scottk/cozystack
1
0
Fork 0
mirror of https://github.com/outbackdingo/cozystack.git synced 2026-03-27 05:02:18 +00:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: scottk:v0.15.0
Branches Tags
scottk:main scottk:feat/use-ocir-for-prs scottk:new-openapi-generator scottk:release-0.34 scottk:changelogs-release-v0.34.x scottk:tym83-patch-1 scottk:release-0.33 scottk:feat/select-k8s-fix-conflict scottk:victoria-metrics-upd scottk:69-integration-with-proxmox-paas-proxmox-bundle scottk:setup-env scottk:tests-w-resources scottk:hcloud scottk:experiment/cozystack-operator scottk:bugfix-make-kk-deletable scottk:platform-add-velero scottk:update-backup-restore-reference scottk:(backup)--backup-for-tenant-k8s-cluster scottk:idempotent-tests scottk:release-0.32 scottk:1084-tunable-tenant-monitoring scottk:bugfix-fix-pgdump-version scottk:release-0.31 scottk:changelogs-release-v0.32.2 scottk:cozypkg scottk:(tests)--add-air-gapped-tests scottk:519-cross-arch-components-core scottk:buildx scottk:use-shared-runners scottk:tests-kuber scottk:fix-versions-map scottk:kubernetes-test scottk:bats scottk:untie-ingress-certmanager scottk:prepare-0.31.0-rc.2 scottk:fix-genisoimage scottk:(air-gapped)--disable-fluxcd-artifact scottk:release-0.30 scottk:(platform)--add-artifact-for-flux scottk:build-repo scottk:(platform)--add-air-gapped-support scottk:platform-dependencies scottk:ingress-api scottk:release-0.30.5 scottk:ci-wait-capi scottk:ci-pull-request-target scottk:release-0.31.0-rc1 scottk:kubernetes-ubuntu-gpu scottk:(platform)--up-tenant-version scottk:802-apps-and-extra scottk:802-gen-versions-map-fix scottk:(ci)--fix-gen-versions-map scottk:(ci)--move-precommit-job-to-selfhosted-runner scottk:fix-tests scottk:fix/integer-replicas scottk:upd-testing scottk:release-0.28 scottk:release-v0.28.2 scottk:release-v0.28.1 scottk:71-configure-github-ci scottk:fix-kubeovn-cert scottk:cilium-disable-antispoofing scottk:talos-firmwares scottk:tinkerbell scottk:maintainers scottk:secureboot scottk:openshift-console scottk:add-tests-refactor scottk:release-0.16 scottk:cdi-scratch scottk:add-kafka-exporter scottk:upd-seaweedfs scottk:kubermatic-alerts scottk:fix-etcd-sc scottk:guacamole scottk:grafana-oncall scottk:cilium-hostlegacy scottk:upd-screenshots scottk:upd-kamaji-2 scottk:release-0.10 scottk:release-0.10.3 scottk:seaweedfs-operator scottk:release-0.10.2 scottk:release-0.9 scottk:nats-operator scottk:173-airgapped scottk:kube-ovn-image scottk:fix-external-traffc-policy scottk:upd-kube-ovn scottk:fix-dns scottk:fix-kamaji scottk:fix-kubernetes scottk:fix-cluster-local scottk:etcd-quota-backend-bytes scottk:cilium-new scottk:mariadb-operator-new scottk:openapi-schema-generation scottk:etcd-operator scottk:release-0.1.0v2 scottk:fix-tolerations scottk:release-0.4.0 scottk:proxmox-csi scottk:replicas scottk:upd-kubeapps scottk:fix-old-versions scottk:flux-client-side-apply scottk:dynamic-tags scottk:release-v0.3.1 scottk:release-0.3.0 scottk:clickhouse-operator-1 scottk:fix-kamaji-etcd scottk:grafana-ingress-class scottk:clickhouse-app scottk:hetzner scottk:kafka-app scottk:kafka-clickhouse-apps scottk:clickhouse-operator scottk:kafka-operator scottk:release-0.2.0 scottk:rename-bundles scottk:versioning-helm-chart scottk:fix-cilium scottk:enhance-flux scottk:fix-full-distro scottk:fix-chicken-and-egg-problem scottk:fix-cilium-toleration scottk:fix-helm-build scottk:bundles scottk:mariadb-operator scottk:kube-ovn scottk:cilium scottk:cnpg scottk:linstor scottk:roadmap scottk:framework scottk:release-0.1.0 scottk:fix-redis scottk:leader-election scottk:project-documents scottk:release-v0.0.2 scottk:mvp
