generated from coulomb/repo-seed
fix(sso-mfa): NK-WP-0003-T04 — correct privacyIDEA image and port
privacyidea/privacyidea:3.12 does not exist on Docker Hub. Correct image: privacyidea/otpserver:3.12.2 (port 5001). Updated files: - deployment.yaml: image, containerPort, probes, service port - ingress.yaml: backend service port - netpol-mfa.yaml: ingress port + keycloak → keycape label - netpol-sso.yaml: KeyCape egress port to privacyIDEA Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
@@ -13,7 +13,7 @@
|
||||
# Allowed egress paths:
|
||||
# keycape → authelia :9091 (OIDC callback orchestration)
|
||||
# keycape → lldap :3890 (LDAP user lookups)
|
||||
# keycape → mfa :8080 (privacyIDEA MFA check and token validation)
|
||||
# keycape → mfa :5001 (privacyIDEA MFA check and token validation)
|
||||
# authelia → lldap :3890 (LDAP authentication backend)
|
||||
# all pods → kube-dns :53 (DNS resolution)
|
||||
#
|
||||
@@ -201,7 +201,7 @@ spec:
|
||||
- port: 3890
|
||||
protocol: TCP
|
||||
---
|
||||
# ── KeyCape egress → privacyIDEA (mfa namespace) :8080 ───────────────────────
|
||||
# ── KeyCape egress → privacyIDEA (mfa namespace) :5001 ───────────────────────
|
||||
# KeyCape calls privacyIDEA to check and validate MFA tokens.
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: NetworkPolicy
|
||||
@@ -220,7 +220,7 @@ spec:
|
||||
matchLabels:
|
||||
net-kingdom/component: mfa
|
||||
ports:
|
||||
- port: 8080
|
||||
- port: 5001
|
||||
protocol: TCP
|
||||
---
|
||||
# ── Authelia egress → LLDAP (within sso namespace) ───────────────────────────
|
||||
|
||||
Reference in New Issue
Block a user