NationTech/harmony
6
0
Fork 1
Code Issues 32 Pull Requests 6 Actions Packages Projects Releases 1 Wiki Activity
11481b16cd
harmony/adr/011-tenant/NetworkPolicy.yaml
Jean-Gabriel Gill-Couture 00e71b97f6
All checks were successful
Run Check Script / check (push) Successful in 1m49s
Details
Run Check Script / check (pull_request) Successful in 1m48s
Details
chore: Move ADR helper files into folders with their corresponding ADR number
2025-06-09 13:54:23 -04:00

42 lines
1.2 KiB
YAML
Raw Blame History

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: tenant-isolation-policy
namespace: testtenant
spec:
podSelector: {} # Selects all pods in the namespace
policyTypes:
- Ingress
- Egress
ingress:
- from:
- podSelector: {} # Allow from all pods in the same namespace
egress:
- to:
- podSelector: {} # Allow to all pods in the same namespace
- to:
- podSelector: {}
namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: openshift-dns # Target the openshift-dns namespace
# Note, only opening port 53 is not enough, will have to dig deeper into this one eventually
# ports:
# - protocol: UDP
# port: 53
# - protocol: TCP
# port: 53
# Allow egress to public internet only
- to:
- ipBlock:
cidr: 0.0.0.0/0
except:
- 10.0.0.0/8 # RFC1918
- 172.16.0.0/12 # RFC1918
- 192.168.0.0/16 # RFC1918
- 169.254.0.0/16 # Link-local
- 127.0.0.0/8 # Loopback
- 224.0.0.0/4 # Multicast
- 240.0.0.0/4 # Reserved
- 100.64.0.0/10 # Carrier-grade NAT
- 0.0.0.0/8 # Reserved
Reference in New Issue View Git Blame Copy Permalink