prod deployment
This commit is contained in:
@@ -1,4 +1,4 @@
|
||||
# ValidatingAdmissionPolicy to restrict images in dexorder-sandboxes namespace
|
||||
# ValidatingAdmissionPolicy to restrict images in sandbox namespace
|
||||
# Requires Kubernetes 1.30+ (or 1.28+ with feature gate)
|
||||
# This is the critical security control that prevents arbitrary image execution
|
||||
# even if the gateway is compromised.
|
||||
@@ -26,7 +26,9 @@ spec:
|
||||
c.image.startsWith('ghcr.io/dexorder/sandbox-') ||
|
||||
c.image.startsWith('ghcr.io/dexorder/lifecycle-sidecar:') ||
|
||||
c.image.startsWith('dexorder/ai-sandbox:') ||
|
||||
c.image.startsWith('dexorder/ai-lifecycle-sidecar:'))
|
||||
c.image.startsWith('dexorder/ai-lifecycle-sidecar:') ||
|
||||
c.image.startsWith('git.dxod.org/dexorder/dexorder/ai-sandbox:') ||
|
||||
c.image.startsWith('git.dxod.org/dexorder/dexorder/ai-lifecycle-sidecar:'))
|
||||
message: "Only approved dexorder sandbox images are allowed in the sandboxes namespace"
|
||||
reason: Forbidden
|
||||
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
# RBAC for gateway to CREATE sandbox deployments only
|
||||
# Principle of least privilege: gateway can ONLY create deployments/services/PVCs
|
||||
# in the dexorder-sandboxes namespace. Deletion is handled by the lifecycle sidecar.
|
||||
# in the sandbox namespace. Deletion is handled by the lifecycle sidecar.
|
||||
# No pods, secrets, exec, or cross-namespace access.
|
||||
---
|
||||
apiVersion: v1
|
||||
@@ -8,12 +8,12 @@ kind: ServiceAccount
|
||||
metadata:
|
||||
name: gateway
|
||||
---
|
||||
# Role scoped to dexorder-sandboxes namespace only
|
||||
# Role scoped to sandbox namespace only
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: Role
|
||||
metadata:
|
||||
name: sandbox-creator
|
||||
namespace: dexorder-sandboxes
|
||||
namespace: sandbox
|
||||
rules:
|
||||
# Deployments: create and read only (deletion handled by sidecar)
|
||||
- apiGroups: ["apps"]
|
||||
@@ -53,7 +53,7 @@ apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: RoleBinding
|
||||
metadata:
|
||||
name: gateway-sandbox-creator
|
||||
namespace: dexorder-sandboxes
|
||||
namespace: sandbox
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: gateway
|
||||
|
||||
@@ -5,15 +5,15 @@ apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: sandbox-lifecycle
|
||||
namespace: dexorder-sandboxes
|
||||
namespace: sandbox
|
||||
---
|
||||
# Role allowing deletion of deployments and PVCs
|
||||
# This is scoped to the dexorder-sandboxes namespace
|
||||
# This is scoped to the sandbox namespace
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: Role
|
||||
metadata:
|
||||
name: sandbox-self-delete
|
||||
namespace: dexorder-sandboxes
|
||||
namespace: sandbox
|
||||
rules:
|
||||
# Allow getting and deleting deployments
|
||||
- apiGroups: ["apps"]
|
||||
@@ -34,11 +34,11 @@ apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: RoleBinding
|
||||
metadata:
|
||||
name: sandbox-self-delete
|
||||
namespace: dexorder-sandboxes
|
||||
namespace: sandbox
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: sandbox-lifecycle
|
||||
namespace: dexorder-sandboxes
|
||||
namespace: sandbox
|
||||
roleRef:
|
||||
kind: Role
|
||||
name: sandbox-self-delete
|
||||
@@ -49,5 +49,5 @@ roleRef:
|
||||
# Requires a validating webhook server (can be added later)
|
||||
# For now, we rely on:
|
||||
# 1. Sidecar only knowing its own deployment name (from env)
|
||||
# 2. RBAC limiting to dexorder-sandboxes namespace
|
||||
# 2. RBAC limiting to sandbox namespace
|
||||
# 3. Admission policy restricting deployment creation (already defined)
|
||||
|
||||
@@ -1,11 +1,11 @@
|
||||
# Namespace definitions for dexorder AI platform
|
||||
# - default: gateway, web, and infrastructure services
|
||||
