chore: update .gitignore

chore: simpler network policy
fix: update network policy to allow S3 traffic and kubelet health checks
2025-09-03 23:57:41 +02:00 · 2025-09-03 23:57:25 +02:00 · 2025-09-03 23:45:16 +02:00
7 changed files with 31 additions and 31 deletions
@@ -18,3 +18,4 @@ app/static/*.pdf
 .DS_Store
 Thumbs.db
 .envrc
 s3cfg
@@ -48,7 +48,7 @@ spec:
          httpGet:
            path: /
            port: 8000
-          initialDelaySeconds: 30
+          initialDelaySeconds: 90
          periodSeconds: 10
          timeoutSeconds: 5
          failureThreshold: 3
@@ -10,10 +10,12 @@ resources:
 - configmap.yaml
 # Common labels to apply to all resources
-commonLabels:
+labels:
-  app.kubernetes.io/name: math-exercises
+- includeSelectors: true
-  app.kubernetes.io/instance: math-exercises-instance
+  pairs:
-  app.kubernetes.io/version: "1.0"
+    app.kubernetes.io/component: web
-  app.kubernetes.io/component: web
+    app.kubernetes.io/instance: math-exercises-instance
-  app.kubernetes.io/part-of: math-suite
+    app.kubernetes.io/managed-by: kustomize
-  app.kubernetes.io/managed-by: kustomize
+    app.kubernetes.io/name: math-exercises
    app.kubernetes.io/part-of: math-suite
    app.kubernetes.io/version: "1.0"
@@ -10,26 +10,21 @@ spec:
  - Ingress
  - Egress
  ingress:
-  # Allow inbound traffic from the ingress controller only
+  # Allow inbound traffic to container port
  - from:
    - namespaceSelector:
        matchLabels:
          name: ingress-nginx
    ports:
    - protocol: TCP
      port: 8000
  egress:
  # Allow outbound DNS resolution
  - to:
    - namespaceSelector:
        matchLabels:
          name: kube-system
    ports:
    - protocol: TCP
      port: 53
    - protocol: UDP
      port: 53
-  # Allow outbound HTTPS for package updates or external APIs
+  # Allow outbound HTTPS
-  - ports:
+  - to:
    ports:
    - protocol: TCP
-      port: 443
+      port: 443
@@ -32,5 +32,5 @@ spec:
            memory: "64Mi"
            cpu: "250m"
          limits:
-            memory: "128Mi"
+            memory: "256Mi"
            cpu: "1"
@@ -8,10 +8,6 @@ resources:
 - namespace.yaml
 # Production-specific patches
 patchesStrategicMerge:
 - deployment-patch.yaml
 - security-patch.yaml
 - ingress-patch.yaml
 # Production-specific configurations
 images:
@@ -20,11 +16,17 @@ images:
  newTag: 1.0.2
 # Production-specific labels
 commonLabels:
  environment: production
  security-level: high
 secretGenerator:
-  - name: s3-credentials
+- envs:
-    envs:
+  - s3-credentials.env
-      - s3-credentials.env
+  name: s3-credentials
 labels:
 - includeSelectors: true
  pairs:
    environment: production
    security-level: high
 patches:
 - path: deployment-patch.yaml
 - path: security-patch.yaml
 - path: ingress-patch.yaml
@@ -10,8 +10,8 @@ spec:
        runAsNonRoot: true
        runAsUser: 1000
        fsGroup: 2000
-        seccompProfile:
+        # seccompProfile:
-          type: RuntimeDefault
+        #   type: RuntimeDefault
      containers:
      - name: math-exercises
        # Additional security settings for production
Author	SHA1	Message	Date
herel	1d47b5490e	chore: update .gitignore	2025-09-03 23:57:41 +02:00
herel	5d11fe9763	chore: simpler network policy	2025-09-03 23:57:25 +02:00
herel	e0dddb70ec	fix: update network policy to allow S3 traffic and kubelet health checks	2025-09-03 23:45:16 +02:00