From 4a126d244a6564e4ab7c90c4d2a9c4e7a6f5d1d1 Mon Sep 17 00:00:00 2001
From: Sheogorath <sheogorath@shivering-isles.com>
Date: Wed, 18 Aug 2021 01:59:01 +0200
Subject: [PATCH] feat(postgres): Tighten network policy for postgres-operator

This patch thightens up the network policy that is deployed to all
namespaces, to limit access to the postgres-operator managed pods.
---
 .../postgres/user-namespace-network-policy.yaml       | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/infrastructure/postgres/user-namespace-network-policy.yaml b/infrastructure/postgres/user-namespace-network-policy.yaml
index fa2530518..29097298b 100644
--- a/infrastructure/postgres/user-namespace-network-policy.yaml
+++ b/infrastructure/postgres/user-namespace-network-policy.yaml
@@ -20,6 +20,15 @@ spec:
             - namespaceSelector:
                 matchLabels:
                   name: zalando-postgres
-          podSelector: {}
+          podSelector:
+            matchLabels:
+              application: spilo
           policyTypes:
           - Ingress
+          ports:
+          - containerPort: 8008
+            protocol: TCP
+          - containerPort: 5432
+            protocol: TCP
+          - containerPort: 8080
+            protocol: TCP
-- 
GitLab