From d08290b4336e4d40fb0847d664e5a99d7dba7d81 Mon Sep 17 00:00:00 2001
From: OG T <ogt@WOOOMacMiniM4.local>
Date: Tue, 24 Mar 2026 17:51:06 +0800
Subject: [PATCH] feat(k8s): Add Sentry and Harbor egress to NetworkPolicy
 (#38)

- Allow egress to 192.168.0.110:9000 (Sentry Self-Hosted)
- Allow egress to 192.168.0.110:5000 (Harbor Registry)
- Enables Sentry Tunnel API Route to forward errors

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---
 k8s/awoooi-prod/02-network-policy.yaml | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/k8s/awoooi-prod/02-network-policy.yaml b/k8s/awoooi-prod/02-network-policy.yaml
index 678ba287..40719a32 100644
--- a/k8s/awoooi-prod/02-network-policy.yaml
+++ b/k8s/awoooi-prod/02-network-policy.yaml
@@ -107,6 +107,19 @@ spec:
         - protocol: TCP
           port: 8123
 
+    # 允許訪問 192.168.0.110 監控服務 (Harbor + Sentry)
+    # 2026-03-24 新增: Sentry Self-Hosted (透過 Sentry Tunnel API Route)
+    - to:
+        - ipBlock:
+            cidr: 192.168.0.110/32
+      ports:
+        # Sentry Self-Hosted HTTP API
+        - protocol: TCP
+          port: 9000
+        # Harbor Registry (已在 CD pipeline 使用)
+        - protocol: TCP
+          port: 5000
+
     # 允許訪問 192.168.0.112 安全掃描服務
     - to:
         - ipBlock: