invoice-ninja: Deploy Invoice Ninja

Invoice Ninja is a small business management tool. Tabitha wants to use it for HLC. I am a bit concerned about the code quality of this application, and definitely alarmed at the data it send upstream, so I have tried to be extra careful with it. All privileges are revoked, including access to the Internet.
2024-01-27 21:07:46 -06:00
parent a5d186b461
commit 4e15a9d71d
12 changed files with 650 additions and 0 deletions
--- a/invoice-ninja/network-policy.yaml
+++ b/invoice-ninja/network-policy.yaml
@@ -0,0 +1,46 @@
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: invoice-ninja
+  labels:
+    app.kubernetes.io/name: invoice-ninja
+    app.kubernetes.io/component: invoice-ninja
+spec:
+  egress:
+  - to:
+    - podSelector:
+        matchLabels:
+          app.kubernetes.io/part-of: invoice-ninja
+  - to:
+    - namespaceSelector:
+        matchLabels:
+          kubernetes.io/metadata.name: kube-system
+      podSelector:
+        matchLabels:
+          k8s-app: kube-dns
+    ports:
+    - port: 53
+      protocol: UDP
+    - port: 53
+      protocol: TCP
+  - to:
+    - ipBlock:
+        cidr: 172.30.0.12/32
+    ports:
+    - port: 25
+  - to:
+    - ipBlock:
+        cidr: 172.30.0.160/28
+    ports:
+    - port: 80
+    - port: 443
+  - to:
+    - ipBlock:
+        cidr: 172.30.0.1/32
+    ports:
+    - port: 3128
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/component: invoice-ninja
+  policyTypes:
+  - Egress