Elgato_dark/argo-cd
1
0
Fork 0
mirror of https://github.com/argoproj/argo-cd synced 2026-04-21 17:07:16 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 22

fix: remove 0.0.0.0/0 ipblock from network policies (#11321) (#11322)

Browse source 
* fix: remove 0.0.0.0/0 ipblock from network policies

https://github.com/argoproj/argo-cd/issues/11321
Signed-off-by: Filip Nikolic <oss.filipn@gmail.com>

* chore: add postfinance to the list of users

Signed-off-by: Filip Nikolic <oss.filipn@gmail.com>

Signed-off-by: Filip Nikolic <oss.filipn@gmail.com>
This commit is contained in:
F1ko 2022-11-19 02:56:15 +01:00 committed by GitHub
parent 299af2172f
commit 812664cbb1
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
9 changed files with 74 additions and 105 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
USERS.md
View file

@ -169,6 +169,7 @@ Currently, the following organizations are **officially** using Argo CD:
1. [Pipefy](https://www.pipefy.com/)
1. [Pismo](https://pismo.io/)
1. [Polarpoint.io](https://polarpoint.io)
1. [PostFinance](https://github.com/postfinance)
1. [Preferred Networks](https://preferred.jp/en/)
1. [Productboard](https://www.productboard.com/)
1. [Prudential](https://prudential.com.sg)

41
manifests/base/redis/argocd-redis-network-policy.yaml
View file

@ -10,27 +10,22 @@ spec:
- Ingress
- Egress
ingress:
- from:
- podSelector:
matchLabels:
app.kubernetes.io/name: argocd-server
- podSelector:
matchLabels:
app.kubernetes.io/name: argocd-repo-server
- podSelector:
matchLabels:
app.kubernetes.io/name: argocd-application-controller
ports:
- protocol: TCP
port: 6379
- from:
- podSelector:
matchLabels:
app.kubernetes.io/name: argocd-server
- podSelector:
matchLabels:
app.kubernetes.io/name: argocd-repo-server
- podSelector:
matchLabels:
app.kubernetes.io/name: argocd-application-controller
ports:
- protocol: TCP
port: 6379
egress:
- to:
- ipBlock:
cidr: 0.0.0.0/0
ports:
- port: 53
protocol: UDP
- port: 53
protocol: TCP
- ports:
- port: 53
protocol: UDP
- port: 53
protocol: TCP

3
manifests/core-install.yaml
View file

@ -10544,9 +10544,6 @@ spec:
protocol: UDP
- port: 53
protocol: TCP
to:
- ipBlock:
cidr: 0.0.0.0/0
ingress:
- from:
- podSelector:

61
manifests/ha/base/redis-ha/argocd-redis-ha-proxy-network-policy.yaml
View file

@ -10,36 +10,33 @@ spec:
- Ingress
- Egress
ingress:
- from:
- podSelector:
matchLabels:
app.kubernetes.io/name: argocd-server
- podSelector:
matchLabels:
app.kubernetes.io/name: argocd-repo-server
- podSelector:
matchLabels:
app.kubernetes.io/name: argocd-application-controller
ports:
- port: 6379
protocol: TCP
- port: 26379
protocol: TCP
- from:
- podSelector:
matchLabels:
app.kubernetes.io/name: argocd-server
- podSelector:
matchLabels:
app.kubernetes.io/name: argocd-repo-server
- podSelector:
matchLabels:
app.kubernetes.io/name: argocd-application-controller
ports:
- port: 6379
protocol: TCP
- port: 26379
protocol: TCP
egress:
- to:
- podSelector:
matchLabels:
app.kubernetes.io/name: argocd-redis-ha
ports:
- port: 6379
protocol: TCP
- port: 26379
protocol: TCP
- to:
- ipBlock:
cidr: 0.0.0.0/0
ports:
- port: 53
protocol: UDP
- port: 53
protocol: TCP
- to:
- podSelector:
matchLabels:
app.kubernetes.io/name: argocd-redis-ha
ports:
- port: 6379
protocol: TCP
- port: 26379
protocol: TCP
- ports:
- port: 53
protocol: UDP
- port: 53
protocol: TCP

55
manifests/ha/base/redis-ha/argocd-redis-ha-server-network-policy.yaml
View file

@ -10,33 +10,30 @@ spec:
- Ingress
- Egress
ingress:
- from:
- podSelector:
matchLabels:
app.kubernetes.io/name: argocd-redis-ha-haproxy
- podSelector:
matchLabels:
app.kubernetes.io/name: argocd-redis-ha
ports:
- port: 6379
protocol: TCP
- port: 26379
protocol: TCP
- from:
- podSelector:
matchLabels:
app.kubernetes.io/name: argocd-redis-ha-haproxy
- podSelector:
matchLabels:
app.kubernetes.io/name: argocd-redis-ha
ports:
- port: 6379
protocol: TCP
- port: 26379
protocol: TCP
egress:
- to:
- podSelector:
matchLabels:
app.kubernetes.io/name: argocd-redis-ha
ports:
- port: 6379
protocol: TCP
- port: 26379
protocol: TCP
- to:
- ipBlock:
cidr: 0.0.0.0/0
ports:
- port: 53
protocol: UDP
- port: 53
protocol: TCP
- to:
- podSelector:
matchLabels:
app.kubernetes.io/name: argocd-redis-ha
ports:
- port: 6379
protocol: TCP
- port: 26379
protocol: TCP
- ports:
- port: 53
protocol: UDP
- port: 53
protocol: TCP

6
manifests/ha/install.yaml
View file

@ -12546,9 +12546,6 @@ spec:
protocol: UDP
- port: 53
protocol: TCP
to:
- ipBlock:
cidr: 0.0.0.0/0
ingress:
- from:
- podSelector:
@ -12592,9 +12589,6 @@ spec:
protocol: UDP
- port: 53
protocol: TCP
to:
- ipBlock:
cidr: 0.0.0.0/0
ingress:
- from:
- podSelector:

6
manifests/ha/namespace-install.yaml
View file

@ -2968,9 +2968,6 @@ spec:
protocol: UDP
- port: 53
protocol: TCP
to:
- ipBlock:
cidr: 0.0.0.0/0
ingress:
- from:
- podSelector:
@ -3014,9 +3011,6 @@ spec:
protocol: UDP
- port: 53
protocol: TCP
to:
- ipBlock:
cidr: 0.0.0.0/0
ingress:
- from:
- podSelector:

3
manifests/install.yaml
View file

@ -11361,9 +11361,6 @@ spec:
protocol: UDP
- port: 53
protocol: TCP
to:
- ipBlock:
cidr: 0.0.0.0/0
ingress:
- from:
- podSelector:

3
manifests/namespace-install.yaml
View file

@ -1783,9 +1783,6 @@ spec:
protocol: UDP
- port: 53
protocol: TCP
to:
- ipBlock:
cidr: 0.0.0.0/0
ingress:
- from:
- podSelector: