new

2025-04-08 13:44:32 +02:00
parent 9f3eaa6781
commit aafbb775bf
5 changed files with 67 additions and 124 deletions
--- a/config/manager/kustomization.yaml
+++ b/config/manager/kustomization.yaml
@@ -1,2 +1,8 @@
 resources:
 - manager.yaml
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+images:
+- name: controller
+  newName: registry.engen.priv.no/unifi-network-operator-controller
+  newTag: latest
--- a/config/manager/manager.yaml
+++ b/config/manager/manager.yaml
@@ -58,13 +58,32 @@ spec:
        seccompProfile:
          type: RuntimeDefault
      containers:
-      - command:
-        - /manager
-        args:
+      - args:
          - --leader-elect
          - --health-probe-bind-address=:8081
        image: controller:latest
        name: manager
+        env:
+          - name: UNIFI_URL
+            valueFrom:
+              secretKeyRef:
+                name: unifi-configuration
+                key: UNIFI_URL
+          - name: UNIFI_SITE
+            valueFrom:
+              secretKeyRef:
+                name: unifi-configuration
+                key: UNIFI_SITE
+          - name: UNIFI_USER
+            valueFrom:
+              secretKeyRef:
+                name: unifi-configuration
+                key: UNIFI_USERNAME
+          - name: UNIFI_PASSWORD
+            valueFrom:
+              secretKeyRef:
+                name: unifi-configuration
+                key: UNIFI_PASSWORD
        ports: []
        securityContext:
          allowPrivilegeEscalation: false
--- a/config/network-policy/calicopolicy.yaml
+++ b/config/network-policy/calicopolicy.yaml
@@ -0,0 +1,38 @@
+apiVersion: projectcalico.org/v3
+kind: NetworkPolicy
+metadata:
+  name: default-deny
+  namespace: unifi-network-operator-system
+spec:
+  ingress:
+    - action: Deny
+  egress:
+    - action: Deny
+---
+apiVersion: projectcalico.org/v3
+kind: NetworkPolicy
+metadata:
+  name: allow-all-in-namespace
+  namespace: unifi-network-operator-system  # Change this to your namespace
+spec:
+  ingress:
+    - action: Allow
+      source:
+        namespaceSelector: kubernetes.io/metadata.name == "unifi-network-operator-system"
+  egress:
+    - action: Allow
+      destination:
+        namespaceSelector: kubernetes.io/metadata.name == "unifi-network-operator-system"
+  selector: all()  # Applies this policy to all pods in the namespace
+---
+apiVersion: projectcalico.org/v3
+kind: NetworkPolicy
+metadata:
+  name: allow-all-temporary
+  namespace: unifi-network-operator-system
+spec:
+  egress:
+    - action: Allow
+  ingress:
+    - action: Allow
+---