From 985c7729cf4f474810b3be29d63d5fab4b97fca7 Mon Sep 17 00:00:00 2001
From: nold <nold@gnu.one>
Date: Tue, 11 Jan 2022 18:38:12 +0100
Subject: [PATCH] Fix: Ingress-External NetworkPolicy

---
 .../ingress-external/manifests/allow-kubeapi.yml   | 14 ++++++++++++++
 projects/ingress-external/project.yml              |  4 ++--
 2 files changed, 16 insertions(+), 2 deletions(-)
 create mode 100644 projects/ingress-external/manifests/allow-kubeapi.yml

diff --git a/projects/ingress-external/manifests/allow-kubeapi.yml b/projects/ingress-external/manifests/allow-kubeapi.yml
new file mode 100644
index 00000000..5b228347
--- /dev/null
+++ b/projects/ingress-external/manifests/allow-kubeapi.yml
@@ -0,0 +1,14 @@
+apiVersion: "cilium.io/v2"
+kind: CiliumNetworkPolicy
+metadata:
+  name: "traefik-allow-kubeapi"
+spec:
+  endpointSelector:
+    matchLabels:
+      app.kubernetes.io/name: traefik
+      app.kubernetes.io/instance: ingress-external
+  egress:
+  - toServices:
+    - k8sService:
+        serviceName: kubernetes
+        namespace: default
diff --git a/projects/ingress-external/project.yml b/projects/ingress-external/project.yml
index 75ebb50f..e7670cb5 100644
--- a/projects/ingress-external/project.yml
+++ b/projects/ingress-external/project.yml
@@ -4,9 +4,9 @@ config:
     config:
       allowNamespace: false
     rules:
-    #- allow-dns
+    - allow-dns
     - allow-ingress-traffic
-    #- allow-external-services
+    - allow-external-services
     #- allow-kubeapi
 
 apps: