github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/avd_docs/kubernetes/network/AVD-KUBE-0001/Terraform.md (about) 1 2 Remove public access except where explicitly required 3 4 ```hcl 5 resource "kubernetes_network_policy" "good_example" { 6 metadata { 7 name = "terraform-example-network-policy" 8 namespace = "default" 9 } 10 11 spec { 12 pod_selector { 13 match_expressions { 14 key = "name" 15 operator = "In" 16 values = ["webfront", "api"] 17 } 18 } 19 20 ingress { 21 ports { 22 port = "http" 23 protocol = "TCP" 24 } 25 ports { 26 port = "8125" 27 protocol = "UDP" 28 } 29 30 from { 31 ip_block { 32 cidr = "10.0.0.0/16" 33 except = [ 34 "10.0.0.0/24", 35 "10.0.1.0/24", 36 ] 37 } 38 } 39 } 40 41 egress { 42 ports { 43 port = "http" 44 protocol = "TCP" 45 } 46 ports { 47 port = "8125" 48 protocol = "UDP" 49 } 50 51 to { 52 ip_block { 53 cidr = "0.0.0.0/0" 54 except = [ 55 "10.0.0.0/24", 56 "10.0.1.0/24", 57 ] 58 } 59 } 60 } 61 62 policy_types = ["Ingress", "Egress"] 63 } 64 } 65 66 ``` 67 68 #### Remediation Links 69 - https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy#spec.ingress.from.ip_block.cidr 70