1fb7266469
- Introduced Aggregator.sol for Chainlink-compatible oracle functionality, including round-based updates and access control. - Added OracleWithCCIP.sol to extend Aggregator with CCIP cross-chain messaging capabilities. - Created .gitmodules to include OpenZeppelin contracts as a submodule. - Developed a comprehensive deployment guide in NEXT_STEPS_COMPLETE_GUIDE.md for Phase 2 and smart contract deployment. - Implemented Vite configuration for the orchestration portal, supporting both Vue and React frameworks. - Added server-side logic for the Multi-Cloud Orchestration Portal, including API endpoints for environment management and monitoring. - Created scripts for resource import and usage validation across non-US regions. - Added tests for CCIP error handling and integration to ensure robust functionality. - Included various new files and directories for the orchestration portal and deployment scripts.
152 lines
3.0 KiB
YAML
152 lines
3.0 KiB
YAML
apiVersion: networking.k8s.io/v1
|
|
kind: NetworkPolicy
|
|
metadata:
|
|
name: default-deny-all
|
|
namespace: besu-network
|
|
spec:
|
|
podSelector: {}
|
|
policyTypes:
|
|
- Ingress
|
|
- Egress
|
|
---
|
|
apiVersion: networking.k8s.io/v1
|
|
kind: NetworkPolicy
|
|
metadata:
|
|
name: allow-validator-internal
|
|
namespace: besu-network
|
|
spec:
|
|
podSelector:
|
|
matchLabels:
|
|
component: validator
|
|
policyTypes:
|
|
- Ingress
|
|
- Egress
|
|
ingress:
|
|
- from:
|
|
- podSelector:
|
|
matchLabels:
|
|
component: sentry
|
|
- podSelector:
|
|
matchLabels:
|
|
component: validator
|
|
ports:
|
|
- protocol: TCP
|
|
port: 30303
|
|
- protocol: UDP
|
|
port: 30303
|
|
- protocol: TCP
|
|
port: 9545
|
|
egress:
|
|
- to:
|
|
- podSelector:
|
|
matchLabels:
|
|
component: sentry
|
|
- podSelector:
|
|
matchLabels:
|
|
component: validator
|
|
ports:
|
|
- protocol: TCP
|
|
port: 30303
|
|
- protocol: UDP
|
|
port: 30303
|
|
- protocol: TCP
|
|
port: 9545
|
|
- to: [] # Allow DNS
|
|
ports:
|
|
- protocol: UDP
|
|
port: 53
|
|
---
|
|
apiVersion: networking.k8s.io/v1
|
|
kind: NetworkPolicy
|
|
metadata:
|
|
name: allow-sentry-p2p
|
|
namespace: besu-network
|
|
spec:
|
|
podSelector:
|
|
matchLabels:
|
|
component: sentry
|
|
policyTypes:
|
|
- Ingress
|
|
- Egress
|
|
ingress:
|
|
- from:
|
|
- podSelector:
|
|
matchLabels:
|
|
component: validator
|
|
- podSelector:
|
|
matchLabels:
|
|
component: sentry
|
|
ports:
|
|
- protocol: TCP
|
|
port: 30303
|
|
- protocol: UDP
|
|
port: 30303
|
|
- protocol: TCP
|
|
port: 9545
|
|
- {} # Allow external P2P connections
|
|
ports:
|
|
- protocol: TCP
|
|
port: 30303
|
|
- protocol: UDP
|
|
port: 30303
|
|
egress:
|
|
- {} # Allow all egress for P2P discovery
|
|
---
|
|
apiVersion: networking.k8s.io/v1
|
|
kind: NetworkPolicy
|
|
metadata:
|
|
name: allow-rpc-http
|
|
namespace: besu-network
|
|
spec:
|
|
podSelector:
|
|
matchLabels:
|
|
component: rpc
|
|
policyTypes:
|
|
- Ingress
|
|
- Egress
|
|
ingress:
|
|
- from:
|
|
- podSelector:
|
|
matchLabels:
|
|
app: rpc-gateway
|
|
ports:
|
|
- protocol: TCP
|
|
port: 8545
|
|
- protocol: TCP
|
|
port: 8546
|
|
- protocol: TCP
|
|
port: 9545
|
|
egress:
|
|
- to: [] # Allow all egress for RPC calls
|
|
---
|
|
apiVersion: networking.k8s.io/v1
|
|
kind: NetworkPolicy
|
|
metadata:
|
|
name: allow-gateway-external
|
|
namespace: besu-network
|
|
spec:
|
|
podSelector:
|
|
matchLabels:
|
|
app: rpc-gateway
|
|
policyTypes:
|
|
- Ingress
|
|
- Egress
|
|
ingress:
|
|
- {} # Allow external HTTPS traffic
|
|
ports:
|
|
- protocol: TCP
|
|
port: 443
|
|
- protocol: TCP
|
|
port: 80
|
|
egress:
|
|
- to:
|
|
- podSelector:
|
|
matchLabels:
|
|
component: rpc
|
|
ports:
|
|
- protocol: TCP
|
|
port: 8545
|
|
- protocol: TCP
|
|
port: 8546
|
|
|