invoice-ninja: Fix network policy for ingress

Since the IP address assigned to the ingress controller is now managed by keepalived and known to Kubernetes, the network policy needs to allow access to it by pod namespace rather than IP address. It seems that the former takes precedence over the latter, so even though the IP address was explicitly allowed, traffic was not permitted because it was destined for a Kubernetes service that was not.
2024-12-07 09:28:44 -06:00 · 2024-12-07 09:28:44 -06:00 · 4243823ba5
parent 2a90ffc7a9
commit 4243823ba5
1 changed files with 3 additions and 2 deletions
--- a/invoice-ninja/network-policy.yaml
+++ b/invoice-ninja/network-policy.yaml
@ -29,8 +29,9 @@ spec:
    ports:
    - port: 25
  - to:
-    - ipBlock:
-        cidr: 172.30.0.147/32
+    - namespaceSelector:
+        matchLabels:
+          kubernetes.io/metadata.name: ingress-nginx
    ports:
    - port: 80
    - port: 443