AI
/
claude-code-hub
kopia lustrzana https://github.com/ding113/claude-code-hub.git


			
				
					
						
						
							123456789101112131415161718192021222324252627
							apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: app-access
  namespace: {{NAMESPACE}}
spec:
  podSelector:
    matchLabels:
      app: claude-code-hub
  policyTypes:
    - Ingress
  ingress:
    # 仅在 Ingress 模式下由 deploy-k8s.sh 应用;NodePort 回落时会自动跳过该策略。
    # 允许来自 Ingress Controller 所在命名空间的流量
    # kube-system 覆盖 k3s Traefik;若使用 ingress-nginx 请自行调整 namespace label
    - from:
        - namespaceSelector:
            matchLabels:
              kubernetes.io/metadata.name: kube-system
        - namespaceSelector:
            matchLabels:
              kubernetes.io/metadata.name: ingress-nginx
        - namespaceSelector:
            matchLabels:
              kubernetes.io/metadata.name: traefik
      ports:
        - port: 3000