wildduck: Add network policies for ZoneMTA and webmail

2023-09-17 11:52:52 +03:00 · 2023-09-17 11:52:52 +03:00 · efc76d7a10
commit efc76d7a10
parent a0d48d4243
2 changed files with 39 additions and 3 deletions
--- a/wildduck/webmail.yaml
+++ b/wildduck/webmail.yaml
@ -66,11 +66,11 @@ spec:
  replicas: 2
  selector:
    matchLabels:
-      app: webmail
+      app.kubernetes.io/name: webmail
  template:
    metadata:
      labels:
-        app: webmail
+        app.kubernetes.io/name: webmail
    spec:
      containers:
        - name: webmail
@ -112,7 +112,7 @@ metadata:
  namespace: wildduck
 spec:
  selector:
-    app: webmail
+    app.kubernetes.io/name: webmail
  ports:
  - protocol: TCP
    port: 80
@ -154,3 +154,24 @@ spec:
    regex: ^https://webmail.k-space.ee/$
    replacement: https://webmail.k-space.ee/webmail/
    permanent: false
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: webmail
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: webmail
+  policyTypes:
+    - Ingress
+  ingress:
+    - ports:
+        - port: 3000
+      from:
+        - namespaceSelector:
+            matchLabels:
+              kubernetes.io/metadata.name: traefik
+          podSelector:
+            matchLabels:
+              app.kubernetes.io/name: traefik
--- a/wildduck/zonemta.yaml
+++ b/wildduck/zonemta.yaml
@ -140,3 +140,18 @@ spec:
        - name: cert
          secret:
            secretName: wildduck-tls
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: zonemta
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: wildduck
+      app.kubernetes.io/component: zonemta
+  policyTypes:
+    - Ingress
+  ingress:
+    - ports:
+      - port: 9465