fix(sandstorm): netpols

2026-03-21 23:39:48 +00:00 · 2025-01-27 22:52:10 +08:00
parent d6bb7caa88
commit 3ec62d042e
2 changed files with 15 additions and 2 deletions
--- a/kube/deploy/apps/insurgency-sandstorm/app/hr.yaml
+++ b/kube/deploy/apps/insurgency-sandstorm/app/hr.yaml
@@ -23,6 +23,7 @@ spec:
        pod:
          labels:
            ingress.home.arpa/world: allow
+            dns.home.arpa/l7: "true"
        containers:
          main:
            image: &img
@@ -47,7 +48,7 @@ spec:
                drop: ["ALL"]
            resources:
              requests:
-                cpu: "10m"
+                cpu: "100m"
              limits:
                cpu: "2"
                memory: "2Gi"
@@ -78,7 +79,7 @@ spec:
                cpu: "300m"
              limits:
                cpu: "1"
-                memory: "128Mi"
+                memory: "256Mi"
    service:
      insurgency-sandstorm:
        controller: insurgency-sandstorm
--- a/kube/deploy/apps/insurgency-sandstorm/app/netpol.yaml
+++ b/kube/deploy/apps/insurgency-sandstorm/app/netpol.yaml
@@ -0,0 +1,12 @@
+---
+# yaml-language-server: $schema=https://crds.jank.ing/cilium.io/ciliumnetworkpolicy_v2.json
+apiVersion: cilium.io/v2
+kind: CiliumNetworkPolicy
+metadata:
+  name: &app insurgency-sandstorm
+  namespace: *app
+spec:
+  endpointSelector: {}
+  egress:
+    - toFQDNs:
+        - matchPattern: "*.mod.io"