bakery-admin/bakery-ia
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
8461226a97340e61f3e0b1ec7eeaec6c92801097
bakery-ia/infrastructure/platform/mail/mailu/mailu-networkpolicy.yaml

93 lines
2.1 KiB
YAML
Raw Normal View History

Add new infra architecture
2026-01-19 11:55:17 +01:00
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: mailu-network-policy
namespace: bakery-ia
labels:
app: mailu
component: network-policy
spec:
# Apply to all Mailu pods (matches mailu-deployment.yaml labels)
podSelector:
matchLabels:
app: mailu
policyTypes:
- Ingress
- Egress
ingress:
# Allow SMTP from notification-service
- from:
- podSelector:
matchLabels:
app: notification-service
ports:
- port: 25
- port: 587
# Allow SMTP from other internal services that may need to send email
- from:
- podSelector:
matchLabels:
app.kubernetes.io/name: bakery-ia
ports:
- port: 587
# Allow webmail/admin access via ingress controller
- from:
- namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: ingress-nginx
ports:
- port: 80
- port: 443
# Allow internal Mailu component communication
- from:
- podSelector:
matchLabels:
app: mailu
ports:
- port: 25
- port: 587
- port: 143
- port: 993
- port: 80
- port: 11333
- port: 11334
egress:
# Allow relay to external SMTP (Mailgun)
- to:
- ipBlock:
cidr: 0.0.0.0/0
except:
- 10.0.0.0/8
- 172.16.0.0/12
- 192.168.0.0/16
ports:
- port: 587
- port: 465
- port: 25
# Allow internal Mailu component communication
- to:
- podSelector:
matchLabels:
app: mailu
ports:
- port: 25
- port: 587
- port: 143
- port: 993
- port: 80
- port: 11333
- port: 11334
# Allow connection to shared Redis (database 15)
- to:
- podSelector:
matchLabels:
app.kubernetes.io/name: redis
ports:
- port: 6379
# Allow DNS lookups
- to: []
ports:
- port: 53
protocol: UDP
- port: 53
protocol: TCP
Reference in New Issue Copy Permalink