5-cluster/apps/cilium/networkpolicies/ingress-world.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: cilium.io/v2 -kind: CiliumClusterwideNetworkPolicy -metadata: - name: ingress-world -spec: - endpointSelector: - matchLabels: - rpi5.cluster.policy/ingress-world: "true" - ingress: - - fromEntities: - - world diff --git a/kubernetes/rpi5-cluster/apps/cilium/networkpolicies/local-path-provisioner.yaml b/kubernetes/rpi5-cluster/apps/cilium/networkpolicies/local-path-provisioner.yaml deleted file mode 100644 index 947aff1..0000000 --- a/kubernetes/rpi5-cluster/apps/cilium/networkpolicies/local-path-provisioner.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: cilium.io/v2 -kind: CiliumNetworkPolicy -metadata: - name: local-path-provisioner - namespace: kube-system -spec: - endpointSelector: - matchLabels: - app: local-path-provisioner - egress: - - toEntities: - - host - - remote-node - toPorts: - - ports: - - port: "6443"