github.com/rancher/elemental/tests@v0.0.0-20240517125144-ae048c615b3f/assets/hardened_cluster/networkpolicy.yaml (about) 1 kind: NetworkPolicy 2 apiVersion: networking.k8s.io/v1 3 metadata: 4 name: intra-namespace 5 namespace: kube-system 6 spec: 7 podSelector: {} 8 ingress: 9 - from: 10 - namespaceSelector: 11 matchLabels: 12 name: kube-system 13 --- 14 apiVersion: networking.k8s.io/v1 15 kind: NetworkPolicy 16 metadata: 17 name: default-network-dns-policy 18 namespace: kube-system 19 spec: 20 ingress: 21 - ports: 22 - port: 53 23 protocol: TCP 24 - port: 53 25 protocol: UDP 26 podSelector: 27 matchLabels: 28 k8s-app: kube-dns 29 policyTypes: 30 - Ingress 31 --- 32 apiVersion: networking.k8s.io/v1 33 kind: NetworkPolicy 34 metadata: 35 name: allow-all-metrics-server 36 namespace: kube-system 37 spec: 38 podSelector: 39 matchLabels: 40 k8s-app: metrics-server 41 ingress: 42 - {} 43 policyTypes: 44 - Ingress 45 --- 46 apiVersion: networking.k8s.io/v1 47 kind: NetworkPolicy 48 metadata: 49 name: allow-all-svclbtraefik-ingress 50 namespace: kube-system 51 spec: 52 podSelector: 53 matchLabels: 54 svccontroller.k3s.cattle.io/svcname: traefik 55 ingress: 56 - {} 57 policyTypes: 58 - Ingress 59 --- 60 apiVersion: networking.k8s.io/v1 61 kind: NetworkPolicy 62 metadata: 63 name: allow-all-traefik-v121-ingress 64 namespace: kube-system 65 spec: 66 podSelector: 67 matchLabels: 68 app.kubernetes.io/name: traefik 69 ingress: 70 - {} 71 policyTypes: 72 - Ingress