scottk:v0.34.0-beta.3 scottk:v0.34.0-rc.1 scottk:v0.33.3 scottk:v0.34.0-beta.2 scottk:v0.34.0-beta.1 scottk:v0.33.2 scottk:v0.33.1 scottk:v0.33.0 scottk:v0.32.1 scottk:v0.32.0 scottk:v0.31.2 scottk:v0.32.0-beta.2 scottk:v0.32.0-beta.1 scottk:v0.31.1 scottk:v0.31.0 scottk:v0.31.0-rc.3 scottk:v0.31.0-rc.2 scottk:v0.30.6 scottk:v0.31.0-alpha.0 scottk:v0.30.5 scottk:v0.31.0-rc.1 scottk:v0.31.0-rc1 scottk:v0.30.4 scottk:v0.30.3 scottk:v0.30.2 scottk:v0.30.1 scottk:0.30.1 scottk:v0.30.0 scottk:v0.29.1 scottk:v0.29.0 scottk:v0.28.2 scottk:v0.28.1 scottk:v0.28.0 scottk:v0.27.0 scottk:v0.26.1 scottk:v0.26.0 scottk:v0.25.3 scottk:v0.25.2 scottk:v0.25.1 scottk:v0.25.0 scottk:v0.24.1 scottk:v0.24.0 scottk:v0.23.1 scottk:v0.23.0 scottk:v0.22.0 scottk:v0.21.1 scottk:v0.21.0 scottk:v0.20.2 scottk:v0.20.1 scottk:v0.20.0 scottk:v0.19.0 scottk:v0.18.0 scottk:v0.17.1 scottk:v0.17.0 scottk:v0.16.5 scottk:v0.16.4 scottk:v0.16.3 scottk:v0.16.2 scottk:v0.16.1 scottk:v0.16.0 scottk:v0.15.0 scottk:v0.14.1 scottk:v0.14.0 scottk:v0.13.0 scottk:v0.12.0 scottk:v0.11.0 scottk:v0.10.4 scottk:v0.10.3 scottk:v0.10.2 scottk:v0.10.1 scottk:v0.10.0 scottk:v0.9.1 scottk:v0.9.0 scottk:v0.8.0 scottk:v0.7.0 scottk:v0.6.0 scottk:v0.5.0 scottk:v0.4.0 scottk:v0.3.1 scottk:v0.3.0 scottk:v0.2.0 scottk:v0.1.0 scottk:v0.0.1
...
compare: scottk:fix-etcd-sc
Branches Tags
scottk:main scottk:feat/use-ocir-for-prs scottk:new-openapi-generator scottk:release-0.34 scottk:changelogs-release-v0.34.x scottk:tym83-patch-1 scottk:release-0.33 scottk:feat/select-k8s-fix-conflict scottk:victoria-metrics-upd scottk:69-integration-with-proxmox-paas-proxmox-bundle scottk:setup-env scottk:tests-w-resources scottk:hcloud scottk:experiment/cozystack-operator scottk:bugfix-make-kk-deletable scottk:platform-add-velero scottk:update-backup-restore-reference scottk:(backup)--backup-for-tenant-k8s-cluster scottk:idempotent-tests scottk:release-0.32 scottk:1084-tunable-tenant-monitoring scottk:bugfix-fix-pgdump-version scottk:release-0.31 scottk:changelogs-release-v0.32.2 scottk:cozypkg scottk:(tests)--add-air-gapped-tests scottk:519-cross-arch-components-core scottk:buildx scottk:use-shared-runners scottk:tests-kuber scottk:fix-versions-map scottk:kubernetes-test scottk:bats scottk:untie-ingress-certmanager scottk:prepare-0.31.0-rc.2 scottk:fix-genisoimage scottk:(air-gapped)--disable-fluxcd-artifact scottk:release-0.30 scottk:(platform)--add-artifact-for-flux scottk:build-repo scottk:(platform)--add-air-gapped-support scottk:platform-dependencies scottk:ingress-api scottk:release-0.30.5 scottk:ci-wait-capi scottk:ci-pull-request-target scottk:release-0.31.0-rc1 scottk:kubernetes-ubuntu-gpu scottk:(platform)--up-tenant-version scottk:802-apps-and-extra scottk:802-gen-versions-map-fix scottk:(ci)--fix-gen-versions-map scottk:(ci)--move-precommit-job-to-selfhosted-runner