cleanup network access

networkpolicy.yaml

@@ -0,0 +1,36 @@
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: irc
+  namespace: irc
+spec:
+  podSelector:
+    matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: In
+        values:
+          - znc
+          - thelounge
+
+  policyTypes:
+    - Ingress
+    - Egress
+
+  ingress:
+    # Allow traffic only from pods in the same namespace
+    - from:
+        - podSelector: {}
+
+  egress:
+    # Allow traffic to pods in the same namespace
+    - to:
+        - podSelector: {}
+
+    # Allow traffic to public internet (RFC1918 explicitly blocked)
+    - to:
+        - ipBlock:
+            cidr: 0.0.0.0/0
+            except:
+              - 10.0.0.0/8
+              - 172.16.0.0/12
+              - 192.168.0.0/16