infra/kubernetes
1
0
Fork 0
Code Pull Requests 3 Activity

invoice-ninja: Fix network policy for ingress

Browse Source 
Since the IP address assigned to the ingress controller is now managed
by keepalived and known to Kubernetes, the network policy needs to allow
access to it by pod namespace rather than IP address.  It seems that the
former takes precedence over the latter, so even though the IP address
was explicitly allowed, traffic was not permitted because it was
destined for a Kubernetes service that was not.
This commit is contained in:
Dustin
2024-12-07 09:28:44 -06:00
parent 2a90ffc7a9
commit 4243823ba5
1 changed files with 3 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
invoice-ninja/network-policy.yaml
View File

@@ -29,8 +29,9 @@ spec:
ports:
- port: 25
- to:
- ipBlock:
cidr: 172.30.0.147/32
- namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: ingress-nginx
ports:
- port: 80
- port: 443