github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/avd_docs/kubernetes/network/AVD-KUBE-0002/Terraform.md (about)

     1  
     2  Remove public access except where explicitly required
     3  
     4  ```hcl
     5   resource "kubernetes_network_policy" "good_example" {
     6     metadata {
     7       name      = "terraform-example-network-policy"
     8       namespace = "default"
     9     }
    10   
    11     spec {
    12       pod_selector {
    13         match_expressions {
    14           key      = "name"
    15           operator = "In"
    16           values   = ["webfront", "api"]
    17         }
    18       }
    19   
    20       egress {
    21         ports {
    22           port     = "http"
    23           protocol = "TCP"
    24         }
    25         ports {
    26           port     = "8125"
    27           protocol = "UDP"
    28         }
    29   
    30         to {
    31           ip_block {
    32             cidr = "10.0.0.0/16"
    33             except = [
    34               "10.0.0.0/24",
    35               "10.0.1.0/24",
    36             ]
    37           }
    38         }
    39       }
    40   
    41       ingress {
    42         ports {
    43           port     = "http"
    44           protocol = "TCP"
    45         }
    46         ports {
    47           port     = "8125"
    48           protocol = "UDP"
    49         }
    50   
    51         from {
    52           ip_block {
    53             cidr = "10.0.0.0/16"
    54             except = [
    55               "10.0.0.0/24",
    56               "10.0.1.0/24",
    57             ]
    58           }
    59         }
    60       }
    61   
    62       policy_types = ["Ingress", "Egress"]
    63     }
    64   }
    65   
    66  ```
    67  
    68  #### Remediation Links
    69   - https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy#spec.ingress.from.ip_block.cidr
    70