# - dexorder-sandboxes: per-user sandbox containers (isolated, restricted)
|
||||
# - sandbox: per-user sandbox containers (isolated, restricted)
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: dexorder-sandboxes
|
||||
name: sandbox
|
||||
labels:
|
||||
app.kubernetes.io/part-of: dexorder
|
||||
dexorder.io/type: sandboxes
|
||||
|
||||
@@ -2,12 +2,12 @@
|
||||
# Sandboxes can only communicate with specific services, not with each other
|
||||
# or with the Kubernetes API
|
||||
---
|
||||
# Default deny all ingress and egress in sandboxes namespace
|
||||
# Default deny all ingress and egress in sandbox namespace
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: NetworkPolicy
|
||||
metadata:
|
||||
name: default-deny-all
|
||||
namespace: dexorder-sandboxes
|
||||
namespace: sandbox
|
||||
spec:
|
||||
podSelector: {}
|
||||
policyTypes:
|
||||
@@ -19,7 +19,7 @@ apiVersion: networking.k8s.io/v1
|
||||
kind: NetworkPolicy
|
||||
metadata:
|
||||
name: allow-gateway-ingress
|
||||
namespace: dexorder-sandboxes
|
||||
namespace: sandbox
|
||||
spec:
|
||||
podSelector:
|
||||
matchLabels:
|
||||
@@ -42,7 +42,7 @@ apiVersion: networking.k8s.io/v1
|
||||
kind: NetworkPolicy
|
||||
metadata:
|
||||
name: allow-sandbox-egress
|
||||
namespace: dexorder-sandboxes
|
||||
namespace: sandbox
|
||||
spec:
|
||||
podSelector:
|
||||
matchLabels:
|
||||
@@ -69,17 +69,6 @@ spec:
|
||||
ports:
|
||||
- protocol: TCP
|
||||
port: 3000
|
||||
# Kafka/Redpanda for data subscriptions
|
||||
- to:
|
||||
- namespaceSelector:
|
||||
matchLabels:
|
||||
dexorder.io/type: system
|
||||
podSelector:
|
||||
matchLabels:
|
||||
app: redpanda
|
||||
ports:
|
||||
- protocol: TCP
|
||||
port: 9092
|
||||
# External HTTPS (for exchange APIs, LLM APIs)
|
||||
- to:
|
||||
- ipBlock:
|
||||
@@ -93,7 +82,8 @@ spec:
|
||||
- protocol: TCP
|
||||
port: 443
|
||||
---
|
||||
# Default namespace: allow ingress from sandboxes to gateway
|
||||
# Allow ingress from sandboxes to gateway (no explicit namespace = context default)
|
||||
# In dev: applies to 'default' namespace. In prod: applies to 'ai' namespace.
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: NetworkPolicy
|
||||
metadata:
|
||||
|
||||
@@ -5,7 +5,7 @@ apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: sandbox-user-abc123
|
||||
namespace: dexorder-sandboxes
|
||||
namespace: sandbox
|
||||
labels:
|
||||
app.kubernetes.io/name: sandbox
|
||||
app.kubernetes.io/component: user-sandbox
|
||||
@@ -187,7 +187,7 @@ apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: sandbox-user-abc123-data
|
||||
namespace: dexorder-sandboxes
|
||||
namespace: sandbox
|
||||
labels:
|
||||
dexorder.io/user-id: user-abc123
|
||||
spec:
|
||||
@@ -203,7 +203,7 @@ apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: sandbox-user-abc123
|
||||
namespace: dexorder-sandboxes
|
||||
namespace: sandbox
|
||||
labels:
|
||||
dexorder.io/user-id: user-abc123
|
||||
spec:
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
# Resource constraints for the dexorder-sandboxes namespace
|
||||
# Resource constraints for the sandbox namespace
|
||||
# These limits apply regardless of what the gateway requests
|
||||
---
|
||||
# LimitRange: per-container defaults and maximums
|
||||
@@ -6,7 +6,7 @@ apiVersion: v1
|
||||
kind: LimitRange
|
||||
metadata:
|
||||
name: sandbox-limits
|
||||
namespace: dexorder-sandboxes
|
||||
namespace: sandbox
|
||||
spec:
|
||||
limits:
|
||||
# Default limits applied if deployment doesn't specify
|
||||
@@ -37,7 +37,7 @@ apiVersion: v1
|
||||
kind: ResourceQuota
|
||||
metadata:
|
||||
name: sandbox-quota
|
||||
namespace: dexorder-sandboxes
|
||||
namespace: sandbox
|
||||
spec:
|
||||
hard:
|
||||
# Total compute limits for all sandboxes combined
|
||||
|
||||
Reference in New Issue
Block a user