36 lines
889 B
YAML
36 lines
889 B
YAML
{{- if .Values.clusterConfig.cilium.enabled }}
|
|
apiVersion: cilium.io/v2
|
|
kind: CiliumNetworkPolicy
|
|
metadata:
|
|
name: allow-gc-egress
|
|
namespace: niks3
|
|
spec:
|
|
description: niks3-gc job egress to the in-namespace niks3 server and kube-dns
|
|
endpointSelector:
|
|
matchLabels:
|
|
app: niks3-gc
|
|
egress:
|
|
# niks3 server HTTP API (same namespace)
|
|
- toEndpoints:
|
|
- matchLabels:
|
|
io.kubernetes.pod.namespace: niks3
|
|
toPorts:
|
|
- ports:
|
|
- port: "5751"
|
|
protocol: TCP
|
|
# DNS resolution
|
|
- toEndpoints:
|
|
- matchLabels:
|
|
io.kubernetes.pod.namespace: kube-system
|
|
k8s-app: kube-dns
|
|
toPorts:
|
|
- ports:
|
|
- port: "53"
|
|
protocol: UDP
|
|
- port: "53"
|
|
protocol: TCP
|
|
rules:
|
|
dns:
|
|
- matchPattern: "*"
|
|
{{- end }}
|