39 lines
1.0 KiB
YAML
39 lines
1.0 KiB
YAML
{{- if and .Values.fusionOperator.calicoNetpol.enabled (eq (include "parent.dataplaneMode" . ) "shared") }}
|
|
apiVersion: projectcalico.org/v3
|
|
kind: NetworkPolicy
|
|
metadata:
|
|
name: {{ template "fusionOperator.appName" . }}
|
|
namespace: {{ .Release.Namespace }}
|
|
spec:
|
|
order: 10
|
|
selector: dplane == 'fusion-operator'
|
|
types:
|
|
- Ingress
|
|
- Egress
|
|
egress:
|
|
# allow to communicate to DNS pods
|
|
- action: Allow
|
|
protocol: UDP
|
|
destination:
|
|
namespaceSelector: projectcalico.org/name == 'kube-system'
|
|
ports:
|
|
- 53
|
|
- action: Allow
|
|
protocol: TCP
|
|
destination:
|
|
namespaceSelector: projectcalico.org/name == 'kube-system'
|
|
ports:
|
|
- 53
|
|
# allow to communicate with k8s api server
|
|
- action: Allow
|
|
destination:
|
|
services:
|
|
name: kubernetes
|
|
namespace: default
|
|
protocol: TCP
|
|
### Traffic to the internet ###
|
|
- action: Allow
|
|
protocol: TCP
|
|
destination: {{ toYaml .Values.fusionOperator.calicoNetpol.outboundRule | nindent 8 }}
|
|
{{- end}}
|