From bb10eea1103d0be3ae0ab85c09c4d25ec97d7adc Mon Sep 17 00:00:00 2001
From: Sheogorath <sheogorath@shivering-isles.com>
Date: Sat, 5 Feb 2022 00:20:23 +0100
Subject: [PATCH] fix(metallb): Provide basic network policies

This patch should provide some basic network policies for the metallb
namespace helping to restrict access to services running inside.
---
 infrastructure/metallb/kustomization.yaml |  4 ++++
 infrastructure/metallb/networkpolicy.yaml | 10 ++++++++++
 2 files changed, 14 insertions(+)
 create mode 100644 infrastructure/metallb/networkpolicy.yaml

diff --git a/infrastructure/metallb/kustomization.yaml b/infrastructure/metallb/kustomization.yaml
index 16a58318b..e6653c792 100644
--- a/infrastructure/metallb/kustomization.yaml
+++ b/infrastructure/metallb/kustomization.yaml
@@ -5,3 +5,7 @@ resources:
   - namespace.yaml
   - repository.yaml
   - release.yaml
+  - ../../shared/networkpolicies/allow-from-same-namespace.yaml
+  - ../../shared/networkpolicies/allow-from-monitoring.yaml
+patchesStrategicMerge:
+  - networkpolicy.yaml
diff --git a/infrastructure/metallb/networkpolicy.yaml b/infrastructure/metallb/networkpolicy.yaml
new file mode 100644
index 000000000..11f859b7f
--- /dev/null
+++ b/infrastructure/metallb/networkpolicy.yaml
@@ -0,0 +1,10 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: allow-from-monitoring
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/instance: metallb
+      app.kubernetes.io/name: metallb
-- 
GitLab