Skip to content

Kubernetes: Add NetworkPolicies (isolate web; restrict API↔Postgres) #126

New issue
New issue
Open
Open
Kubernetes: Add NetworkPolicies (isolate web; restrict API↔Postgres)#126
@imrightguy

Description

@imrightguy
imrightguy
opened on Sep 18, 2025

Objective
Harden inter-pod traffic with Kubernetes NetworkPolicies.

Scope

  • Namespace cloudtolocalllm default deny ingress policy
  • Allow web -> api (HTTP), web -> streaming (HTTP/WS)
  • Allow api -> postgresql only (TCP 5432) and deny other egress
  • Optional: limit ingress to api/streaming from Ingress NEGs only

Acceptance Criteria

  • Policies applied; connectivity matrix matches design
  • API can reach Postgres; web cannot reach Postgres directly
  • No unintended service breakage; document policies

Dependencies

Effort: S (0.5–1 day)
Priority: P2

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions