allow lan

This commit is contained in:
2026-01-17 11:57:40 -05:00
parent f95d0f7cf0
commit 1b75746642
+9 -10
View File
@@ -8,29 +8,28 @@ spec:
matchExpressions: matchExpressions:
- key: app.kubernetes.io/name - key: app.kubernetes.io/name
operator: In operator: In
values: values: [znc, thelounge]
- znc policyTypes: [Ingress, Egress]
- thelounge
policyTypes:
- Ingress
- Egress
ingress: ingress:
# Allow all in-namespace traffic (includes Service -> Pod, Gateway -> Service -> Pod)
- from: - from:
- namespaceSelector: - namespaceSelector:
matchLabels: matchLabels:
kubernetes.io/metadata.name: irc kubernetes.io/metadata.name: irc
egress: egress:
# Allow in-namespace pod communication # namespace-local
- to: - to:
- namespaceSelector: - namespaceSelector:
matchLabels: matchLabels:
kubernetes.io/metadata.name: irc kubernetes.io/metadata.name: irc
# Allow public internet only (block RFC1918) # explicitly allowed home LAN
- to:
- ipBlock:
cidr: 192.168.195.0/24
# public internet only
- to: - to:
- ipBlock: - ipBlock:
cidr: 0.0.0.0/0 cidr: 0.0.0.0/0