scottk:fix-tests scottk:fix/integer-replicas scottk:upd-testing scottk:release-0.28 scottk:release-v0.28.2 scottk:release-v0.28.1 scottk:71-configure-github-ci scottk:fix-kubeovn-cert scottk:cilium-disable-antispoofing scottk:talos-firmwares scottk:tinkerbell scottk:maintainers scottk:secureboot scottk:openshift-console scottk:add-tests-refactor scottk:release-0.16 scottk:cdi-scratch scottk:add-kafka-exporter scottk:upd-seaweedfs scottk:kubermatic-alerts scottk:fix-etcd-sc scottk:guacamole scottk:grafana-oncall scottk:cilium-hostlegacy scottk:upd-screenshots scottk:upd-kamaji-2 scottk:release-0.10 scottk:release-0.10.3 scottk:seaweedfs-operator scottk:release-0.10.2 scottk:release-0.9 scottk:nats-operator scottk:173-airgapped scottk:kube-ovn-image scottk:fix-external-traffc-policy scottk:upd-kube-ovn scottk:fix-dns scottk:fix-kamaji scottk:fix-kubernetes scottk:fix-cluster-local scottk:etcd-quota-backend-bytes scottk:cilium-new scottk:mariadb-operator-new scottk:openapi-schema-generation scottk:etcd-operator scottk:release-0.1.0v2 scottk:fix-tolerations scottk:release-0.4.0 scottk:proxmox-csi scottk:replicas scottk:upd-kubeapps scottk:fix-old-versions scottk:flux-client-side-apply scottk:dynamic-tags scottk:release-v0.3.1 scottk:release-0.3.0 scottk:clickhouse-operator-1 scottk:fix-kamaji-etcd scottk:grafana-ingress-class scottk:clickhouse-app scottk:hetzner scottk:kafka-app scottk:kafka-clickhouse-apps scottk:clickhouse-operator scottk:kafka-operator scottk:release-0.2.0 scottk:rename-bundles scottk:versioning-helm-chart scottk:fix-cilium scottk:enhance-flux scottk:fix-full-distro scottk:fix-chicken-and-egg-problem scottk:fix-cilium-toleration scottk:fix-helm-build scottk:bundles scottk:mariadb-operator scottk:kube-ovn scottk:cilium scottk:cnpg scottk:linstor scottk:roadmap scottk:framework scottk:release-0.1.0 scottk:fix-redis scottk:leader-election scottk:project-documents scottk:release-v0.0.2 scottk:mvp
scottk:v0.34.0-beta.3 scottk:v0.34.0-rc.1 scottk:v0.33.3 scottk:v0.34.0-beta.2 scottk:v0.34.0-beta.1 scottk:v0.33.2 scottk:v0.33.1 scottk:v0.33.0 scottk:v0.32.1 scottk:v0.32.0 scottk:v0.31.2 scottk:v0.32.0-beta.2 scottk:v0.32.0-beta.1 scottk:v0.31.1 scottk:v0.31.0 scottk:v0.31.0-rc.3 scottk:v0.31.0-rc.2 scottk:v0.30.6 scottk:v0.31.0-alpha.0 scottk:v0.30.5 scottk:v0.31.0-rc.1 scottk:v0.31.0-rc1 scottk:v0.30.4 scottk:v0.30.3 scottk:v0.30.2 scottk:v0.30.1 scottk:0.30.1 scottk:v0.30.0 scottk:v0.29.1 scottk:v0.29.0 scottk:v0.28.2 scottk:v0.28.1 scottk:v0.28.0 scottk:v0.27.0 scottk:v0.26.1 scottk:v0.26.0 scottk:v0.25.3 scottk:v0.25.2 scottk:v0.25.1 scottk:v0.25.0 scottk:v0.24.1 scottk:v0.24.0 scottk:v0.23.1 scottk:v0.23.0 scottk:v0.22.0 scottk:v0.21.1 scottk:v0.21.0 scottk:v0.20.2 scottk:v0.20.1 scottk:v0.20.0 scottk:v0.19.0 scottk:v0.18.0 scottk:v0.17.1 scottk:v0.17.0 scottk:v0.16.5 scottk:v0.16.4 scottk:v0.16.3 scottk:v0.16.2 scottk:v0.16.1 scottk:v0.16.0 scottk:v0.15.0 scottk:v0.14.1 scottk:v0.14.0 scottk:v0.13.0 scottk:v0.12.0 scottk:v0.11.0 scottk:v0.10.4 scottk:v0.10.3 scottk:v0.10.2 scottk:v0.10.1 scottk:v0.10.0 scottk:v0.9.1 scottk:v0.9.0 scottk:v0.8.0 scottk:v0.7.0 scottk:v0.6.0 scottk:v0.5.0 scottk:v0.4.0 scottk:v0.3.1 scottk:v0.3.0 scottk:v0.2.0 scottk:v0.1.0 scottk:v0.0.1

