wooo/awoooi
1
1
Fork 0
Code Issues 2 Pull Requests 1 Actions 4 Packages Projects Releases Wiki Activity

fix(k8s): NetworkPolicy DNS 規則修復

Browse Source 
- 使用 namespaceSelector 明確指定 kube-system
- ADR-011 Appendix B: CoreDNS 只有 k8s-app=kube-dns 標籤
- 修復 Telegram 告警鏈 DNS 解析失敗問題

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
OG T
2026-03-26 17:41:11 +08:00
parent 30153496d1
commit 34bfa994c2
1 changed files with 9 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
k8s/awoooi-prod/02-network-policy.yaml
View File

@@ -1,8 +1,10 @@
# AWOOOI 正式環境零信任網路策略 # AWOOOI 正式環境零信任網路策略
# 負責人: CIO # 負責人: CIO
# 版本: v1.1 # 版本: v1.2
# 日期: 2026-03-26 # 日期: 2026-03-26
# 變更: 新增 Langfuse LLMOps (192.168.0.110:3100) - Phase 15.1 # 變更:
# - v1.2: 修復 DNS 規則使用 namespaceSelector (ADR-011 Appendix B)
# - v1.1: 新增 Langfuse LLMOps (192.168.0.110:3100) - Phase 15.1
# #
# 原則: Default Deny All - 預設拒絕所有流量,僅白名單允許 # 原則: Default Deny All - 預設拒絕所有流量,僅白名單允許
@@ -152,8 +154,12 @@ spec:
port: 6443 port: 6443
# 允許 DNS 解析 # 允許 DNS 解析
# 2026-03-26 修復: 使用 namespaceSelector 明確指定 kube-system
# ADR-011 Appendix B: CoreDNS 只有 k8s-app=kube-dns 標籤,不要加其他標籤要求
- to: - to:
- namespaceSelector: {} - namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: kube-system
podSelector: podSelector:
matchLabels: matchLabels:
k8s-app: kube-dns k8s-app: kube-dns