From 58da7c28cb73b945aaefbd55e5705ace55422064 Mon Sep 17 00:00:00 2001
From: Sheogorath <sheogorath@shivering-isles.com>
Date: Sun, 3 Oct 2021 11:07:22 +0200
Subject: [PATCH] Update calico settings

---
 infrastructure/calico/release.yaml            | 14 +++++++++
 ...-from-same-namespace-network-policies.yaml | 29 +++++++++++++++++++
 2 files changed, 43 insertions(+)
 create mode 100644 infrastructure/kyverno/allow-from-same-namespace-network-policies.yaml

diff --git a/infrastructure/calico/release.yaml b/infrastructure/calico/release.yaml
index 2b328d833..12d830084 100644
--- a/infrastructure/calico/release.yaml
+++ b/infrastructure/calico/release.yaml
@@ -13,3 +13,17 @@ spec:
         name: projectcalico
       version: v3.20.1
   interval: 15m
+  values:
+    installation:
+      enabled: true
+      kubernetesProvider: ""
+      calicoNetwork:
+        bgp: Disabled
+        hostPorts: Enabled
+        ipPools:
+          - blockSize: 26
+            cidr: 192.168.0.0/16
+            encapsulation: VXLAN
+            natOutgoing: Enabled
+            nodeSelector: all()
+
diff --git a/infrastructure/kyverno/allow-from-same-namespace-network-policies.yaml b/infrastructure/kyverno/allow-from-same-namespace-network-policies.yaml
new file mode 100644
index 000000000..b0b39faa3
--- /dev/null
+++ b/infrastructure/kyverno/allow-from-same-namespace-network-policies.yaml
@@ -0,0 +1,29 @@
+apiVersion: kyverno.io/v1
+kind: ClusterPolicy
+metadata:
+  name: default
+spec:
+  rules:
+  - name: allow-from-same-namespace
+    match:
+      resources:
+        kinds:
+        - Namespace
+    exclude:
+      resources:
+        namespaces:
+        - *-system
+        - default
+        - kube-public
+        - kyverno
+    generate:
+      apiVersion: networking.k8s.io/v1
+      kind: NetworkPolicy
+      metadata:
+        name: allow-from-same-namespace-managed
+        namespace: {{request.object.metadata.name}}
+      spec:
+        podSelector: {}
+        ingress:
+        - from:
+          - podSelector: {}
-- 
GitLab