github-personal/Biohazard
1
0
Fork 0
mirror of https://github.com/outbackdingo/Biohazard.git synced 2026-01-27 18:18:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(cloudflared): netpols

Browse Source
This commit is contained in:
JJGadgets
2024-08-14 12:20:51 +08:00
parent 4fecf6f3d2
commit 8026c36134
1 changed files with 8 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
kube/deploy/core/ingress/cloudflare/tunnel/netpol.yaml
View File

@@ -26,6 +26,14 @@ spec:
protocol: TCP
- port: "443"
protocol: UDP
# allow cloudflared to egress to pods that require ingress
- toEndpoints:
- matchExpressions:
- key: io.kubernetes.pod.namespace
operator: Exists
- key: ingress.home.arpa/cloudflare
operator: In
values: [allow]
# Headscale
- toEndpoints:
- matchLabels:
@@ -57,17 +65,6 @@ spec:
- ports:
- port: "7844"
protocol: UDP
# L7 DNS inspection & proxy
- toEndpoints:
- matchLabels:
io.kubernetes.pod.namespace: kube-system
k8s-app: kube-dns
toPorts:
- ports:
- port: "53"
rules:
dns:
- matchPattern: "*"
# allow Flux notification-controller ingress
- toEndpoints:
- matchLabels:
@@ -90,8 +87,6 @@ spec:
- ports:
- port: "59292"
protocol: TCP
- port: "80"
protocol: TCP
rules:
http:
- {}