feat: Enhance security contexts, network policies, and resource quotas#443
Draft
LuukvH wants to merge 1 commit into
Draft
feat: Enhance security contexts, network policies, and resource quotas#443LuukvH wants to merge 1 commit into
LuukvH wants to merge 1 commit into
Conversation
feat: Add volume mounts and update nginx configuration for improved caching and security feat: Update rate limit filter to use rate_limit_quota for improved quota management feat: Add NET_BIND_SERVICE capability to web container for enhanced networking feat: Increase CPU limit from 4 to 8 for resource quota in production feat: Remove rate limit quota filter from Envoy configuration feat: Update web application to use port 8080 for HTTP and NGINX configuration feat: Remove unnecessary user and group creation for NGINX in Dockerfile feat: Simplify NGINX setup by removing unnecessary libcap installation and updating pid location for non-root execution feat: Update NGINX pid file location to use /var/run for Kubernetes deployment feat: Add NetworkPolicy to allow Envoy egress traffic to CRM and scheduling APIs feat: Update CRM deployment and service to use port 8080 for HTTP traffic feat: Add NetworkPolicies for RabbitMQ egress traffic to backends and scheduling APIs fix: Correct order of resources in kustomization.yaml for network policies feat: Update Ingress configuration to route traffic to web service on port 8080 fix: Update web service to use port 80 for HTTP traffic in deployment, service, ingress, and network policy fix: Adjust ingress rules in allow-web-ingress.yaml to properly define source namespace for web traffic fix: Update deployment and service configurations to use port 8080 for HTTP traffic
LuukvH
force-pushed
the
main
branch
9 times, most recently
from
4930201 to
587aa33
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
feat: Add volume mounts and update nginx configuration for improved caching and security
feat: Update rate limit filter to use rate_limit_quota for improved quota management
feat: Add NET_BIND_SERVICE capability to web container for enhanced networking
feat: Increase CPU limit from 4 to 8 for resource quota in production
feat: Remove rate limit quota filter from Envoy configuration
feat: Update web application to use port 8080 for HTTP and NGINX configuration
feat: Remove unnecessary user and group creation for NGINX in Dockerfile
feat: Simplify NGINX setup by removing unnecessary libcap installation and updating pid location for non-root execution
feat: Update NGINX pid file location to use /var/run for Kubernetes deployment
feat: Add NetworkPolicy to allow Envoy egress traffic to CRM and scheduling APIs
feat: Update CRM deployment and service to use port 8080 for HTTP traffic
feat: Add NetworkPolicies for RabbitMQ egress traffic to backends and scheduling APIs
fix: Correct order of resources in kustomization.yaml for network policies
feat: Update Ingress configuration to route traffic to web service on port 8080
fix: Update web service to use port 80 for HTTP traffic in deployment, service, ingress, and network policy
fix: Adjust ingress rules in allow-web-ingress.yaml to properly define source namespace for web traffic
fix: Update deployment and service configurations to use port 8080 for HTTP traffic