datasiswa-gitops/k8s/network-policy.yaml

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: allow-frontend-to-backend
  namespace: intern-workspace
spec:
  podSelector:
    matchLabels:
      app: backend-datasiswa
  policyTypes:
    - Ingress
  ingress:
    - from:
        - podSelector:
            matchLabels:
              app: frontend-datasiswa
      ports:
        - protocol: TCP
          port: 5000
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: allow-backend-to-mysql
  namespace: intern-workspace
spec:
  podSelector:
    matchLabels:
      app: mysql-datasiswa
  policyTypes:
    - Ingress
    - Egress
  ingress:
    - from:
        - podSelector:
            matchLabels:
              app: backend-datasiswa
      ports:
        - protocol: TCP
          port: 3306
  egress:
    - to:
        - podSelector:
            matchLabels:
              app: backend-datasiswa
      ports:
        - protocol: TCP
          port: 5000
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: allow-backend-egress
  namespace: intern-workspace
spec:
  podSelector:
    matchLabels:
      app: backend-datasiswa
  policyTypes:
    - Egress
  egress:
    # Backend boleh akses MySQL
    - to:
        - podSelector:
            matchLabels:
              app: mysql-datasiswa
      ports:
        - protocol: TCP
          port: 3306
    # Boleh keluar ke DNS (supaya backend tetap bisa resolve nama service)
    - to:
        - namespaceSelector: {}
      ports:
        - protocol: UDP
          port: 53
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: allow-frontend-egress
  namespace: intern-workspace
spec:
  podSelector:
    matchLabels:
      app: frontend-datasiswa
  policyTypes:
    - Egress
  egress:
    # Frontend boleh kirim request ke backend
    - to:
        - podSelector:
            matchLabels:
              app: backend-datasiswa
      ports:
        - protocol: TCP
          port: 5000
    # Boleh keluar ke DNS
    - to:
        - namespaceSelector: {}
      ports:
        - protocol: UDP
          port: 53