From 9476db000e66b7b8dfbf896d70021ae3e2a6aa8a Mon Sep 17 00:00:00 2001 From: JJGadgets Date: Fri, 6 Oct 2023 19:41:33 +0800 Subject: [PATCH] feat: add Cloudflare R2 netpol --- .../cilium/netpols/labelled-allow-egress.yaml | 36 +++++++++++++++++++ 1 file changed, 36 insertions(+) diff --git a/kube/deploy/core/_networking/cilium/netpols/labelled-allow-egress.yaml b/kube/deploy/core/_networking/cilium/netpols/labelled-allow-egress.yaml index c8ada0a1..0d99030f 100644 --- a/kube/deploy/core/_networking/cilium/netpols/labelled-allow-egress.yaml +++ b/kube/deploy/core/_networking/cilium/netpols/labelled-allow-egress.yaml @@ -84,6 +84,23 @@ spec: # yaml-language-server: $schema=https://raw.githubusercontent.com/datreeio/CRDs-catalog/main/cilium.io/ciliumclusterwidenetworkpolicy_v2.json apiVersion: cilium.io/v2 kind: CiliumClusterwideNetworkPolicy +metadata: + name: labelled-allow-egress-ntp +spec: + endpointSelector: + matchLabels: + egress.home.arpa/world-ntp: allow + egress: + - toEntities: + - "world" + toPorts: + - ports: + - port: "123" + protocol: "UDP" +--- +# yaml-language-server: $schema=https://raw.githubusercontent.com/datreeio/CRDs-catalog/main/cilium.io/ciliumclusterwidenetworkpolicy_v2.json +apiVersion: cilium.io/v2 +kind: CiliumClusterwideNetworkPolicy metadata: name: labelled-allow-egress-dlna spec: @@ -96,4 +113,23 @@ spec: toPorts: - ports: - port: "1900" + protocol: "UDP" +--- +# yaml-language-server: $schema=https://raw.githubusercontent.com/datreeio/CRDs-catalog/main/cilium.io/ciliumclusterwidenetworkpolicy_v2.json +apiVersion: cilium.io/v2 +kind: CiliumClusterwideNetworkPolicy +metadata: + name: labelled-allow-egress-cloudflare-r2 +spec: + endpointSelector: + matchLabels: + egress.home.arpa/r2: allow + egress: + - toFQDNs: + - matchPattern: "*.r2.cloudflarestorage.com" + toPorts: + - ports: + - port: "443" + protocol: "TCP" + - port: "443" protocol: "UDP" \ No newline at end of file