academia/deploy/k3s/networkpolicy.yaml

---
# Network Policy - Solo permitir tráfico necesario
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: default-deny-ingress
  namespace: academia
spec:
  podSelector: {}
  policyTypes:
    - Ingress
---
# Permitir tráfico al frontend desde ingress
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: allow-frontend-ingress
  namespace: academia
spec:
  podSelector:
    matchLabels:
      app: student-frontend
  policyTypes:
    - Ingress
  ingress:
    - from:
        - namespaceSelector:
            matchLabels:
              kubernetes.io/metadata.name: kube-system
      ports:
        - protocol: TCP
          port: 80
---
# Permitir tráfico al API desde frontend e ingress
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: allow-api-ingress
  namespace: academia
spec:
  podSelector:
    matchLabels:
      app: student-api
  policyTypes:
    - Ingress
  ingress:
    # Desde ingress controller
    - from:
        - namespaceSelector:
            matchLabels:
              kubernetes.io/metadata.name: kube-system
      ports:
        - protocol: TCP
          port: 8080
    # Desde frontend (para nginx proxy)
    - from:
        - podSelector:
            matchLabels:
              app: student-frontend
      ports:
        - protocol: TCP
          port: 8080
---
# Permitir tráfico a SQL Server solo desde API
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: allow-sqlserver-from-api
  namespace: academia
spec:
  podSelector:
    matchLabels:
      app: sqlserver
  policyTypes:
    - Ingress
  ingress:
    - from:
        - podSelector:
            matchLabels:
              app: student-api
      ports:
        - protocol: TCP
          port: 1433
feat(deploy): add Docker and Kubernetes deployment Docker: - Multi-stage Dockerfile for API (.NET 10) - Multi-stage Dockerfile for frontend (Angular + Nginx) - docker-compose.yml with resource optimization - Nginx reverse proxy configuration - Health checks for all services Kubernetes (k3s): - Namespace and ConfigMap - SQL Server StatefulSet with PVC - API Deployment with HPA - Frontend Deployment - Services and Ingress - Network policies for security - Secrets management Resource optimization: - SQL Server Express with 1GB RAM limit - API with 512MB limit - Frontend with 128MB limit 2026-01-08 04:00:41 +00:00			`---`
			`# Network Policy - Solo permitir tráfico necesario`
			`apiVersion: networking.k8s.io/v1`
			`kind: NetworkPolicy`
			`metadata:`
			`name: default-deny-ingress`
refactor(k3s): rename namespace from student-enrollment to academia 2026-01-08 21:44:22 +00:00			`namespace: academia`
feat(deploy): add Docker and Kubernetes deployment Docker: - Multi-stage Dockerfile for API (.NET 10) - Multi-stage Dockerfile for frontend (Angular + Nginx) - docker-compose.yml with resource optimization - Nginx reverse proxy configuration - Health checks for all services Kubernetes (k3s): - Namespace and ConfigMap - SQL Server StatefulSet with PVC - API Deployment with HPA - Frontend Deployment - Services and Ingress - Network policies for security - Secrets management Resource optimization: - SQL Server Express with 1GB RAM limit - API with 512MB limit - Frontend with 128MB limit 2026-01-08 04:00:41 +00:00			`spec:`
			`podSelector: {}`
			`policyTypes:`
			`- Ingress`
			`---`
			`# Permitir tráfico al frontend desde ingress`
			`apiVersion: networking.k8s.io/v1`
			`kind: NetworkPolicy`
			`metadata:`
			`name: allow-frontend-ingress`
refactor(k3s): rename namespace from student-enrollment to academia 2026-01-08 21:44:22 +00:00			`namespace: academia`
feat(deploy): add Docker and Kubernetes deployment Docker: - Multi-stage Dockerfile for API (.NET 10) - Multi-stage Dockerfile for frontend (Angular + Nginx) - docker-compose.yml with resource optimization - Nginx reverse proxy configuration - Health checks for all services Kubernetes (k3s): - Namespace and ConfigMap - SQL Server StatefulSet with PVC - API Deployment with HPA - Frontend Deployment - Services and Ingress - Network policies for security - Secrets management Resource optimization: - SQL Server Express with 1GB RAM limit - API with 512MB limit - Frontend with 128MB limit 2026-01-08 04:00:41 +00:00			`spec:`
			`podSelector:`
			`matchLabels:`
			`app: student-frontend`
			`policyTypes:`
			`- Ingress`
			`ingress:`
			`- from:`
			`- namespaceSelector:`
			`matchLabels:`
