add patch

Signed-off-by: IvanHunters <xorokhotnikov@gmail.com>
2026-01-27 10:18:39 +00:00 · 2025-11-04 12:14:43 +03:00
parent 52a23eacfc
commit f60e2555c9
2 changed files with 24 additions and 0 deletions
--- a/packages/system/fluxcd-operator/Makefile
+++ b/packages/system/fluxcd-operator/Makefile
@@ -10,3 +10,4 @@ update:
 	rm -rf charts
 	helm pull oci://ghcr.io/controlplaneio-fluxcd/charts/flux-operator --untar --untardir charts
 	patch --no-backup-if-mismatch -p1 < patches/kubernetesEnvs.diff
+	patch --no-backup-if-mismatch -p1 < patches/networkPolicy.diff
--- a/packages/system/fluxcd-operator/patches/networkPolicy.diff
+++ b/packages/system/fluxcd-operator/patches/networkPolicy.diff
@@ -0,0 +1,23 @@
+diff --git a/packages/system/fluxcd-operator/charts/flux-operator/templates/network-policy.yaml b/packages/system/fluxcd-operator/charts/flux-operator/templates/network-policy.yaml
+new file mode 100644
+--- /dev/null	(revision 52a23eacfc32430d8b008b765c64a81526521bae)
+++ b/packages/system/fluxcd-operator/charts/flux-operator/templates/network-policy.yaml	(revision 52a23eacfc32430d8b008b765c64a81526521bae)
+@@ -0,0 +1,18 @@
+apiVersion: cilium.io/v2
+kind: CiliumClusterwideNetworkPolicy
+metadata:
+  name: {{ include "flux-operator.fullname" . }}-restrict
+spec:
+  nodeSelector: {}
+  ingressDeny:
+    - fromEntities:
+        - world
+      toPorts:
+        - ports:
+            - port: "8080"
+              protocol: TCP
+            - port: "8081"
+              protocol: TCP
+  ingress:
+    - fromEntities:
+        - cluster