From 7e31d336d153c6d8d8465aca88004ab5c6d680fc Mon Sep 17 00:00:00 2001
From: Sheogorath <sheogorath@shivering-isles.com>
Date: Sun, 17 Dec 2023 18:56:08 +0100
Subject: [PATCH] feat(jellyfin): Add egress policy to restrict outgoing
 connections

---
 apps/k8s01/jellyfin/kustomization.yaml |  3 +++
 apps/k8s01/jellyfin/networkpolicy.yaml | 13 +++++++++++++
 2 files changed, 16 insertions(+)

diff --git a/apps/k8s01/jellyfin/kustomization.yaml b/apps/k8s01/jellyfin/kustomization.yaml
index 86e9a63d1..93d58e975 100644
--- a/apps/k8s01/jellyfin/kustomization.yaml
+++ b/apps/k8s01/jellyfin/kustomization.yaml
@@ -10,7 +10,10 @@ resources:
   - certificate.yaml
   - ingress.yaml
   - slo.yaml
+  - ../../../shared/networkpolicies/deny-by-default-ingress.yaml
+  - ../../../shared/networkpolicies/deny-by-default-egress.yaml
   - ../../../shared/networkpolicies/allow-from-ingress.yaml
+  - ../../../shared/networkpolicies/allow-to-public-web.yaml
   - ../../../shared/resourcequotas/default.yaml
 patchesStrategicMerge:
   - networkpolicy.yaml
\ No newline at end of file
diff --git a/apps/k8s01/jellyfin/networkpolicy.yaml b/apps/k8s01/jellyfin/networkpolicy.yaml
index 66e15f631..ab9a83f1d 100644
--- a/apps/k8s01/jellyfin/networkpolicy.yaml
+++ b/apps/k8s01/jellyfin/networkpolicy.yaml
@@ -6,6 +6,19 @@ metadata:
   labels:
     app.kubernetes.io/name: jellyfin
     app.kubernetes.io/component: jellyfin
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: jellyfin
+      app.kubernetes.io/component: jellyfin
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: allow-to-public-web
+  labels:
+    app.kubernetes.io/name: jellyfin
+    app.kubernetes.io/component: jellyfin
 spec:
   podSelector:
     matchLabels:
-- 
GitLab