allow lan
This commit is contained in:
+9
-10
@@ -8,29 +8,28 @@ spec:
|
|||||||
matchExpressions:
|
matchExpressions:
|
||||||
- key: app.kubernetes.io/name
|
- key: app.kubernetes.io/name
|
||||||
operator: In
|
operator: In
|
||||||
values:
|
values: [znc, thelounge]
|
||||||
- znc
|
policyTypes: [Ingress, Egress]
|
||||||
- thelounge
|
|
||||||
|
|
||||||
policyTypes:
|
|
||||||
- Ingress
|
|
||||||
- Egress
|
|
||||||
|
|
||||||
ingress:
|
ingress:
|
||||||
# Allow all in-namespace traffic (includes Service -> Pod, Gateway -> Service -> Pod)
|
|
||||||
- from:
|
- from:
|
||||||
- namespaceSelector:
|
- namespaceSelector:
|
||||||
matchLabels:
|
matchLabels:
|
||||||
kubernetes.io/metadata.name: irc
|
kubernetes.io/metadata.name: irc
|
||||||
|
|
||||||
egress:
|
egress:
|
||||||
# Allow in-namespace pod communication
|
# namespace-local
|
||||||
- to:
|
- to:
|
||||||
- namespaceSelector:
|
- namespaceSelector:
|
||||||
matchLabels:
|
matchLabels:
|
||||||
kubernetes.io/metadata.name: irc
|
kubernetes.io/metadata.name: irc
|
||||||
|
|
||||||
# Allow public internet only (block RFC1918)
|
# explicitly allowed home LAN
|
||||||
|
- to:
|
||||||
|
- ipBlock:
|
||||||
|
cidr: 192.168.195.0/24
|
||||||
|
|
||||||
|
# public internet only
|
||||||
- to:
|
- to:
|
||||||
- ipBlock:
|
- ipBlock:
|
||||||
cidr: 0.0.0.0/0
|
cidr: 0.0.0.0/0
|
||||||
|
|||||||
Reference in New Issue
Block a user