🟢 deploy/netpol.yaml

🛠️ README.md -> updated local mods
🛠️ deploy/kustomization.yaml -> added netpol

README.md

@@ -2,7 +2,6 @@
 
 FORKED FROM https://github.com/hotheadhacker/no-as-a-service
 
-
 ## local modifications
 
 - answer on / instead of /no
@@ -10,6 +9,8 @@ FORKED FROM https://github.com/hotheadhacker/no-as-a-service
 - add Dockerfile to build this sh*t
 - kustomization in [deploy](deploy) directory (use your own registry)
 
+the deploy runs non root, no caps, read only file system, network policy and sh*t ftw
+
 ## intro
 
 <p align="center">

deploy/kustomization.yaml

@@ -6,6 +6,7 @@ resources:
 - deploy.yaml
 - service.yaml
 - ingress.yaml
+- netpol.yaml
 images:
 - name: noaas
   newName: <my-harbor-url>/library/no-as-a-service

deploy/netpol.yaml

@@ -0,0 +1,19 @@
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: noaas
+spec:
+  policyTypes:
+  - Ingress
+  - Egress
+  podSelector:
+    matchLabels:
+      app: noaas
+  ingress:
+  - from:
+    - namespaceSelector:
+        matchLabels:
+          kubernetes.io/metadata.name: ingress-nginx
+    ports:
+    - protocol: TCP
+      port: 3000