From 52f276d75e5e5828f9dd45c9d7340dd0b1e9863b Mon Sep 17 00:00:00 2001
From: Sheogorath <sheogorath@shivering-isles.com>
Date: Sat, 5 Feb 2022 00:28:24 +0100
Subject: [PATCH] fix(kube-system): Add non-blocking network policy

Since kube-system is a bit delicate when it comes to blocking, this
intial network policy tries to not block anything in order to keep
everything working. This might be the solution to the
globalnetworkpolicy issue.
---
 infrastructure/kube-system/kustomization.yaml         |  1 +
 shared/networkpolicies/allow-from-all-namespaces.yaml | 11 +++++++++++
 2 files changed, 12 insertions(+)
 create mode 100644 shared/networkpolicies/allow-from-all-namespaces.yaml

diff --git a/infrastructure/kube-system/kustomization.yaml b/infrastructure/kube-system/kustomization.yaml
index 5c2af8529..bc66966b3 100644
--- a/infrastructure/kube-system/kustomization.yaml
+++ b/infrastructure/kube-system/kustomization.yaml
@@ -6,3 +6,4 @@ resources:
   - quorum.yaml
   - descheduler.yaml
   - metrics-server.yaml
+  - ../../shared/networkpolicies/allow-from-all-namespaces.yaml
diff --git a/shared/networkpolicies/allow-from-all-namespaces.yaml b/shared/networkpolicies/allow-from-all-namespaces.yaml
new file mode 100644
index 000000000..462912dae
--- /dev/null
+++ b/shared/networkpolicies/allow-from-all-namespaces.yaml
@@ -0,0 +1,11 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: allow-all-ingress
+spec:
+  podSelector: {}
+  ingress:
+  - {}
+  policyTypes:
+  - Ingress
-- 
GitLab