add ACME solver network policy and experimental co-op mode indicators: implement network policy for HTTP-01 challenge solver, and add visual "EXPERIMENTAL" labels to co-op mode UI and game logic
Some checks failed
Dynamic Branch Deploy / build-and-deploy (push) Has been cancelled
Some checks failed
Dynamic Branch Deploy / build-and-deploy (push) Has been cancelled
This commit is contained in:
Sebastian Unterschütz
@@ -125,3 +125,36 @@ spec:
|
||||
- ports:
|
||||
- port: "6222"
|
||||
protocol: TCP
|
||||
---
|
||||
# ACME Challenge Solver Network Policy
|
||||
apiVersion: cilium.io/v2
|
||||
kind: CiliumNetworkPolicy
|
||||
metadata:
|
||||
name: acme-solver-netpol
|
||||
namespace: ${TARGET_NS}
|
||||
spec:
|
||||
endpointSelector:
|
||||
matchLabels:
|
||||
acme.cert-manager.io/http01-solver: "true"
|
||||
ingress:
|
||||
# Allow ingress from Traefik
|
||||
- fromEndpoints:
|
||||
- matchLabels:
|
||||
k8s:io.kubernetes.pod.namespace: traefik
|
||||
toPorts:
|
||||
- ports:
|
||||
- port: "8089"
|
||||
protocol: TCP
|
||||
egress:
|
||||
# Allow egress to internet for self-check (if needed) and DNS
|
||||
- toEntities:
|
||||
- world
|
||||
- toEndpoints:
|
||||
- matchLabels:
|
||||
k8s:io.kubernetes.pod.namespace: kube-system
|
||||
k8s-app: kube-dns
|
||||
toPorts:
|
||||
- ports:
|
||||
- port: "53"
|
||||
protocol: UDP
|
||||
|
||||
|
||||
Reference in New Issue
Block a user