			`kubernetes.io/metadata.name: kube-system`
			`ports:`
			`- protocol: TCP`
			`port: 80`
			`---`
			`# Permitir tráfico al API desde frontend e ingress`
			`apiVersion: networking.k8s.io/v1`
			`kind: NetworkPolicy`
			`metadata:`
			`name: allow-api-ingress`
refactor(k3s): rename namespace from student-enrollment to academia 2026-01-08 21:44:22 +00:00			`namespace: academia`
feat(deploy): add Docker and Kubernetes deployment Docker: - Multi-stage Dockerfile for API (.NET 10) - Multi-stage Dockerfile for frontend (Angular + Nginx) - docker-compose.yml with resource optimization - Nginx reverse proxy configuration - Health checks for all services Kubernetes (k3s): - Namespace and ConfigMap - SQL Server StatefulSet with PVC - API Deployment with HPA - Frontend Deployment - Services and Ingress - Network policies for security - Secrets management Resource optimization: - SQL Server Express with 1GB RAM limit - API with 512MB limit - Frontend with 128MB limit 2026-01-08 04:00:41 +00:00			`spec:`
			`podSelector:`
			`matchLabels:`
			`app: student-api`
			`policyTypes:`
			`- Ingress`
			`ingress:`
			`# Desde ingress controller`
			`- from:`
			`- namespaceSelector:`
			`matchLabels:`
			`kubernetes.io/metadata.name: kube-system`
			`ports:`
			`- protocol: TCP`
ci: optimize deployment workflow for k3s - Single job instead of 3 (no artifact overhead) - Build directly on k3s node (avoids image transfer) - Parallel Docker builds with BuildKit - Auto-create namespace if missing - Automatic rollback on failure - Health check via domain 2026-01-08 18:34:38 +00:00			`port: 8080`
feat(deploy): add Docker and Kubernetes deployment Docker: - Multi-stage Dockerfile for API (.NET 10) - Multi-stage Dockerfile for frontend (Angular + Nginx) - docker-compose.yml with resource optimization - Nginx reverse proxy configuration - Health checks for all services Kubernetes (k3s): - Namespace and ConfigMap - SQL Server StatefulSet with PVC - API Deployment with HPA - Frontend Deployment - Services and Ingress - Network policies for security - Secrets management Resource optimization: - SQL Server Express with 1GB RAM limit - API with 512MB limit - Frontend with 128MB limit 2026-01-08 04:00:41 +00:00			`# Desde frontend (para nginx proxy)`
			`- from:`
			`- podSelector:`
			`matchLabels:`
			`app: student-frontend`
			`ports:`
			`- protocol: TCP`
ci: optimize deployment workflow for k3s - Single job instead of 3 (no artifact overhead) - Build directly on k3s node (avoids image transfer) - Parallel Docker builds with BuildKit - Auto-create namespace if missing - Automatic rollback on failure - Health check via domain 2026-01-08 18:34:38 +00:00			`port: 8080`
feat(deploy): add Docker and Kubernetes deployment Docker: - Multi-stage Dockerfile for API (.NET 10) - Multi-stage Dockerfile for frontend (Angular + Nginx) - docker-compose.yml with resource optimization - Nginx reverse proxy configuration - Health checks for all services Kubernetes (k3s): - Namespace and ConfigMap - SQL Server StatefulSet with PVC - API Deployment with HPA - Frontend Deployment - Services and Ingress - Network policies for security - Secrets management Resource optimization: - SQL Server Express with 1GB RAM limit - API with 512MB limit - Frontend with 128MB limit 2026-01-08 04:00:41 +00:00			`---`
			`# Permitir tráfico a SQL Server solo desde API`
			`apiVersion: networking.k8s.io/v1`
			`kind: NetworkPolicy`
			`metadata:`
			`name: allow-sqlserver-from-api`
refactor(k3s): rename namespace from student-enrollment to academia 2026-01-08 21:44:22 +00:00			`namespace: academia`
feat(deploy): add Docker and Kubernetes deployment Docker: - Multi-stage Dockerfile for API (.NET 10) - Multi-stage Dockerfile for frontend (Angular + Nginx) - docker-compose.yml with resource optimization - Nginx reverse proxy configuration - Health checks for all services Kubernetes (k3s): - Namespace and ConfigMap - SQL Server StatefulSet with PVC - API Deployment with HPA - Frontend Deployment - Services and Ingress - Network policies for security - Secrets management Resource optimization: - SQL Server Express with 1GB RAM limit - API with 512MB limit - Frontend with 128MB limit 2026-01-08 04:00:41 +00:00			`spec:`
			`podSelector:`
			`matchLabels:`
			`app: sqlserver`
			`policyTypes:`
			`- Ingress`
			`ingress:`
			`- from:`
			`- podSelector:`
			`matchLabels:`
			`app: student-api`
			`ports:`
			`- protocol: TCP`
			`port: 1433`