claude/k8s-apps
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor: keep only prod namespace in manifests.yaml

Browse Source
This commit is contained in:
claude 2026-02-24 06:51:58 +01:00
parent 42c8681528
commit 80ce5ba4fd
1 changed files with 10 additions and 185 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

195
apps/namespaces/manifests.yaml
View File

@ -1,180 +1,9 @@
---
apiVersion: v1
kind: Namespace
metadata:
name: dev
labels:
environment: dev
pod-security.kubernetes.io/enforce: restricted
pod-security.kubernetes.io/warn: restricted
---
apiVersion: v1
kind: ResourceQuota
metadata:
name: dev-quota
namespace: dev
spec:
hard:
requests.cpu: "4"
requests.memory: "8Gi"
limits.cpu: "8"
limits.memory: "16Gi"
pods: "30"
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: default-deny-all
namespace: dev
spec:
podSelector: {}
policyTypes:
- Ingress
- Egress
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: allow-dns-egress
namespace: dev
spec:
podSelector: {}
policyTypes:
- Egress
egress:
- to:
- namespaceSelector: {}
ports:
- port: 53
protocol: UDP
- port: 53
protocol: TCP
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: allow-ingress-from-nginx
namespace: dev
spec:
podSelector: {}
policyTypes:
- Ingress
ingress:
- from:
- namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: ingress-nginx
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: allow-cert-manager-http01
namespace: dev
spec:
podSelector:
matchLabels:
acme.cert-manager.io/http01-solver: "true"
policyTypes:
- Ingress
- Egress
ingress:
- ports:
- port: 8089
protocol: TCP
egress:
- {}
---
apiVersion: v1
kind: Namespace
metadata:
name: staging
labels:
environment: staging
pod-security.kubernetes.io/enforce: restricted
pod-security.kubernetes.io/warn: restricted
---
apiVersion: v1
kind: ResourceQuota
metadata:
name: staging-quota
namespace: staging
spec:
hard:
requests.cpu: "4"
requests.memory: "8Gi"
limits.cpu: "8"
limits.memory: "16Gi"
pods: "30"
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: default-deny-all
namespace: staging
spec:
podSelector: {}
policyTypes:
- Ingress
- Egress
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: allow-dns-egress
namespace: staging
spec:
podSelector: {}
policyTypes:
- Egress
egress:
- to:
- namespaceSelector: {}
ports:
- port: 53
protocol: UDP
- port: 53
protocol: TCP
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: allow-ingress-from-nginx
namespace: staging
spec:
podSelector: {}
policyTypes:
- Ingress
ingress:
- from:
- namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: ingress-nginx
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: allow-cert-manager-http01
namespace: staging
spec:
podSelector:
matchLabels:
acme.cert-manager.io/http01-solver: "true"
policyTypes:
- Ingress
- Egress
ingress:
- ports:
- port: 8089
protocol: TCP
egress:
- {}
---
# Production namespace and resources
apiVersion: v1
kind: Namespace
metadata:
name: prod
labels:
environment: prod
pod-security.kubernetes.io/enforce: restricted
pod-security.kubernetes.io/warn: restricted
---
@ -186,9 +15,9 @@ metadata:
spec:
hard:
requests.cpu: "8"
requests.memory: "16Gi"
limits.cpu: "24"
limits.memory: "32Gi"
requests.memory: 16Gi
limits.memory: 32Gi
pods: "50"
---
apiVersion: networking.k8s.io/v1
@ -212,13 +41,12 @@ spec:
policyTypes:
- Egress
egress:
- to:
- namespaceSelector: {}
- to: []
ports:
- port: 53
protocol: UDP
- port: 53
protocol: TCP
- protocol: UDP
port: 53
- protocol: TCP
port: 53
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
@ -246,10 +74,7 @@ spec:
acme.cert-manager.io/http01-solver: "true"
policyTypes:
- Ingress
- Egress
ingress:
- ports:
- port: 8089
protocol: TCP
egress:
- {}
- protocol: TCP
port: 8089