--- apiVersion: v1 kind: Namespace metadata: name: spliit --- apiVersion: postgresql.cnpg.io/v1 kind: Cluster metadata: name: spliit-db namespace: spliit spec: instances: 1 storage: size: 2Gi bootstrap: initdb: database: spliit owner: spliit --- apiVersion: apps/v1 kind: Deployment metadata: name: spliit namespace: spliit spec: replicas: 1 selector: matchLabels: app: spliit template: metadata: labels: app: spliit spec: containers: - name: spliit image: petersmit27/spliit:latest ports: - containerPort: 3000 env: - name: POSTGRES_PRISMA_URL valueFrom: secretKeyRef: name: spliit-db-app key: uri - name: POSTGRES_URL_NON_POOLING valueFrom: secretKeyRef: name: spliit-db-app key: uri --- apiVersion: v1 kind: Service metadata: name: spliit namespace: spliit spec: selector: app: spliit ports: - port: 3000 targetPort: 3000 --- apiVersion: gateway.networking.k8s.io/v1 kind: HTTPRoute metadata: name: spliit namespace: spliit spec: parentRefs: - name: main namespace: envoy-gateway-system sectionName: https-smittenfeld hostnames: - split.smittenfeld.nl rules: - backendRefs: - name: spliit port: 3000 --- apiVersion: gateway.networking.k8s.io/v1 kind: HTTPRoute metadata: name: spliit-create-group namespace: spliit spec: parentRefs: - name: main namespace: envoy-gateway-system sectionName: https-smittenfeld hostnames: - split.smittenfeld.nl rules: - matches: - path: type: PathPrefix value: /groups/create backendRefs: - name: spliit port: 3000 --- apiVersion: gateway.envoyproxy.io/v1alpha1 kind: SecurityPolicy metadata: name: spliit-create-ip-restriction namespace: spliit spec: targetRefs: - group: gateway.networking.k8s.io kind: HTTPRoute name: spliit-create-group authorization: defaultAction: Deny rules: - action: Allow principal: clientCIDRs: - 188.91.195.91/32