--- kind: NetworkPolicy apiVersion: networking.k8s.io/v1 metadata: name: {{ include "selenoid.fullname" . }} labels: {{- include "selenoid.labels" . | nindent 4 }} spec: podSelector: matchLabels: {{- include "selenoid.selectorLabels" . | nindent 6 }} ingress: - {} egress: - to: - namespaceSelector: matchLabels: kubernetes.io/metadata.name: kube-system podSelector: matchLabels: k8s-app: coredns - namespaceSelector: matchLabels: kubernetes.io/metadata.name: kube-system podSelector: matchLabels: k8s-app: kubedns - namespaceSelector: matchLabels: kubernetes.io/metadata.name: kube-system podSelector: matchLabels: k8s-app: kube-dns - to: - ipBlock: cidr: 0.0.0.0/0 except: - 10.0.0.0/8 #kind: NetworkPolicy #apiVersion: networking.k8s.io/v1 #metadata: # name: default-deny-all #spec: # podSelector: {} # policyTypes: # - Egress # - Ingress --- #kind: NetworkPolicy #apiVersion: networking.k8s.io/v1 #metadata: # name: allow-internet-only #spec: # podSelector: {} # policyTypes: # - Egress # egress: # - to: # - ipBlock: # cidr: 0.0.0.0/0 # except: # - 10.0.0.0/8 # - 192.168.0.0/16 # - 172.16.0.0/20