From 714fc614ee6d0a75dbd34da65ff325b2adff1d30 Mon Sep 17 00:00:00 2001
From: devops <cristiancruz0529@gmail.com>
Date: Sat, 20 Jun 2026 23:26:44 +0000
Subject: [PATCH] =?UTF-8?q?A=C3=B1adir=20overnance/nginx-compliance.yaml?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Para que tu despliegue sea digno de un entorno bancario, debemos asegurarnos de que la aplicación nginx herede las políticas que definimos previamente. En tu repositorio platform-infra, añade una nueva carpeta governance/nginx-compliance.yaml para asegurar que nadie pueda escalar los privilegios de nginx
---
 overnance/nginx-compliance.yaml | 15 +++++++++++++++
 1 file changed, 15 insertions(+)
 create mode 100644 overnance/nginx-compliance.yaml

diff --git a/overnance/nginx-compliance.yaml b/overnance/nginx-compliance.yaml
new file mode 100644
index 0000000..b7d3bb4
--- /dev/null
+++ b/overnance/nginx-compliance.yaml
@@ -0,0 +1,15 @@
+# governance/nginx-compliance.yaml
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: restrict-nginx-traffic
+  namespace: nginx-web
+spec:
+  podSelector:
+    matchLabels:
+      app: nginx
+  policyTypes:
+  - Ingress
+  ingress:
+  - from:
+    - podSelector: {} # Solo permite tráfico interno, bloqueando el resto
\ No newline at end of file