Rene Luria
f94dd12216
Changes made: - Remove problematic configuration-snippet from base ingress - Add namespace creation for math-tables - Configure ingress with nginx class and letsencrypt-prod issuer - Set production hostname to math-tables.cl1.parano.ch - Reduce production replicas to 1 - Update copyright year in index.html
35 lines
714 B
YAML
35 lines
714 B
YAML
apiVersion: networking.k8s.io/v1
|
|
kind: NetworkPolicy
|
|
metadata:
|
|
name: math-exercises-netpol
|
|
spec:
|
|
podSelector:
|
|
matchLabels:
|
|
app: math-exercises
|
|
policyTypes:
|
|
- Ingress
|
|
- Egress
|
|
ingress:
|
|
# Allow inbound traffic from the ingress controller only
|
|
- from:
|
|
- namespaceSelector:
|
|
matchLabels:
|
|
name: ingress-nginx
|
|
ports:
|
|
- protocol: TCP
|
|
port: 8000
|
|
egress:
|
|
# Allow outbound DNS resolution
|
|
- to:
|
|
- namespaceSelector:
|
|
matchLabels:
|
|
name: kube-system
|
|
ports:
|
|
- protocol: TCP
|
|
port: 53
|
|
- protocol: UDP
|
|
port: 53
|
|
# Allow outbound HTTPS for package updates or external APIs
|
|
- ports:
|
|
- protocol: TCP
|
|
port: 443 |