[Fix] Actuator 포트 네트워크 접근 제한

[pooreumjung]

🧾 요약

• Actuator 관리 포트(9090)를 Kubernetes NetworkPolicy로 monitoring 네임스페이스에서만 접근 가능하도록 제한

🔗 이슈

• close [fix] Actuator 엔드포인트 전체 permitAll 노출 #215

✨ 변경 내용

• k8s/app/network-policy.yaml 추가 — 앱 포트(8080) 전체 허용, 관리 포트(9090)는 monitoring 네임스페이스만 허용
• k8s/kustomization.yaml에 network-policy 리소스 등록

✅ 확인

• 빌드 OK
• 테스트 OK

[coderabbitai]

Important

Review skipped

Auto reviews are disabled on this repository. Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro Plus

Run ID: b50cefe8-50ea-428e-9b5b-79168a2fa455

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/#215-actuator-security

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

이 PR은 애플리케이션의 보안을 강화하기 위해 Actuator 관리 포트에 대한 네트워크 접근 제어를 구현합니다. Kubernetes NetworkPolicy를 활용하여 외부 접근을 차단하고 모니터링 시스템에서만 접근할 수 있도록 제한함으로써 보안성을 높였습니다.

Highlights

• 네트워크 보안 강화: Kubernetes NetworkPolicy를 도입하여 Actuator 관리 포트(9090)에 대한 접근을 monitoring 네임스페이스로 제한했습니다.
• 설정 통합: Kustomize 리소스 목록에 새로운 네트워크 정책 파일을 추가하여 배포 구성에 포함시켰습니다.

New Features

🧠 You can now enable Memory (public preview) to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize the Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counterproductive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

이번 풀 리퀘스트는 semosan-api 파드에 대한 네트워크 접근 제어를 위해 k8s/app/network-policy.yaml 파일을 신규 생성하고, 이를 k8s/kustomization.yaml에 리소스로 추가합니다. 구체적으로는 8080 포트에 대한 인그레스 허용 및 monitoring 네임스페이스로부터의 9090 포트 접근 허용을 정의하고 있습니다. 변경 사항에 대해 특별히 제시할 피드백은 없습니다.

Important

The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.