From 7b4ef9c968d2dead02cfdaa1b7fc03d28ed97eed Mon Sep 17 00:00:00 2001
From: nold <nold@gnu.one>
Date: Sun, 11 Dec 2022 11:30:44 +0100
Subject: [PATCH] fix(netpol)

---
 projects/nextcloud/project.yaml |  1 +
 resources/networkpolicy.yml     | 12 +++++-------
 2 files changed, 6 insertions(+), 7 deletions(-)

diff --git a/projects/nextcloud/project.yaml b/projects/nextcloud/project.yaml
index 98680e21..3b6fb77d 100644
--- a/projects/nextcloud/project.yaml
+++ b/projects/nextcloud/project.yaml
@@ -5,6 +5,7 @@ config:
     - internet
     rules:
     - allow-minio
+    - allow-cnpg-nextcloud
 
   labels:
     environment: external
diff --git a/resources/networkpolicy.yml b/resources/networkpolicy.yml
index cfc367b1..614429e5 100644
--- a/resources/networkpolicy.yml
+++ b/resources/networkpolicy.yml
@@ -16,6 +16,7 @@ networkPolicy:
       - allow-dns
       - allow-proxy
       - allow-ingress
+      - allow-ingress-traffic
 
   rules:
   # Allow DNS to all Namespaces, deny everything else
@@ -45,9 +46,7 @@ networkPolicy:
 
     # Cloudnative PG
     allow-cnpg-nextcloud:
-      podSelector:
-        matchLabels:
-          cnpg.io/cluster: nextcloud
+      podSelector: {}
       policyTypes:
       - Egress
       egress:
@@ -55,9 +54,8 @@ networkPolicy:
         - port: 443
           protocol: TCP
         to:
-        - namespaceSelector:
-            matchLabels:
-              name: kube-system
+        - ipBlock:
+            cidr: 10.43.0.1/32
 
     # Allow access to internet proxy
     allow-proxy:
@@ -136,7 +134,7 @@ networkPolicy:
         to:
         - namespaceSelector:
             matchLabels:
-              name: minio
+              app.heqet.gnu.one/name: minio
 
     allow-ingress-traffic:
       podSelector: {}