From 985c7729cf4f474810b3be29d63d5fab4b97fca7 Mon Sep 17 00:00:00 2001 From: nold <nold@gnu.one> Date: Tue, 11 Jan 2022 18:38:12 +0100 Subject: [PATCH] Fix: Ingress-External NetworkPolicy --- .../ingress-external/manifests/allow-kubeapi.yml | 14 ++++++++++++++ projects/ingress-external/project.yml | 4 ++-- 2 files changed, 16 insertions(+), 2 deletions(-) create mode 100644 projects/ingress-external/manifests/allow-kubeapi.yml diff --git a/projects/ingress-external/manifests/allow-kubeapi.yml b/projects/ingress-external/manifests/allow-kubeapi.yml new file mode 100644 index 00000000..5b228347 --- /dev/null +++ b/projects/ingress-external/manifests/allow-kubeapi.yml @@ -0,0 +1,14 @@ +apiVersion: "cilium.io/v2" +kind: CiliumNetworkPolicy +metadata: + name: "traefik-allow-kubeapi" +spec: + endpointSelector: + matchLabels: + app.kubernetes.io/name: traefik + app.kubernetes.io/instance: ingress-external + egress: + - toServices: + - k8sService: + serviceName: kubernetes + namespace: default diff --git a/projects/ingress-external/project.yml b/projects/ingress-external/project.yml index 75ebb50f..e7670cb5 100644 --- a/projects/ingress-external/project.yml +++ b/projects/ingress-external/project.yml @@ -4,9 +4,9 @@ config: config: allowNamespace: false rules: - #- allow-dns + - allow-dns - allow-ingress-traffic - #- allow-external-services + - allow-external-services #- allow-kubeapi apps: