Skip to content

Commit

Permalink
updates
Browse files Browse the repository at this point in the history
  • Loading branch information
@morga471
morga471 committed Feb 18, 2025
1 parent 2528d4c commit 4f7f043
Show file tree
Hide file tree
Showing 3 changed files with 38 additions and 26 deletions.
1 change: 1 addition & 0 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -56,6 +56,7 @@ sys 0m2.015s
|------|------|
| [helm_release.console_access](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
| [kubernetes_namespace.operators](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
| [kubernetes_network_policy.operators_default](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
| [kubernetes_storage_class.ebs_encrypted](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/storage_class) | resource |
| [kubernetes_storage_class.efs_sc](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/storage_class) | resource |
| [kubernetes_storage_class.gp3_encrypted](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/storage_class) | resource |
Expand Down
41 changes: 37 additions & 4 deletions main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,10 +25,6 @@ resource "kubernetes_storage_class" "gp3_encrypted" {
reclaim_policy = "Delete"
volume_binding_mode = "WaitForFirstConsumer" # Changed from Immediate for better scheduling
allow_volume_expansion = "true"

# lifecycle {
# prevent_destroy = true # Protect storage class from accidental deletion
# }
}

resource "kubernetes_storage_class" "ebs_encrypted" {
Expand Down Expand Up @@ -90,5 +86,42 @@ resource "kubernetes_storage_class" "efs_sc" {
resource "kubernetes_namespace" "operators" {
metadata {
name = var.operators_ns
labels = {
"app.kubernetes.io/managed-by" = "terraform"
"app.kubernetes.io/part-of" = var.cluster_name
}
}
}

resource "kubernetes_network_policy" "operators_default" {
metadata {
name = "default-deny"
namespace = kubernetes_namespace.operators.metadata[0].name
}

spec {
pod_selector {}
policy_types = ["Ingress", "Egress"]

ingress {
from {
namespace_selector {
match_labels = {
"kubernetes.io/metadata.name" = "kube-system"
}
}
}
}

egress {
to {
ip_block {
cidr = "0.0.0.0/0"
except = [
"169.254.169.254/32" # Instance metadata
]
}
}
}
}
}
22 changes: 0 additions & 22 deletions providers.tf
View file

This file was deleted.

0 comments on commit 4f7f043

Please sign in to comment.