66 lines
1.3 KiB
YAML
66 lines
1.3 KiB
YAML
---
|
|
kind: NetworkPolicy
|
|
apiVersion: networking.k8s.io/v1
|
|
metadata:
|
|
name: {{ include "selenoid.fullname" . }}
|
|
labels:
|
|
{{- include "selenoid.labels" . | nindent 4 }}
|
|
spec:
|
|
podSelector:
|
|
matchLabels:
|
|
{{- include "selenoid.selectorLabels" . | nindent 6 }}
|
|
ingress:
|
|
- {}
|
|
egress:
|
|
- to:
|
|
- namespaceSelector:
|
|
matchLabels:
|
|
kubernetes.io/metadata.name: kube-system
|
|
podSelector:
|
|
matchLabels:
|
|
k8s-app: coredns
|
|
- namespaceSelector:
|
|
matchLabels:
|
|
kubernetes.io/metadata.name: kube-system
|
|
podSelector:
|
|
matchLabels:
|
|
k8s-app: kubedns
|
|
- namespaceSelector:
|
|
matchLabels:
|
|
kubernetes.io/metadata.name: kube-system
|
|
podSelector:
|
|
matchLabels:
|
|
k8s-app: kube-dns
|
|
- to:
|
|
- ipBlock:
|
|
cidr: 0.0.0.0/0
|
|
except:
|
|
- 10.0.0.0/8
|
|
#kind: NetworkPolicy
|
|
#apiVersion: networking.k8s.io/v1
|
|
#metadata:
|
|
# name: default-deny-all
|
|
#spec:
|
|
# podSelector: {}
|
|
# policyTypes:
|
|
# - Egress
|
|
# - Ingress
|
|
---
|
|
#kind: NetworkPolicy
|
|
#apiVersion: networking.k8s.io/v1
|
|
#metadata:
|
|
# name: allow-internet-only
|
|
#spec:
|
|
# podSelector: {}
|
|
# policyTypes:
|
|
# - Egress
|
|
# egress:
|
|
# - to:
|
|
# - ipBlock:
|
|
# cidr: 0.0.0.0/0
|
|
# except:
|
|
# - 10.0.0.0/8
|
|
# - 192.168.0.0/16
|
|
# - 172.16.0.0/20
|
|
|