🟢 deploy/netpol.yaml
🛠️ README.md -> updated local mods 🛠️ deploy/kustomization.yaml -> added netpol
This commit is contained in:
@@ -2,7 +2,6 @@
|
||||
|
||||
FORKED FROM https://github.com/hotheadhacker/no-as-a-service
|
||||
|
||||
|
||||
## local modifications
|
||||
|
||||
- answer on / instead of /no
|
||||
@@ -10,6 +9,8 @@ FORKED FROM https://github.com/hotheadhacker/no-as-a-service
|
||||
- add Dockerfile to build this sh*t
|
||||
- kustomization in [deploy](deploy) directory (use your own registry)
|
||||
|
||||
the deploy runs non root, no caps, read only file system, network policy and sh*t ftw
|
||||
|
||||
## intro
|
||||
|
||||
<p align="center">
|
||||
|
||||
@@ -6,6 +6,7 @@ resources:
|
||||
- deploy.yaml
|
||||
- service.yaml
|
||||
- ingress.yaml
|
||||
- netpol.yaml
|
||||
images:
|
||||
- name: noaas
|
||||
newName: <my-harbor-url>/library/no-as-a-service
|
||||
|
||||
19
deploy/netpol.yaml
Normal file
19
deploy/netpol.yaml
Normal file
@@ -0,0 +1,19 @@
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: NetworkPolicy
|
||||
metadata:
|
||||
name: noaas
|
||||
spec:
|
||||
policyTypes:
|
||||
- Ingress
|
||||
- Egress
|
||||
podSelector:
|
||||
matchLabels:
|
||||
app: noaas
|
||||
ingress:
|
||||
- from:
|
||||
- namespaceSelector:
|
||||
matchLabels:
|
||||
kubernetes.io/metadata.name: ingress-nginx
|
||||
ports:
|
||||
- protocol: TCP
|
||||
port: 3000
|
||||
Reference in New Issue
Block a user