Skip to content
Snippets Groups Projects
Normal view Permalink
allow-to-public-web.yaml 978 B
Newer Older
Sheogorath's avatar
feat(shields): Initial shields deployment
Sheogorath committed
1 2 3 4 5 6 7 
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: allow-to-public-web
spec:
  egress:
Sheogorath's avatar
feat(shared): Add explicit access to ingress controller  
Sheogorath committed
8 9 10 11 12 13 14 15 16 17 18 19 
  - to:
    - namespaceSelector:
        matchLabels:
          kubernetes.io/metadata.name: nginx-system
      podSelector:
        matchLabels:
          app.kubernetes.io/name: haproxy
    ports:
      - protocol: TCP
        port: 80
      - protocol: TCP
        port: 443
Sheogorath's avatar
feat(shields): Initial shields deployment
Sheogorath committed
20 21 22 23 24 25 26 27 28 29 30 31 32 33 
  - to:
    - ipBlock:
        except:
          - "192.168.0.0/16"
          - "172.16.0.0/12"
          - "10.0.0.0/8"
          - "169.254.0.0/16"
          - "100.64.0.0/10"
        cidr: 0.0.0.0/0
    ports:
      - protocol: TCP
        port: 80
      - protocol: TCP
        port: 443
Sheogorath's avatar
feat(shared): Add kube-dns to outgoing network policies  
Sheogorath committed
34 35 36 37 38 39 40 41 42 43 44 45 
  - to:
    - namespaceSelector:
        matchLabels:
          kubernetes.io/metadata.name: kube-system
      podSelector:
        matchLabels:
          k8s-app: kube-dns
      ports:
        - port: 53
          protocol: UDP
        - port: 53
          protocol: TCP
Sheogorath's avatar
feat(shields): Initial shields deployment
Sheogorath committed
46 47 
  policyTypes:
  - Egress