video-iac/k8s/jam-cloud-infra/network-policy.yaml

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: allow-infra-from-authorized-ips
  namespace: jam-cloud-infra
spec:
  podSelector: {} # apply to all pods in jam-cloud-infra
  policyTypes:
  - Ingress
  ingress:
  - from:
    - ipBlock:
        cidr: 72.14.184.26/32
    - ipBlock:
        cidr: 173.255.192.5/32
    - namespaceSelector:
        matchLabels:
          kubernetes.io/metadata.name: jam-cloud # allow apps in jam-cloud to talk to infra
    - namespaceSelector:
        matchLabels:
          kubernetes.io/metadata.name: ingress-nginx # allow ingress controller to reach infra
  - ports: # Optional: Keep management UI reachable from everywhere? Or also restrict? 
    - protocol: TCP
      port: 15672
Staging redis/resque stood up 2026-03-06 01:49:03 +00:00			`apiVersion: networking.k8s.io/v1`
			`kind: NetworkPolicy`
			`metadata:`
			`name: allow-infra-from-authorized-ips`
			`namespace: jam-cloud-infra`
			`spec:`
			`podSelector: {} # apply to all pods in jam-cloud-infra`
			`policyTypes:`
			`- Ingress`
			`ingress:`
			`- from:`
			`- ipBlock:`
			`cidr: 72.14.184.26/32`
			`- ipBlock:`
			`cidr: 173.255.192.5/32`
			`- namespaceSelector:`
			`matchLabels:`
			`kubernetes.io/metadata.name: jam-cloud # allow apps in jam-cloud to talk to infra`
			`- namespaceSelector:`
			`matchLabels:`
			`kubernetes.io/metadata.name: ingress-nginx # allow ingress controller to reach infra`
			`- ports: # Optional: Keep management UI reachable from everywhere? Or also restrict?`
			`- protocol: TCP`
			`port: 15672`