Skip to content

Commit f02e217

Browse files
danwinshipdanwinship
committed
Add missing CNCC NetworkPolicies
1 parent 33b40e4 commit f02e217

4 files changed

Lines changed: 44 additions & 1 deletion

File tree

bindata/cloud-network-config-controller/managed/networkpolicy.yaml

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,15 @@
1+
kind: NetworkPolicy
2+
apiVersion: networking.k8s.io/v1
3+
metadata:
4+
name: cloud-network-config-controller
5+
namespace: {{.HostedClusterNamespace}}
6+
spec:
7+
podSelector:
8+
matchLabels:
9+
app: cloud-network-config-controller
10+
policyTypes:
11+
- Egress
12+
egress:
13+
# CNCC needs access to apiserver and cloud APIs, possibly via a proxy... for now we
14+
# just allow all egress.
15+
- {}

bindata/cloud-network-config-controller/self-hosted/networkpolicy.yaml

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,15 @@
1+
kind: NetworkPolicy
2+
apiVersion: networking.k8s.io/v1
3+
metadata:
4+
name: cloud-network-config-controller
5+
namespace: openshift-cloud-network-config-controller
6+
spec:
7+
podSelector:
8+
matchLabels:
9+
app: cloud-network-config-controller
10+
policyTypes:
11+
- Egress
12+
egress:
13+
# CNCC needs access to apiserver and cloud APIs, possibly via a proxy... for now we
14+
# just allow all egress.
15+
- {}

bindata/network/ovn-kubernetes/managed/networkpolicy.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@ kind: NetworkPolicy
22
apiVersion: networking.k8s.io/v1
33
metadata:
44
name: ovn-kubernetes
5-
namespace: openshift-ovn-kubernetes
5+
namespace: {{.HostedClusterNamespace}}
66
spec:
77
podSelector:
88
matchLabels:

manifests/01-cncc-namespace.yaml

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -14,3 +14,16 @@ metadata:
1414
openshift.io/node-selector: ""
1515
openshift.io/description: "OpenShift cloud network config controller namespace - a controller used to manage cloud-level network configuration"
1616
workload.openshift.io/allowed: "management"
17+
---
18+
kind: NetworkPolicy
19+
apiVersion: networking.k8s.io/v1
20+
metadata:
21+
name: default-deny
22+
namespace: openshift-cloud-network-config-operator
23+
spec:
24+
podSelector: {}
25+
policyTypes:
26+
- Ingress
27+
- Egress
28+
ingress: []
29+
egress: []

0 commit comments

Comments
 (0)