[DO-1600] Move plantuml in new namespace (!30)
[DO-1600] Co-authored-by: denis.patrakeev <denis.patrakeev@avroid.tech> Reviewed-on: https://git.avroid.tech/K8s/k8s-configs/pulls/30
This commit is contained in:
Denis Patrakeev
@@ -0,0 +1,59 @@
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: prod
|
||||
labels:
|
||||
name: prod
|
||||
app.kubernetes.io/managed-by: argocd
|
||||
annotations:
|
||||
argocd.argoproj.io/sync-wave: "-1"
|
||||
scheduler.alpha.kubernetes.io/node-selector: node-role.kubernetes.io/worker=
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ResourceQuota
|
||||
metadata:
|
||||
name: prod
|
||||
namespace: prod
|
||||
labels:
|
||||
app.kubernetes.io/managed-by: argocd
|
||||
spec:
|
||||
hard:
|
||||
requests.cpu: "4"
|
||||
requests.memory: "10Gi"
|
||||
requests.storage: "100Mi"
|
||||
limits.cpu: "16"
|
||||
limits.memory: 24Gi
|
||||
configmaps: "200"
|
||||
resourcequotas: "1"
|
||||
secrets: "200"
|
||||
services: "200"
|
||||
pods: "100"
|
||||
persistentvolumeclaims: "40"
|
||||
---
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: NetworkPolicy
|
||||
metadata:
|
||||
name: prod-common
|
||||
namespace: prod
|
||||
labels:
|
||||
app.kubernetes.io/managed-by: argocd
|
||||
spec:
|
||||
podSelector: {}
|
||||
policyTypes:
|
||||
- Ingress
|
||||
- Egress
|
||||
ingress: []
|
||||
egress:
|
||||
- to:
|
||||
- ipBlock:
|
||||
# office-balancer.avroid.tech
|
||||
cidr: 10.2.16.2/32
|
||||
ports:
|
||||
- port: 443
|
||||
protocol: TCP
|
||||
- ports:
|
||||
- port: 53
|
||||
protocol: TCP
|
||||
- port: 53
|
||||
protocol: UDP
|
||||
@@ -10,17 +10,17 @@ spec:
|
||||
project: plantuml
|
||||
destination:
|
||||
server: https://kubernetes.default.svc
|
||||
namespace: plantuml
|
||||
namespace: prod
|
||||
sources:
|
||||
- repoURL: https://git.avroid.tech/K8s/k8s-configs.git
|
||||
targetRevision: master
|
||||
ref: values
|
||||
- repoURL: https://stevehipwell.github.io/helm-charts/
|
||||
chart: "plantuml"
|
||||
- repoURL: https://nexus.avroid.tech/repository/devops-helm-proxy-helm/
|
||||
chart: "stevehipwell/plantuml"
|
||||
targetRevision: 3.36.0
|
||||
helm:
|
||||
valueFiles:
|
||||
- $values/clusters/k8s-avroid-office.prod.local/namespaces/plantuml/values.yaml
|
||||
- $values/clusters/k8s-avroid-office.prod.local/namespaces/prod/plantuml/values-ovveride.yaml
|
||||
syncPolicy:
|
||||
automated:
|
||||
prune: true
|
||||
@@ -39,11 +39,11 @@ metadata:
|
||||
- resources-finalizer.argocd.argoproj.io
|
||||
spec:
|
||||
sourceRepos:
|
||||
- https://stevehipwell.github.io/helm-charts/
|
||||
- https://git.avroid.tech/K8s/k8s-configs.git
|
||||
- https://nexus.avroid.tech/repository/devops-helm-proxy-helm/
|
||||
# Only permit applications to deploy to the guestbook namespace in the same cluster
|
||||
destinations:
|
||||
- namespace: plantuml
|
||||
- namespace: prod
|
||||
server: https://kubernetes.default.svc
|
||||
# Deny all cluster-scoped resources from being created, except for Namespace
|
||||
clusterResourceWhitelist:
|
||||
@@ -0,0 +1,18 @@
|
||||
---
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: NetworkPolicy
|
||||
metadata:
|
||||
name: plantuml-in
|
||||
namespace: prod
|
||||
labels:
|
||||
app.kubernetes.io/managed-by: argocd
|
||||
spec:
|
||||
podSelector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: plantuml
|
||||
policyTypes:
|
||||
- Ingress
|
||||
ingress:
|
||||
- ports:
|
||||
- port: 80
|
||||
protocol: TCP
|
||||
Reference in New Issue
Block a user