2martens
/
cloud-configuration-legacy
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fixed network policies for host routing

This commit is contained in:
Jim Martens 2023-11-18 12:32:24 +01:00
parent 35ef41ef45
commit 25ff4f1bb1
2 changed files with 6 additions and 70 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
helm/cluster_setup/templates/cilium/hubble-relay-networkpolicy.yaml
View File

@ -30,40 +30,8 @@ specs:
- world
toPorts:
- ports:
- port: '53'
protocol: UDP
- port: '443'
protocol: TCP
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: hubble-relay
namespace: kube-system
spec:
podSelector:
matchLabels:
k8s-app: hubble-relay
policyTypes:
- Ingress
- Egress
ingress:
- from:
- podSelector:
matchLabels:
k8s-app: hubble-ui
ports:
- port: '80'
protocol: TCP
- port: '4245'
protocol: TCP
egress:
- to:
- namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: kube-system
- podSelector:
matchLabels:
k8s-app: kube-dns
ports:
- port: '53'
protocol: UDP
{{- end }}

40
helm/cluster_setup/templates/cilium/hubble-ui-networkpolicy.yaml
View File

@ -16,8 +16,6 @@ specs:
io.cilium.k8s.policy.serviceaccount: hubble-ui
toPorts:
- ports:
- port: '80'
protocol: TCP
- port: '4245'
protocol: TCP
- endpointSelector:
@ -37,40 +35,10 @@ specs:
- world
toPorts:
- ports:
- port: '53'
protocol: UDP
- port: '80'
protocol: TCP
- port: '443'
protocol: TCP
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: hubble-ui
namespace: kube-system
spec:
podSelector:
matchLabels:
k8s-app: hubble-ui
policyTypes:
- Egress
egress:
- to:
- podSelector:
matchLabels:
k8s-app: hubble-relay
ports:
- port: '80'
protocol: TCP
- port: '4245'
protocol: TCP
- to:
- namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: kube-system
- podSelector:
matchLabels:
k8s-app: kube-dns
ports:
- port: '53'
protocol: UDP
---
{{- end }}