fix(thelounge): split cilium network policy to resolve ldap connectivity
Security Scan / Checkov PR Review (push) Has been skipped
Validate Manifests / Kustomize Build Test (push) Successful in 4s
Security Scan / Trivy PR Review (push) Has been skipped
Validate Manifests / Kubernetes Schema Validation (push) Successful in 4s
Best Practices / Resource Usage Analysis (push) Successful in 50s
Best Practices / PR Summary Report (push) Has been skipped
Best Practices / Polaris PR Review (push) Has been skipped
Best Practices / Kube-score Analysis (push) Failing after 8s
Security Scan / Trivy Security Scan (push) Successful in 7s
Validate Manifests / YAML Lint (push) Failing after 3s
Security Scan / Checkov IaC Scan (push) Failing after 30s
Best Practices / Polaris Audit (push) Failing after 51s
Security Scan / Checkov PR Review (push) Has been skipped
Validate Manifests / Kustomize Build Test (push) Successful in 4s
Security Scan / Trivy PR Review (push) Has been skipped
Validate Manifests / Kubernetes Schema Validation (push) Successful in 4s
Best Practices / Resource Usage Analysis (push) Successful in 50s
Best Practices / PR Summary Report (push) Has been skipped
Best Practices / Polaris PR Review (push) Has been skipped
Best Practices / Kube-score Analysis (push) Failing after 8s
Security Scan / Trivy Security Scan (push) Successful in 7s
Validate Manifests / YAML Lint (push) Failing after 3s
Security Scan / Checkov IaC Scan (push) Failing after 30s
Best Practices / Polaris Audit (push) Failing after 51s
This commit is contained in:
@@ -0,0 +1,47 @@
|
||||
apiVersion: cilium.io/v2
|
||||
kind: CiliumNetworkPolicy
|
||||
metadata:
|
||||
name: thelounge-egress
|
||||
namespace: irc
|
||||
labels:
|
||||
app.kubernetes.io/name: thelounge
|
||||
app.kubernetes.io/component: network-policy
|
||||
spec:
|
||||
endpointSelector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: thelounge
|
||||
egress:
|
||||
- toEndpoints:
|
||||
- matchLabels:
|
||||
k8s:io.kubernetes.pod.namespace: kube-system
|
||||
k8s:k8s-app: kube-dns
|
||||
toPorts:
|
||||
- ports:
|
||||
- port: "53"
|
||||
protocol: ANY
|
||||
rules:
|
||||
dns:
|
||||
- matchPattern: "*"
|
||||
- toEndpoints:
|
||||
- matchLabels:
|
||||
k8s:io.kubernetes.pod.namespace: auth
|
||||
k8s:app.kubernetes.io/name: authentik-outpost-ldap
|
||||
k8s:goauthentik.io/outpost-type: ldap
|
||||
toPorts:
|
||||
- ports:
|
||||
- port: "389"
|
||||
protocol: TCP
|
||||
- toEndpoints:
|
||||
- matchLabels:
|
||||
k8s:io.kubernetes.pod.namespace: irc
|
||||
k8s:app.kubernetes.io/name: znc
|
||||
toPorts:
|
||||
- ports:
|
||||
- port: "6501"
|
||||
protocol: TCP
|
||||
- toFQDNs:
|
||||
- matchName: "irc.passthepopcorn.me"
|
||||
toPorts:
|
||||
- ports:
|
||||
- port: "6697"
|
||||
protocol: TCP
|
||||
@@ -0,0 +1,20 @@
|
||||
apiVersion: cilium.io/v2
|
||||
kind: CiliumNetworkPolicy
|
||||
metadata:
|
||||
name: thelounge-ingress
|
||||
namespace: irc
|
||||
labels:
|
||||
app.kubernetes.io/name: thelounge
|
||||
app.kubernetes.io/component: network-policy
|
||||
spec:
|
||||
endpointSelector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: thelounge
|
||||
ingress:
|
||||
- fromEntities:
|
||||
- ingress
|
||||
- host
|
||||
toPorts:
|
||||
- ports:
|
||||
- port: "9000"
|
||||
protocol: TCP
|
||||
@@ -4,5 +4,6 @@ resources:
|
||||
- statefulset.yaml
|
||||
- service.yaml
|
||||
- httproute.yaml
|
||||
- ciliumnetworkpolicy.yaml
|
||||
- ciliumnetworkpolicy-ingress.yaml
|
||||
- ciliumnetworkpolicy-egress.yaml
|
||||
- config.yaml
|
||||
|
||||
Reference in New Issue
Block a user