From c4eb13e1386b768ed8808e32e4d5f479acb267e3 Mon Sep 17 00:00:00 2001
From: Sheogorath <sheogorath@shivering-isles.com>
Date: Fri, 28 Jan 2022 22:45:58 +0100
Subject: [PATCH] feat(longhorn): Restrict network access

---
 infrastructure/longhorn/kustomization.yaml | 9 +++++++++
 infrastructure/longhorn/networkpolicy.yaml | 8 ++++++++
 2 files changed, 17 insertions(+)
 create mode 100644 infrastructure/longhorn/networkpolicy.yaml

diff --git a/infrastructure/longhorn/kustomization.yaml b/infrastructure/longhorn/kustomization.yaml
index 844330355..6224fb6ce 100644
--- a/infrastructure/longhorn/kustomization.yaml
+++ b/infrastructure/longhorn/kustomization.yaml
@@ -5,3 +5,12 @@ resources:
   - namespace.yaml
   - repository.yaml
   - release.yaml
+  # Add network policies
+  - https://git.shivering-isles.com/github-mirror/longhorn/longhorn/-/raw/v1.2.3/examples/network-policy/manager-network-policy.yaml
+  - https://git.shivering-isles.com/github-mirror/longhorn/longhorn/-/raw/v1.2.3/examples/network-policy/instance-manager-networking.yaml
+  - https://git.shivering-isles.com/github-mirror/longhorn/longhorn/-/raw/v1.2.3/examples/network-policy/backing-image-manager-network-policy.yaml
+  - https://git.shivering-isles.com/github-mirror/longhorn/longhorn/-/raw/v1.2.3/examples/network-policy/backing-image-data-source-network-policy.yaml
+  - ../../../shared/networkpolicies/allow-from-ingress.yaml
+patchesStrategicMerge:
+  - networkpolicy.yaml
+
diff --git a/infrastructure/longhorn/networkpolicy.yaml b/infrastructure/longhorn/networkpolicy.yaml
new file mode 100644
index 000000000..7bccdebf8
--- /dev/null
+++ b/infrastructure/longhorn/networkpolicy.yaml
@@ -0,0 +1,8 @@
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: allow-ingress
+spec:
+  podSelector:
+    matchLabels:
+      app: longhorn-ui
-- 
GitLab