forked from k-space/kube
wildduck: Add network policies for ZoneMTA and webmail
This commit is contained in:
@@ -66,11 +66,11 @@ spec:
|
||||
replicas: 2
|
||||
selector:
|
||||
matchLabels:
|
||||
app: webmail
|
||||
app.kubernetes.io/name: webmail
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: webmail
|
||||
app.kubernetes.io/name: webmail
|
||||
spec:
|
||||
containers:
|
||||
- name: webmail
|
||||
@@ -112,7 +112,7 @@ metadata:
|
||||
namespace: wildduck
|
||||
spec:
|
||||
selector:
|
||||
app: webmail
|
||||
app.kubernetes.io/name: webmail
|
||||
ports:
|
||||
- protocol: TCP
|
||||
port: 80
|
||||
@@ -154,3 +154,24 @@ spec:
|
||||
regex: ^https://webmail.k-space.ee/$
|
||||
replacement: https://webmail.k-space.ee/webmail/
|
||||
permanent: false
|
||||
---
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: NetworkPolicy
|
||||
metadata:
|
||||
name: webmail
|
||||
spec:
|
||||
podSelector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: webmail
|
||||
policyTypes:
|
||||
- Ingress
|
||||
ingress:
|
||||
- ports:
|
||||
- port: 3000
|
||||
from:
|
||||
- namespaceSelector:
|
||||
matchLabels:
|
||||
kubernetes.io/metadata.name: traefik
|
||||
podSelector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: traefik
|
||||
|
||||
@@ -140,3 +140,18 @@ spec:
|
||||
- name: cert
|
||||
secret:
|
||||
secretName: wildduck-tls
|
||||
---
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: NetworkPolicy
|
||||
metadata:
|
||||
name: zonemta
|
||||
spec:
|
||||
podSelector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: wildduck
|
||||
app.kubernetes.io/component: zonemta
|
||||
policyTypes:
|
||||
- Ingress
|
||||
ingress:
|
||||
- ports:
|
||||
- port: 9465
|
||||
|
||||
Reference in New Issue
Block a user