40 lines
883 B
YAML
40 lines
883 B
YAML
apiVersion: networking.k8s.io/v1
|
|
kind: NetworkPolicy
|
|
metadata:
|
|
name: irc
|
|
namespace: irc
|
|
spec:
|
|
podSelector:
|
|
matchExpressions:
|
|
- key: app.kubernetes.io/name
|
|
operator: In
|
|
values:
|
|
- znc
|
|
- thelounge
|
|
|
|
policyTypes:
|
|
- Ingress
|
|
- Egress
|
|
|
|
ingress:
|
|
# Allow all in-namespace traffic (includes Service -> Pod, Gateway -> Service -> Pod)
|
|
- from:
|
|
- namespaceSelector:
|
|
matchLabels:
|
|
kubernetes.io/metadata.name: irc
|
|
|
|
egress:
|
|
# Allow in-namespace pod communication
|
|
- to:
|
|
- namespaceSelector:
|
|
matchLabels:
|
|
kubernetes.io/metadata.name: irc
|
|
|
|
# Allow public internet only (block RFC1918)
|
|
- to:
|
|
- ipBlock:
|
|
cidr: 0.0.0.0/0
|
|
except:
|
|
- 10.0.0.0/8
|
|
- 172.16.0.0/12
|
|
- 192.168.0.0/16 |