add(netpol): allow cnpg2kubeapi

This commit is contained in:
nold 2022-12-15 17:46:52 +01:00
parent ba5fc52966
commit e84294b2c2
4 changed files with 32 additions and 27 deletions

View file

@ -0,0 +1,16 @@
apiVersion: "cilium.io/v2"
kind: CiliumNetworkPolicy
metadata:
name: allow-cnpg-kubeapi
namespace: gitea
spec:
endpointSelector:
matchLabels:
cnpg.io/podRole: instance
egress:
- toEntities:
- kube-apiserver
- toPorts:
- ports:
- port: "6443"
protocol: TCP

View file

@ -0,0 +1,16 @@
apiVersion: "cilium.io/v2"
kind: CiliumNetworkPolicy
metadata:
name: allow-cnpg-kubeapi
namespace: nextcloud
spec:
endpointSelector:
matchLabels:
cnpg.io/podRole: instance
egress:
- toEntities:
- kube-apiserver
- toPorts:
- ports:
- port: "6443"
protocol: TCP

View file

@ -5,7 +5,6 @@ config:
- internet - internet
rules: rules:
- allow-minio - allow-minio
- allow-cnpg-nextcloud
labels: labels:
environment: external environment: external

View file

@ -31,32 +31,6 @@ networkPolicy:
to: to:
- namespaceSelector: {} - namespaceSelector: {}
allow-kubeapi:
podSelector: {}
policyTypes:
- Egress
egress:
- ports:
- port: 443
protocol: TCP
to:
- namespaceSelector:
matchLabels:
name: kube-system
# Cloudnative PG
allow-cnpg-nextcloud:
podSelector: {}
policyTypes:
- Egress
egress:
- ports:
- port: 443
protocol: TCP
to:
- ipBlock:
cidr: 10.43.0.1/32
# Allow access to internet proxy # Allow access to internet proxy
allow-proxy: allow-proxy:
podSelector: {} podSelector: {}