From 68c6b828e56b36c51bcc3be5eaaa07c4e98fa786 Mon Sep 17 00:00:00 2001
From: Sheogorath <sheogorath@shivering-isles.com>
Date: Sun, 24 Apr 2022 20:30:40 +0200
Subject: [PATCH] fix(shared): Reduce scope for database network policy

This patch reduces the network acess from the database mangeement
namespace to postgres-operator only. (Technically speaking there isn't
anything else running in that namespace, but it helps to keep things
tight in case of future expansions.)
---
 shared/networkpolicies/allow-from-database.yaml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/shared/networkpolicies/allow-from-database.yaml b/shared/networkpolicies/allow-from-database.yaml
index b587f7098..c457b92f8 100644
--- a/shared/networkpolicies/allow-from-database.yaml
+++ b/shared/networkpolicies/allow-from-database.yaml
@@ -10,6 +10,9 @@ spec:
     - namespaceSelector:
         matchLabels:
           database.shivering-isles.com/network-access-required: "true"
+      podSelector:
+        matchLabels:
+          app.kubernetes.io/name: postgres-operator
     ports:
     - port: 8008
       protocol: TCP
-- 
GitLab