From c520f042c6bd07ef2606d58a5a005669e9f4e5fd Mon Sep 17 00:00:00 2001
From: Jonas Juselius <jonas.juselius@itpartner.no>
Date: Fri, 22 Nov 2024 13:55:33 +0100
Subject: [PATCH] fix: allow atlatnis azure keyvault and blobstore

---
 policies/oceanbox/network/allow-azure-egress.yaml | 15 +++++++++++++++
 1 file changed, 15 insertions(+)
 create mode 100644 policies/oceanbox/network/allow-azure-egress.yaml

diff --git a/policies/oceanbox/network/allow-azure-egress.yaml b/policies/oceanbox/network/allow-azure-egress.yaml
new file mode 100644
index 00000000..0a473210
--- /dev/null
+++ b/policies/oceanbox/network/allow-azure-egress.yaml
@@ -0,0 +1,15 @@
+apiVersion: cilium.io/v2
+kind: CiliumClusterwideNetworkPolicy
+metadata:
+  name: allow-azure-egress
+spec:
+  egress:
+  - toFQDNs:
+    - matchName: atlantis.blob.core.windows.net
+    - matchName: atlantisvault.vault.azure.net
+    toPorts:
+    - ports:
+      - port: "443"
+        protocol: TCP
+  endpointSelector: {}
+