From d4e53b771832f8719f2bc91207ccac5c3dbd9152 Mon Sep 17 00:00:00 2001
From: JJGadgets <git@jjgadgets.tech>
Date: Sun, 28 May 2023 12:25:29 +0800
Subject: [PATCH] feat(gotosocial): TLS netpols

---
 kube/3-deploy/2-apps/gotosocial/app/netpol.yaml | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/kube/3-deploy/2-apps/gotosocial/app/netpol.yaml b/kube/3-deploy/2-apps/gotosocial/app/netpol.yaml
index db0ef736..aab3e7c0 100644
--- a/kube/3-deploy/2-apps/gotosocial/app/netpol.yaml
+++ b/kube/3-deploy/2-apps/gotosocial/app/netpol.yaml
@@ -21,9 +21,16 @@ spec:
         - ports:
             - port: "8080"
               protocol: TCP
-          rules:
-            http:
-              - {}
+    # Cloudflare Tunnel
+    - fromEndpoints:
+        - matchLabels:
+            io.kubernetes.pod.namespace: cloudflare
+            app.kubernetes.io/instance: cloudflared
+            app.kubernetes.io/name: cloudflared
+      toPorts:
+        - ports:
+            - port: "8080"
+              protocol: TCP
   egress:
     # same namespace
     - toEndpoints: