From efc76d7a101efd9a455c2423575afdc349688d0b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lauri=20V=C3=B5sandi?= Date: Sun, 17 Sep 2023 11:52:52 +0300 Subject: [PATCH] wildduck: Add network policies for ZoneMTA and webmail --- wildduck/webmail.yaml | 27 ++++++++++++++++++++++++--- wildduck/zonemta.yaml | 15 +++++++++++++++ 2 files changed, 39 insertions(+), 3 deletions(-) diff --git a/wildduck/webmail.yaml b/wildduck/webmail.yaml index 074b49f..5519a1b 100644 --- a/wildduck/webmail.yaml +++ b/wildduck/webmail.yaml @@ -66,11 +66,11 @@ spec: replicas: 2 selector: matchLabels: - app: webmail + app.kubernetes.io/name: webmail template: metadata: labels: - app: webmail + app.kubernetes.io/name: webmail spec: containers: - name: webmail @@ -112,7 +112,7 @@ metadata: namespace: wildduck spec: selector: - app: webmail + app.kubernetes.io/name: webmail ports: - protocol: TCP port: 80 @@ -154,3 +154,24 @@ spec: regex: ^https://webmail.k-space.ee/$ replacement: https://webmail.k-space.ee/webmail/ permanent: false +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: webmail +spec: + podSelector: + matchLabels: + app.kubernetes.io/name: webmail + policyTypes: + - Ingress + ingress: + - ports: + - port: 3000 + from: + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: traefik + podSelector: + matchLabels: + app.kubernetes.io/name: traefik diff --git a/wildduck/zonemta.yaml b/wildduck/zonemta.yaml index 7bee65d..e9a3b8f 100644 --- a/wildduck/zonemta.yaml +++ b/wildduck/zonemta.yaml @@ -140,3 +140,18 @@ spec: - name: cert secret: secretName: wildduck-tls +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: zonemta +spec: + podSelector: + matchLabels: + app.kubernetes.io/name: wildduck + app.kubernetes.io/component: zonemta + policyTypes: + - Ingress + ingress: + - ports: + - port: 9465