fix: Stackrox DB Net Policy Fix

ArthurVardevanyan · Feb 11, 2024 · 08b3ca0 · 08b3ca0
1 parent 1e860c0
commit 08b3ca0
Show file tree

Hide file tree

Showing 5 changed files with 10 additions and 10 deletions.
diff --git a/kubernetes/quay/base/postgres/clair/network-policy.yaml b/kubernetes/quay/base/postgres/clair/network-policy.yaml
@@ -45,15 +45,15 @@ spec:
     - from:
         - namespaceSelector:
             matchLabels:
-              kubernetes.io/metadata.name: postgres
+              kubernetes.io/metadata.name: quay
           podSelector:
             matchLabels:
               postgres-operator.crunchydata.com/cluster: clair
   egress:
     - to:
         - namespaceSelector:
             matchLabels:
-              kubernetes.io/metadata.name: postgres
+              kubernetes.io/metadata.name: quay
           podSelector:
             matchLabels:
               postgres-operator.crunchydata.com/cluster: clair
diff --git a/kubernetes/quay/base/postgres/clair/postgres.yaml b/kubernetes/quay/base/postgres/clair/postgres.yaml
@@ -55,15 +55,15 @@ spec:
                 - ReadWriteOnce
               resources:
                 requests:
-                  storage: 50Gi
+                  storage: 25Gi
   instances:
     - dataVolumeClaimSpec:
         storageClassName: longhorn
         accessModes:
           - ReadWriteOnce
         resources:
           requests:
-            storage: 50Gi
+            storage: 5Gi
       name: ""
       replicas: 2
       resources:

diff --git a/kubernetes/quay/base/postgres/quay/network-policy.yaml b/kubernetes/quay/base/postgres/quay/network-policy.yaml
@@ -57,15 +57,15 @@ spec:
     - from:
         - namespaceSelector:
             matchLabels:
-              kubernetes.io/metadata.name: postgres
+              kubernetes.io/metadata.name: quay
           podSelector:
             matchLabels:
               postgres-operator.crunchydata.com/cluster: quay
   egress:
     - to:
         - namespaceSelector:
             matchLabels:
-              kubernetes.io/metadata.name: postgres
+              kubernetes.io/metadata.name: quay
           podSelector:
             matchLabels:
               postgres-operator.crunchydata.com/cluster: quay
diff --git a/kubernetes/stackrox-central/base/postgres/network-policy.yaml b/kubernetes/stackrox-central/base/postgres/network-policy.yaml
@@ -44,7 +44,7 @@ spec:
     - from:
         - namespaceSelector:
             matchLabels:
-              kubernetes.io/metadata.name: postgres
+              kubernetes.io/metadata.name: stackrox
           podSelector:
             matchLabels:
               postgres-operator.crunchydata.com/cluster: stackrox
diff --git a/kubernetes/stackrox-central/base/postgres/postgres.yaml b/kubernetes/stackrox-central/base/postgres/postgres.yaml
@@ -1,6 +1,6 @@
 # StackroxDB Tweak
 # alter user stackrox createdb;
-# alter user stackrox superuser
+# alter user stackrox superuser;
 # PSQL 15 Public Scheme Tweak
 # \c stackrox
 # GRANT CREATE ON SCHEMA public TO stackrox;
@@ -57,15 +57,15 @@ spec:
                 - ReadWriteOnce
               resources:
                 requests:
-                  storage: 25Gi
+                  storage: 50Gi
   instances:
     - dataVolumeClaimSpec:
         storageClassName: longhorn
         accessModes:
           - ReadWriteOnce
         resources:
           requests:
-            storage: 15Gi
+            storage: 30Gi
       name: ""
       replicas: 2
       resources: