fix(netpols): authentik outposts to ingress-nginx

2026-01-28 02:18:24 +00:00 · 2023-07-18 03:21:21 +08:00
parent 3a33db02a8
commit 4cf257afab
1 changed files with 8 additions and 1 deletions
--- a/kube/deploy/core/ingress/ingress-nginx/app/netpol.yaml
+++ b/kube/deploy/core/ingress/ingress-nginx/app/netpol.yaml
@@ -40,7 +40,6 @@ spec:
              protocol: TCP
            - port: "443"
              protocol: UDP
-
    # allow traffic from external-proxy-x
    - fromEndpoints:
        - matchLabels:
@@ -67,6 +66,14 @@ spec:
            - key: egress.home.arpa/ingress-nginx
              operator: In
              values: ["allow"]
+    # allow authentik-managed components to connect to main authentik server
+    - fromEndpoints:
+        - matchExpressions:
+            - key: io.kubernetes.pod.namespace
+              operator: Exists
+            - key: app.kubernetes.io/managed-by
+              operator: In
+              values: ["goauthentik.io"]
  egress:
    # allow access to kube-apiserver to get Ingress/etc resources and push updates
    - toEntities: