Peter Kurfer
647f602c79
- added Core CRD to manage DB migrations & configuration, PostgREST and GoTrue (auth) - added APIGateway CRD to manage Envoy proxy - added Dashboard CRD to manage (so far) pg-meta and (soon) studio deployments - implemented basic Envoy control plane based on K8s watcher
26 lines
866 B
YAML
26 lines
866 B
YAML
# This NetworkPolicy allows ingress traffic to your webhook server running
|
|
# as part of the controller-manager from specific namespaces and pods. CR(s) which uses webhooks
|
|
# will only work when applied in namespaces labeled with 'webhook: enabled'
|
|
apiVersion: networking.k8s.io/v1
|
|
kind: NetworkPolicy
|
|
metadata:
|
|
labels:
|
|
app.kubernetes.io/name: supabase-operator
|
|
app.kubernetes.io/managed-by: kustomize
|
|
name: allow-webhook-traffic
|
|
namespace: supabase-system
|
|
spec:
|
|
podSelector:
|
|
matchLabels:
|
|
control-plane: controller-manager
|
|
policyTypes:
|
|
- Ingress
|
|
ingress:
|
|
# This allows ingress traffic from any namespace with the label webhook: enabled
|
|
- from:
|
|
- namespaceSelector:
|
|
matchLabels:
|
|
webhook: enabled # Only from namespaces with this label
|
|
ports:
|
|
- port: 443
|
|
protocol: TCP
|