ZB-Server/EscapeFromTeacher
Private
Public Access
1
0
Fork 0
Code Activity
Files
5bcaa65bbd419892f15b15ce72890979a1dcf458
EscapeFromTeacher/k8s/cilium-netpol.yaml
Sebastian Unterschütz 5bcaa65bbd
All checks were successful
Dynamic Branch Deploy / build-and-deploy (push) Successful in 6m51s
remove namespace: default from CiliumNetworkPolicy definitions to clean up redundant field
2026-01-25 14:38:56 +01:00

131 lines
2.5 KiB
YAML
Raw Blame History

# Default Deny Policy - blocks all traffic unless explicitly allowed
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
name: default-deny-all
spec:
endpointSelector: {}
ingress:
- {}
egress:
- {}
---
# Escape Game App Network Policy
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
name: escape-game-netpol
spec:
endpointSelector:
matchLabels:
app: escape-game
ingress:
# Allow HTTP traffic from anywhere (for user access)
- fromEndpoints:
- {}
toPorts:
- ports:
- port: "8080"
protocol: TCP
egress:
# Allow DNS
- toEndpoints:
- matchLabels:
k8s:io.kubernetes.pod.namespace: kube-system
k8s-app: kube-dns
toPorts:
- ports:
- port: "53"
protocol: UDP
# Allow connection to Redis
- toEndpoints:
- matchLabels:
app: redis
toPorts:
- ports:
- port: "6379"
protocol: TCP
# Allow connection to NATS
- toEndpoints:
- matchLabels:
app: nats
toPorts:
- ports:
- port: "4222"
protocol: TCP
---
# Redis Network Policy
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
name: redis-netpol
spec:
endpointSelector:
matchLabels:
app: redis
ingress:
# Only allow connections from escape-game app
- fromEndpoints:
- matchLabels:
app: escape-game
toPorts:
- ports:
- port: "6379"
protocol: TCP
egress:
# Allow DNS
- toEndpoints:
- matchLabels:
k8s:io.kubernetes.pod.namespace: kube-system
k8s-app: kube-dns
toPorts:
- ports:
- port: "53"
protocol: UDP
---
# NATS Network Policy
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
name: nats-netpol
spec:
endpointSelector:
matchLabels:
app: nats
ingress:
# Allow client connections from escape-game app
- fromEndpoints:
- matchLabels:
app: escape-game
toPorts:
- ports:
- port: "4222"
protocol: TCP
# Allow cluster traffic between NATS pods
- fromEndpoints:
- matchLabels:
app: nats
toPorts:
- ports:
- port: "6222"
protocol: TCP
egress:
# Allow DNS
- toEndpoints:
- matchLabels:
k8s:io.kubernetes.pod.namespace: kube-system
k8s-app: kube-dns
toPorts:
- ports:
- port: "53"
protocol: UDP
# Allow cluster communication to other NATS pods
- toEndpoints:
- matchLabels:
app: nats
toPorts:
- ports:
- port: "6222"
protocol: TCP
View Git Blame Copy Permalink