chore: update .gitignore

chore: simpler network policy
fix: update network policy to allow S3 traffic and kubelet health checks
2025-09-03 23:57:41 +02:00 · 2025-09-03 23:57:25 +02:00 · 2025-09-03 23:45:16 +02:00
7 changed files with 31 additions and 31 deletions
@@ -18,3 +18,4 @@ app/static/*.pdf
 .DS_Store
 Thumbs.db
 .envrc
+s3cfg
@@ -48,7 +48,7 @@ spec:
          httpGet:
            path: /
            port: 8000
-          initialDelaySeconds: 30
+          initialDelaySeconds: 90
          periodSeconds: 10
          timeoutSeconds: 5
          failureThreshold: 3
@@ -10,10 +10,12 @@ resources:
 - configmap.yaml

 # Common labels to apply to all resources
-commonLabels:
-  app.kubernetes.io/name: math-exercises
-  app.kubernetes.io/instance: math-exercises-instance
-  app.kubernetes.io/version: "1.0"
-  app.kubernetes.io/component: web
-  app.kubernetes.io/part-of: math-suite
-  app.kubernetes.io/managed-by: kustomize
+labels:
+- includeSelectors: true
+  pairs:
+    app.kubernetes.io/component: web
+    app.kubernetes.io/instance: math-exercises-instance
+    app.kubernetes.io/managed-by: kustomize
+    app.kubernetes.io/name: math-exercises
+    app.kubernetes.io/part-of: math-suite
+    app.kubernetes.io/version: "1.0"
@@ -10,26 +10,21 @@ spec:
  - Ingress
  - Egress
  ingress:
-  # Allow inbound traffic from the ingress controller only
+  # Allow inbound traffic to container port
  - from:
-    - namespaceSelector:
-        matchLabels:
-          name: ingress-nginx
    ports:
    - protocol: TCP
      port: 8000
  egress:
  # Allow outbound DNS resolution
  - to:
-    - namespaceSelector:
-        matchLabels:
-          name: kube-system
    ports:
    - protocol: TCP
      port: 53
    - protocol: UDP
      port: 53
-  # Allow outbound HTTPS for package updates or external APIs
-  - ports:
+  # Allow outbound HTTPS
+  - to:
+    ports:
    - protocol: TCP
-      port: 443
+      port: 443
@@ -32,5 +32,5 @@ spec:
            memory: "64Mi"
            cpu: "250m"
          limits:
-            memory: "128Mi"
+            memory: "256Mi"
            cpu: "1"
@@ -8,10 +8,6 @@ resources:
 - namespace.yaml

 # Production-specific patches
-patchesStrategicMerge:
- deployment-patch.yaml
- security-patch.yaml
- ingress-patch.yaml

 # Production-specific configurations
 images:
@@ -20,11 +16,17 @@ images:
  newTag: 1.0.2

 # Production-specific labels
-commonLabels:
-  environment: production
-  security-level: high

 secretGenerator:
-  - name: s3-credentials
-    envs:
-      - s3-credentials.env
+- envs:
+  - s3-credentials.env
+  name: s3-credentials
+labels:
+- includeSelectors: true
+  pairs:
+    environment: production
+    security-level: high
+patches:
+- path: deployment-patch.yaml
+- path: security-patch.yaml
+- path: ingress-patch.yaml
@@ -10,8 +10,8 @@ spec:
        runAsNonRoot: true
        runAsUser: 1000
        fsGroup: 2000
-        seccompProfile:
-          type: RuntimeDefault
+        # seccompProfile:
+        #   type: RuntimeDefault
      containers:
      - name: math-exercises
        # Additional security settings for production
Author	SHA1	Message	Date
herel	1d47b5490e	chore: update .gitignore	2025-09-03 23:57:41 +02:00
herel	5d11fe9763	chore: simpler network policy	2025-09-03 23:57:25 +02:00
herel	e0dddb70ec	fix: update network policy to allow S3 traffic and kubelet health checks	2025-09-03 23:45:16 +02:00