fix: dispatcher use internal Vikunja URL + allow port 3456 egress
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
This commit is contained in:
Zoë
parent
ea15680df4
commit
33e360cd30
2 changed files with 17 additions and 2 deletions
|
|
@ -41,7 +41,7 @@ spec:
|
||||||
name: dispatcher-approle
|
name: dispatcher-approle
|
||||||
key: secret_id
|
key: secret_id
|
||||||
- name: VIKUNJA_BASE_URL
|
- name: VIKUNJA_BASE_URL
|
||||||
value: "https://tasks.ctz.fyi"
|
value: "http://vikunja.vikunja.svc.cluster.local:3456"
|
||||||
- name: VIKUNJA_PROJECT_ID
|
- name: VIKUNJA_PROJECT_ID
|
||||||
value: "78"
|
value: "78"
|
||||||
- name: VIKUNJA_TODO_BUCKET_ID
|
- name: VIKUNJA_TODO_BUCKET_ID
|
||||||
|
|
|
||||||
|
|
@ -51,7 +51,7 @@ spec:
|
||||||
- port: 6443
|
- port: 6443
|
||||||
protocol: TCP
|
protocol: TCP
|
||||||
---
|
---
|
||||||
# Allow dispatcher egress to k8s API and OpenBao only
|
# Allow dispatcher egress to k8s API, OpenBao, and Vikunja
|
||||||
apiVersion: networking.k8s.io/v1
|
apiVersion: networking.k8s.io/v1
|
||||||
kind: NetworkPolicy
|
kind: NetworkPolicy
|
||||||
metadata:
|
metadata:
|
||||||
|
|
@ -78,3 +78,18 @@ spec:
|
||||||
ports:
|
ports:
|
||||||
- port: 8200
|
- port: 8200
|
||||||
protocol: TCP
|
protocol: TCP
|
||||||
|
# Vikunja in-cluster
|
||||||
|
- to:
|
||||||
|
- namespaceSelector:
|
||||||
|
matchLabels:
|
||||||
|
kubernetes.io/metadata.name: vikunja
|
||||||
|
ports:
|
||||||
|
- port: 3456
|
||||||
|
protocol: TCP
|
||||||
|
# k8s API server
|
||||||
|
- to:
|
||||||
|
- ipBlock:
|
||||||
|
cidr: 0.0.0.0/0
|
||||||
|
ports:
|
||||||
|
- port: 6443
|
||||||
|
protocol: TCP
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue