redaction (#1)

Add the redacted source file for demo purposes Reviewed-on: https://source.michaeldileo.org/michael_dileo/Keybard-Vagabond-Demo/pulls/1 Co-authored-by: Michael DiLeo <michael_dileo@proton.me> Co-committed-by: Michael DiLeo <michael_dileo@proton.me>
2025-12-24 13:40:47 +00:00
parent 612235d52b
commit 7327d77dcd
333 changed files with 39286 additions and 1 deletions
--- a/manifests/infrastructure/postgresql/network-policy.yaml.example
+++ b/manifests/infrastructure/postgresql/network-policy.yaml.example
@@ -0,0 +1,81 @@
+# Example PostgreSQL Network Policies (not applied by default)
+# Uncomment and customize these if you want to implement network security for PostgreSQL
+
+# ---
+# apiVersion: "cilium.io/v2"
+# kind: CiliumNetworkPolicy
+# metadata:
+#   name: "postgresql-ingress"
+#   namespace: postgresql-system
+# spec:
+#   description: "Allow ingress traffic to PostgreSQL pods"
+#   endpointSelector:
+#     matchLabels:
+#       postgresql: postgresql-shared
+#   ingress:
+#   # Allow CloudNativePG operator status checks
+#   - fromEndpoints:
+#     - matchLabels:
+#         app.kubernetes.io/name: cloudnative-pg
+#     toPorts:
+#     - ports:
+#       - port: "8000"  # Status port
+#         protocol: "TCP"
+#   
+#   # Allow PostgreSQL connections from applications
+#   - fromEntities:
+#     - cluster  # Allow any pod in cluster to connect
+#     toPorts:
+#     - ports:
+#       - port: "5432"  # PostgreSQL port
+#         protocol: "TCP"
+#   
+#   # Allow PostgreSQL replication between instances
+#   - fromEndpoints:
+#     - matchLabels:
+#         postgresql: postgresql-shared  # Allow PostgreSQL pods to talk to each other
+#     toPorts:
+#     - ports:
+#       - port: "5432"
+#         protocol: "TCP"
+#   
+#   # Allow metrics scraping (for OpenObserve)
+#   - fromEndpoints:
+#     - matchLabels:
+#         app: openobserve-collector
+#     toPorts:
+#     - ports:
+#       - port: "9187"  # Metrics port
+#         protocol: "TCP"
+
+# ---
+# apiVersion: "cilium.io/v2"
+# kind: CiliumNetworkPolicy  
+# metadata:
+#   name: "postgresql-egress"
+#   namespace: postgresql-system
+# spec:
+#   description: "Allow egress traffic from PostgreSQL pods"
+#   endpointSelector:
+#     matchLabels:
+#       postgresql: postgresql-shared
+#   egress:
+#   # Allow DNS resolution
+#   - toEndpoints:
+#     - matchLabels:
+#         k8s-app: kube-dns
+#     toPorts:
+#     - ports:
+#       - port: "53"
+#         protocol: "UDP"
+#       - port: "53"
+#         protocol: "TCP"
+#   
+#   # Allow PostgreSQL replication
+#   - toEndpoints:
+#     - matchLabels:
+#         postgresql: postgresql-shared
+#     toPorts:
+#     - ports:
+#       - port: "5432"
+#         protocol: "TCP"