Fix: ingress-external network policy

projects/drone/project.yml

@@ -8,6 +8,9 @@ config:
     - allow-runner
     - allow-minio
 
+  labels:
+    environment: external
+
 apps:
   - name: drone
     repoURL: https://github.com/nold360/drone-charts.git

projects/gitea/project.yml

@@ -5,6 +5,10 @@ config:
     - internet
     rules:
     - allow-ssh
+
+  labels:
+    environment: external
+
 apps:
 - name: gitea
   repoURL: https://dl.gitea.io/charts/

projects/ingress-external/project.yml

@@ -3,6 +3,8 @@ config:
   networkPolicy:
     rules:
     - allow-dns
+    - allow-ingress-traffic
+    - allow-external-services
 
 apps:
 - name: ingress-external

projects/nextcloud/project.yaml

@@ -3,6 +3,10 @@ config:
   networkPolicy:
     groups:
     - internet
+ 
+  labels:
+    environment: external
+
 apps:
 - name: nextcloud
   repoURL: https://nextcloud.github.io/helm

resources/networkpolicy.yml

@@ -68,7 +68,7 @@ networkPolicy:
       - from:
         - namespaceSelector:
             matchLabels:
-              app.heqet.gnu.one/name: ingress-external
+              project.heqet.gnu.one/name: ingress-external
 
     # Allow SSH for Gitea
     allow-ssh:
@@ -134,3 +134,22 @@ networkPolicy:
         - namespaceSelector:
             matchLabels:
               name: minio
+
+    allow-ingress-traffic:
+      podSelector: {}
+      policyTypes:
+      - Ingress
+      ingress:
+      - {}
+
+    allow-external-services:
+      podSelector: {}
+      policyTypes:
+      - Egress
+      egress:
+      - to:
+        - namespaceSelector:
+            matchLabels:
+              environment: external
+
+