From 3ff2398074d9aa4404ac00dfb8ffec16746732fa Mon Sep 17 00:00:00 2001
From: JJGadgets <git@jjgadgets.tech>
Date: Fri, 23 Feb 2024 04:47:31 +0800
Subject: [PATCH] fix(redbot): allow PyPi & GitHub

---
 kube/deploy/apps/redbot/app/hr.yaml           |  2 ++
 .../cilium/netpols/labelled-allow-egress.yaml | 19 +++++++++++++++++++
 2 files changed, 21 insertions(+)

diff --git a/kube/deploy/apps/redbot/app/hr.yaml b/kube/deploy/apps/redbot/app/hr.yaml
index 1e5bfae1..4f856635 100644
--- a/kube/deploy/apps/redbot/app/hr.yaml
+++ b/kube/deploy/apps/redbot/app/hr.yaml
@@ -22,6 +22,8 @@ spec:
         pod:
           labels:
             egress.home.arpa/discord: "allow"
+            egress.home.arpa/github: "allow"
+            egress.home.arpa/pypi: "allow"
         containers:
           main:
             image: &img
diff --git a/kube/deploy/core/_networking/cilium/netpols/labelled-allow-egress.yaml b/kube/deploy/core/_networking/cilium/netpols/labelled-allow-egress.yaml
index dd90d24c..30232747 100644
--- a/kube/deploy/core/_networking/cilium/netpols/labelled-allow-egress.yaml
+++ b/kube/deploy/core/_networking/cilium/netpols/labelled-allow-egress.yaml
@@ -237,6 +237,25 @@ spec:
 # yaml-language-server: $schema=https://raw.githubusercontent.com/datreeio/CRDs-catalog/main/cilium.io/ciliumclusterwidenetworkpolicy_v2.json
 apiVersion: cilium.io/v2
 kind: CiliumClusterwideNetworkPolicy
+metadata:
+  name: labelled-allow-egress-pypi
+spec:
+  endpointSelector:
+    matchLabels:
+      egress.home.arpa/pypi: allow
+  egress:
+    - toFQDNs:
+        - matchPattern: "pypi.org"
+      toPorts:
+        - ports:
+            - port: "443"
+              protocol: "TCP"
+            - port: "443"
+              protocol: "UDP"
+---
+# yaml-language-server: $schema=https://raw.githubusercontent.com/datreeio/CRDs-catalog/main/cilium.io/ciliumclusterwidenetworkpolicy_v2.json
+apiVersion: cilium.io/v2
+kind: CiliumClusterwideNetworkPolicy
 metadata:
   name: labelled-allow-egress-mullvad
 spec: