From c44174097ba2c379823561e06c9b1f86fea934a0 Mon Sep 17 00:00:00 2001 From: Evan Johnson Date: Thu, 16 May 2024 09:46:26 -0400 Subject: [PATCH] add NB endpoint to cluster policy --- docs/src/topics/firewalling.md | 2 +- .../cilium-network-policies/ciliumNetworkPolicies.yaml | 5 +++++ templates/flavors/k3s/ciliumNetworkPolicies.yaml | 5 +++++ templates/flavors/rke2/ciliumNetworkPolicies.yaml | 1 + 4 files changed, 12 insertions(+), 1 deletion(-) diff --git a/docs/src/topics/firewalling.md b/docs/src/topics/firewalling.md index 72c7f3db4..7e1a3cebf 100644 --- a/docs/src/topics/firewalling.md +++ b/docs/src/topics/firewalling.md @@ -57,7 +57,7 @@ spec: - port: "9345" - port: "6443" ``` -additional rules can be added by creating a new policy +Alternatively, additional rules can be added by creating a new policy ```yaml apiVersion: "cilium.io/v2" kind: CiliumClusterwideNetworkPolicy diff --git a/templates/addons/cilium-network-policies/ciliumNetworkPolicies.yaml b/templates/addons/cilium-network-policies/ciliumNetworkPolicies.yaml index fbe7ee080..bae9fdbd9 100644 --- a/templates/addons/cilium-network-policies/ciliumNetworkPolicies.yaml +++ b/templates/addons/cilium-network-policies/ciliumNetworkPolicies.yaml @@ -16,6 +16,7 @@ data: - cluster - fromCIDR: - 10.0.0.0/8 + - 192.168.128.0/17 --- apiVersion: "cilium.io/v2" kind: CiliumClusterwideNetworkPolicy @@ -25,6 +26,10 @@ data: description: "allow etcd & api server traffic" nodeSelector: {} ingress: + - fromEntities: + - cluster + - fromCIDR: + - 10.0.0.0/8 - fromEntities: - world toPorts: diff --git a/templates/flavors/k3s/ciliumNetworkPolicies.yaml b/templates/flavors/k3s/ciliumNetworkPolicies.yaml index 1c7244957..9d4efdfe4 100644 --- a/templates/flavors/k3s/ciliumNetworkPolicies.yaml +++ b/templates/flavors/k3s/ciliumNetworkPolicies.yaml @@ -16,6 +16,7 @@ data: - cluster - fromCIDR: - 10.0.0.0/8 + - 192.168.128.0/17 --- apiVersion: "cilium.io/v2" kind: CiliumClusterwideNetworkPolicy @@ -25,6 +26,10 @@ data: description: "allow etcd & api server traffic" nodeSelector: {} ingress: + - fromEntities: + - cluster + - fromCIDR: + - 10.0.0.0/8 - fromEntities: - world toPorts: diff --git a/templates/flavors/rke2/ciliumNetworkPolicies.yaml b/templates/flavors/rke2/ciliumNetworkPolicies.yaml index 913036640..bae9fdbd9 100644 --- a/templates/flavors/rke2/ciliumNetworkPolicies.yaml +++ b/templates/flavors/rke2/ciliumNetworkPolicies.yaml @@ -16,6 +16,7 @@ data: - cluster - fromCIDR: - 10.0.0.0/8 + - 192.168.128.0/17 --- apiVersion: "cilium.io/v2" kind: CiliumClusterwideNetworkPolicy