# Example PostgreSQL Network Policies (not applied by default) # Uncomment and customize these if you want to implement network security for PostgreSQL # --- # apiVersion: "cilium.io/v2" # kind: CiliumNetworkPolicy # metadata: # name: "postgresql-ingress" # namespace: postgresql-system # spec: # description: "Allow ingress traffic to PostgreSQL pods" # endpointSelector: # matchLabels: # postgresql: postgresql-shared # ingress: # # Allow CloudNativePG operator status checks # - fromEndpoints: # - matchLabels: # app.kubernetes.io/name: cloudnative-pg # toPorts: # - ports: # - port: "8000" # Status port # protocol: "TCP" # # # Allow PostgreSQL connections from applications # - fromEntities: # - cluster # Allow any pod in cluster to connect # toPorts: # - ports: # - port: "5432" # PostgreSQL port # protocol: "TCP" # # # Allow PostgreSQL replication between instances # - fromEndpoints: # - matchLabels: # postgresql: postgresql-shared # Allow PostgreSQL pods to talk to each other # toPorts: # - ports: # - port: "5432" # protocol: "TCP" # # # Allow metrics scraping (for OpenObserve) # - fromEndpoints: # - matchLabels: # app: openobserve-collector # toPorts: # - ports: # - port: "9187" # Metrics port # protocol: "TCP" # --- # apiVersion: "cilium.io/v2" # kind: CiliumNetworkPolicy # metadata: # name: "postgresql-egress" # namespace: postgresql-system # spec: # description: "Allow egress traffic from PostgreSQL pods" # endpointSelector: # matchLabels: # postgresql: postgresql-shared # egress: # # Allow DNS resolution # - toEndpoints: # - matchLabels: # k8s-app: kube-dns # toPorts: # - ports: # - port: "53" # protocol: "UDP" # - port: "53" # protocol: "TCP" # # # Allow PostgreSQL replication # - toEndpoints: # - matchLabels: # postgresql: postgresql-shared # toPorts: # - ports: # - port: "5432" # protocol: "TCP"