From 586c12d402310c386223122836736d6b6a2c1864 Mon Sep 17 00:00:00 2001
From: Sheogorath <sheogorath@shivering-isles.com>
Date: Mon, 4 Apr 2022 02:46:46 +0200
Subject: [PATCH] fix(dns): Add allow from everywhere network policy

This patch should add an "allow from everywhere" network policy for DNS
ports in order to allow the DNS service to function as intended.

This workaround is needed since the current network policy blocks all
traffic from outside the namespace, resulting in a non-working service.
---
 apps/k8s01/dns/kustomization.yaml |  1 +
 apps/k8s01/dns/networkpolicy.yaml | 18 ++++++++++++++++++
 2 files changed, 19 insertions(+)
 create mode 100644 apps/k8s01/dns/networkpolicy.yaml

diff --git a/apps/k8s01/dns/kustomization.yaml b/apps/k8s01/dns/kustomization.yaml
index 9309b0251..d2a1ad9fd 100644
--- a/apps/k8s01/dns/kustomization.yaml
+++ b/apps/k8s01/dns/kustomization.yaml
@@ -4,5 +4,6 @@ namespace: dns
 resources:
   - namespace.yaml
   - dns.yaml
+  - networkpolicy.yaml
   - ../../../shared/networkpolicies/allow-from-same-namespace.yaml
   - ../../../shared/resourcequotas/default.yaml
diff --git a/apps/k8s01/dns/networkpolicy.yaml b/apps/k8s01/dns/networkpolicy.yaml
new file mode 100644
index 000000000..ada5fc305
--- /dev/null
+++ b/apps/k8s01/dns/networkpolicy.yaml
@@ -0,0 +1,18 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: allow-from-everywhere-to-do53
+spec:
+  podSelector:
+    matchLabels:
+      app: resolver
+  ingress:
+  - from:
+    - ipBlock:
+        cidr: 0.0.0.0/0
+    ports:
+      - protocol: UDP
+        port: 53
+      - protocol: TCP
+        port: 53
-- 
GitLab