2 Commits
v0.15.0 ... fix-etcd-s

Author SHA1 Message Date
Andrei Kvapil
9ac7938a74 fix watching stoageclasses by etcd-operator 
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
 2024-09-24 20:59:00 +02:00
Andrei Kvapil
cd0be9132a Enable ingress access from within cluster (#352) 
Currently ingress have rule to allow access from outside cluster, but
have no rule to access from within cluster.
This PR introduces fix for allow ingress access from any namespace by
default.

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

- **New Features**
- Introduced a new network policy for managing ingress traffic,
enhancing security and traffic management capabilities.
- The policy is dynamically configured based on the tenant's settings,
allowing for tailored network access.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->

Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
 2024-09-23 12:07:36 +02:00
2 changed files with 16 additions and 0 deletions
Expand all files Collapse all files

15
packages/apps/tenant/templates/networkpolicy.yaml
View File

@@ -83,6 +83,21 @@ spec:
{{- end }}
{{- end }}
---
{{- if .Values.ingress }}
apiVersion: cilium.io/v2
kind: CiliumClusterwideNetworkPolicy
metadata:
name: {{ include "tenant.name" . }}-ingress-ingress
spec:
endpointSelector:
matchLabels:
"k8s:io.kubernetes.pod.namespace": "{{ include "tenant.name" . }}"
cozystack.io/service: ingress
ingress:
- fromEndpoints:
- {}
{{- end }}
---
{{- if .Values.etcd }}
apiVersion: cilium.io/v2
kind: CiliumClusterwideNetworkPolicy

1
packages/system/etcd-operator/charts/etcd-operator/templates/rbac/clusterrole-manager-role.yml
View File

@@ -73,6 +73,7 @@ rules:
verbs:
- get
- list
- watch
- apiGroups:
- etcd.aenix.io
resources: