Skip to content
Snippets Groups Projects
Verified Commit e435f0f6 authored by Sheogorath's avatar Sheogorath :european_castle:
Browse files

fix(uptime-kuma): Add network policy for HTTP challenge

parent 8109aa2b
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
apps/base/uptime-kuma/kustomization.yaml
+ 2
0
View file @ e435f0f6
......@@ -7,7 +7,9 @@ resources:
- release.yaml
- ../../../shared/networkpolicies/allow-from-same-namespace.yaml
- ../../../shared/networkpolicies/allow-from-ingress.yaml
- ../../../shared/networkpolicies/allow-from-http-challenge.yaml
- ../../../shared/networkpolicies/allow-to-kubedns.yaml
- ../../../shared/networkpolicies/allow-to-public-web.yaml
- ../../../shared/networkpolicies/allow-to-public-web-http-challenge.yaml
patchesStrategicMerge:
- networkpolicy.yaml
shared/networkpolicies/allow-from-http-challenge.yaml 0 → 100644
+ 14
0
View file @ e435f0f6
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: allow-from-ingress
spec:
ingress:
- from:
- namespaceSelector:
matchLabels:
ingress.shivering-isles.com/network-access-required: "true"
podSelector:
matchLabels:
acme.cert-manager.io/http01-solver: "true"
\ No newline at end of file
shared/networkpolicies/allow-to-public-web-http-challenge.yaml 0 → 100644
+ 24
0
View file @ e435f0f6
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: allow-to-public-web
spec:
egress:
- to:
- ipBlock:
except:
- "192.168.0.0/16"
- "172.16.0.0/12"
- "10.0.0.0/8"
- "169.254.0.0/16"
- "100.64.0.0/10"
cidr: 0.0.0.0/0
ports:
- protocol: TCP
port: 80
policyTypes:
- Egress
podSelector:
matchLabels:
acme.cert-manager.io/http01-solver: "true"
\ No newline at end of file
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment