gbpark/invyone
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
8606f0aaa3d0d510f254eee4fc7c7f4b67580a58
invyone/k8s/networkpolicy.yaml
T
DDD1542 a5de92de65
Build & Deploy to K8s / build-and-deploy (push) Successful in 39s
Details
정리 완료
2026-04-22 09:45:55 +09:00

51 lines
1.1 KiB
YAML
Raw Blame History

# NetworkPolicy: frontend는 backend에만 접근 가능
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: frontend-policy
namespace: invyone
spec:
podSelector:
matchLabels:
app: frontend
policyTypes:
- Egress
egress:
# backend-spring 접근 허용
- to:
- podSelector:
matchLabels:
app: backend-spring
ports:
- port: 8081
# DNS 허용
- to: []
ports:
- port: 53
protocol: UDP
- port: 53
protocol: TCP
---
# NetworkPolicy: backend는 외부 DB 접근만 허용
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: backend-policy
namespace: invyone
spec:
podSelector:
matchLabels: {}
policyTypes:
- Ingress
ingress:
# 같은 네임스페이스 내 트래픽 허용
- from:
- namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: invyone
# NodePort 외부 트래픽 허용 (Traefik에서 들어오는 트래픽)
- from: []
ports:
- port: 3000
- port: 8081
Reference in New Issue View Git Blame Copy Permalink