senke/veza
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
veza/k8s/network-policies/backend-api-allow.yaml

46 lines
1,004 B
YAML
Raw Permalink Normal View History

chore: consolidate CI, E2E, backend and frontend updates - CI: workflows updates (cd, ci), remove playwright.yml - E2E: global-setup, auth/playlists/profile specs - Remove playwright-report and test-results artifacts from tracking - Backend: auth, handlers, services, workers, migrations - Frontend: components, features, vite config - Add e2e-results.json to gitignore - Docs: REMEDIATION_PROGRESS, audit archive - Rust: chat-server, stream-server updates
2026-02-17 15:43:21 +00:00
# Backend API: allow ingress from ingress controller and in-namespace, egress to PostgreSQL, Redis, DNS
# Dependencies: PostgreSQL (5432), Redis (6379), DNS (kube-system)
# If PostgreSQL/Redis are external, egress will need ipBlock or adjust namespaceSelector
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: backend-api-allow
namespace: veza-production
spec:
podSelector:
matchLabels:
app: veza-backend-api
policyTypes:
- Ingress
- Egress
ingress:
- from:
- namespaceSelector:
matchLabels:
name: ingress-nginx
ports:
- protocol: TCP
port: 8080
- from:
- podSelector: {}
ports:
- protocol: TCP
port: 8080
egress:
- to:
- ipBlock:
cidr: 0.0.0.0/0
ports:
- protocol: TCP
port: 5432
- protocol: TCP
port: 6379
- to:
- namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: kube-system
ports:
- protocol: UDP
port: 53
Reference in a new issue Copy permalink