feat(jellyfin): Add egress policy to restrict outgoing connections

7e31d336 · Sheogorath · fb7f5052 · 7e31d336 · 7e31d336
Verified Commit 7e31d336 authored 1 year ago by Sheogorath
--- a/apps/k8s01/jellyfin/kustomization.yaml
+++ b/apps/k8s01/jellyfin/kustomization.yaml
@@ -10,7 +10,10 @@ resources:
  - certificate.yaml
  - ingress.yaml
  - slo.yaml
+  - ../../../shared/networkpolicies/deny-by-default-ingress.yaml
+  - ../../../shared/networkpolicies/deny-by-default-egress.yaml
  - ../../../shared/networkpolicies/allow-from-ingress.yaml
+  - ../../../shared/networkpolicies/allow-to-public-web.yaml
  - ../../../shared/resourcequotas/default.yaml
 patchesStrategicMerge:
  - networkpolicy.yaml
\ No newline at end of file
--- a/apps/k8s01/jellyfin/networkpolicy.yaml
+++ b/apps/k8s01/jellyfin/networkpolicy.yaml
@@ -6,6 +6,19 @@ metadata:
  labels:
    app.kubernetes.io/name: jellyfin
    app.kubernetes.io/component: jellyfin
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: jellyfin
+      app.kubernetes.io/component: jellyfin
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: allow-to-public-web
+  labels:
+    app.kubernetes.io/name: jellyfin
+    app.kubernetes.io/component: jellyfin
 spec:
  podSelector:
    matchLabels: