fix(ingress-nginx): allow Let's Encrypt egress traffic

2026-03-22 12:39:56 +00:00 · 2024-09-03 04:19:29 +08:00
parent 2f4bb76b44
commit f7f992bb2d
1 changed files with 4 additions and 0 deletions
--- a/kube/deploy/core/ingress/ingress-nginx/app/netpol.yaml
+++ b/kube/deploy/core/ingress/ingress-nginx/app/netpol.yaml
@@ -104,6 +104,10 @@ spec:
    - toFQDNs:
        - matchPattern: "*.${DNS_MAIN}"
        - matchPattern: "*.${DNS_SHORT}"
+    # allow Let's Encrypt traffic for e.g. OCSP or CRLs
+    - toFQDNs:
+        - matchPattern: "*.lencr.org"
+        - matchPattern: "*.*.lencr.org"
    # DNS proxy to kube-dns, DNS L7 visibility
    - toEndpoints:
        - matchLabels: