marcio.fernandes/nextcloud
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add network-policies
All checks were successful
/ continuous-deploy (push) Successful in 23s
Details

Browse Source
This commit is contained in:
Márcio Fernandes
2026-04-18 15:11:24 +00:00
parent 75aede94ac
commit 405763f158
5 changed files with 47 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
deploy/infra/kustomization.yaml
View File

@@ -1,8 +1,8 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- namespace.yaml
- cd-serviceaccount.yaml
- network-policies.yaml
- middlewares.yaml
- ingress-web.yaml
- ingress-web-public.yaml

2
deploy/infra/middlewares.yaml
View File

@@ -67,7 +67,7 @@ spec:
---
piVersion: traefik.io/v1alpha1
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
name: nextcloud-deny-paths

6
deploy/infra/namespace.yaml
View File

@@ -1,6 +0,0 @@
apiVersion: v1
kind: Namespace
metadata:
name: cloud-limbosolutions-com
labels:
name: cloud-limbosolutions-com

44
deploy/infra/network-policies.yaml Normal file
View File

@@ -0,0 +1,44 @@
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
name: allow-same-namespace-ingress
spec:
endpointSelector: {} # All pods in this namespace
ingress:
- fromEndpoints:
- matchExpressions:
- key: k8s:io.kubernetes.pod.namespace
operator: In
values:
- cloud-limbosolutions-com
---
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
name: allow-traefik-ingress
spec:
endpointSelector:
matchLabels:
app.kubernetes.io/name: nextcloud
ingress:
# -------------------------------------------------------------
# Allow Traefik (internal and public) to reach nextcloud web port
# -------------------------------------------------------------
- fromEndpoints:
- matchLabels:
app.kubernetes.io/name: traefik
matchExpressions:
- key: k8s:io.kubernetes.pod.namespace
operator: In
values:
- traefik
- traefik-public
toPorts:
- ports:
- port: "80"
protocol: TCP

2
ops-scripts/apply-infra.sh
View File

@@ -1,5 +1,5 @@
#!/bin/bash
set -e
echo "Executing infra deploy."
kubectl create namespace cloud-limbosolutions-com || true
kubectl kustomize deploy/infra | kubectl -n cloud-limbosolutions-com apply -f -