andresgarcia0313
/
academia
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
academia/deploy/k3s/networkpolicy.yaml

84 lines
1.8 KiB
YAML
Raw Normal View History

feat(deploy): add Docker and Kubernetes deployment Docker: - Multi-stage Dockerfile for API (.NET 10) - Multi-stage Dockerfile for frontend (Angular + Nginx) - docker-compose.yml with resource optimization - Nginx reverse proxy configuration - Health checks for all services Kubernetes (k3s): - Namespace and ConfigMap - SQL Server StatefulSet with PVC - API Deployment with HPA - Frontend Deployment - Services and Ingress - Network policies for security - Secrets management Resource optimization: - SQL Server Express with 1GB RAM limit - API with 512MB limit - Frontend with 128MB limit
2026-01-08 04:00:41 +00:00
---
# Network Policy - Solo permitir tráfico necesario
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: default-deny-ingress
namespace: student-enrollment
spec:
podSelector: {}
policyTypes:
- Ingress
---
# Permitir tráfico al frontend desde ingress
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: allow-frontend-ingress
namespace: student-enrollment
spec:
podSelector:
matchLabels:
app: student-frontend
policyTypes:
- Ingress
ingress:
- from:
- namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: kube-system
ports:
- protocol: TCP
port: 80
---
# Permitir tráfico al API desde frontend e ingress
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: allow-api-ingress
namespace: student-enrollment
spec:
podSelector:
matchLabels:
app: student-api
policyTypes:
- Ingress
ingress:
# Desde ingress controller
- from:
- namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: kube-system
ports:
- protocol: TCP
ci: optimize deployment workflow for k3s - Single job instead of 3 (no artifact overhead) - Build directly on k3s node (avoids image transfer) - Parallel Docker builds with BuildKit - Auto-create namespace if missing - Automatic rollback on failure - Health check via domain
2026-01-08 18:34:38 +00:00
port: 8080
feat(deploy): add Docker and Kubernetes deployment Docker: - Multi-stage Dockerfile for API (.NET 10) - Multi-stage Dockerfile for frontend (Angular + Nginx) - docker-compose.yml with resource optimization - Nginx reverse proxy configuration - Health checks for all services Kubernetes (k3s): - Namespace and ConfigMap - SQL Server StatefulSet with PVC - API Deployment with HPA - Frontend Deployment - Services and Ingress - Network policies for security - Secrets management Resource optimization: - SQL Server Express with 1GB RAM limit - API with 512MB limit - Frontend with 128MB limit
2026-01-08 04:00:41 +00:00
# Desde frontend (para nginx proxy)
- from:
- podSelector:
matchLabels:
app: student-frontend
ports:
- protocol: TCP
ci: optimize deployment workflow for k3s - Single job instead of 3 (no artifact overhead) - Build directly on k3s node (avoids image transfer) - Parallel Docker builds with BuildKit - Auto-create namespace if missing - Automatic rollback on failure - Health check via domain
2026-01-08 18:34:38 +00:00
port: 8080
feat(deploy): add Docker and Kubernetes deployment Docker: - Multi-stage Dockerfile for API (.NET 10) - Multi-stage Dockerfile for frontend (Angular + Nginx) - docker-compose.yml with resource optimization - Nginx reverse proxy configuration - Health checks for all services Kubernetes (k3s): - Namespace and ConfigMap - SQL Server StatefulSet with PVC - API Deployment with HPA - Frontend Deployment - Services and Ingress - Network policies for security - Secrets management Resource optimization: - SQL Server Express with 1GB RAM limit - API with 512MB limit - Frontend with 128MB limit
2026-01-08 04:00:41 +00:00
---
# Permitir tráfico a SQL Server solo desde API
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: allow-sqlserver-from-api
namespace: student-enrollment
spec:
podSelector:
matchLabels:
app: sqlserver
policyTypes:
- Ingress
ingress:
- from:
- podSelector:
matchLabels:
app: student-api
ports:
- protocol: TCP
port: 1433