From 2f0657f8badc35992a522b56ee96545333ce96d3 Mon Sep 17 00:00:00 2001 From: Andrei Kvapil Date: Fri, 7 Nov 2025 11:36:59 +0100 Subject: [PATCH] [virtual-machine] Revert per-vm network policies Signed-off-by: Andrei Kvapil --- .../apps/tenant/templates/networkpolicy.yaml | 6 +---- .../virtual-machine/templates/service.yaml | 24 ------------------- .../apps/virtual-machine/templates/vm.yaml | 1 - .../apps/vm-instance/templates/service.yaml | 24 ------------------- packages/apps/vm-instance/templates/vm.yaml | 1 - 5 files changed, 1 insertion(+), 55 deletions(-) diff --git a/packages/apps/tenant/templates/networkpolicy.yaml b/packages/apps/tenant/templates/networkpolicy.yaml index 84df6d11..b66e85ff 100644 --- a/packages/apps/tenant/templates/networkpolicy.yaml +++ b/packages/apps/tenant/templates/networkpolicy.yaml @@ -20,11 +20,7 @@ metadata: name: allow-external-communication namespace: {{ include "tenant.name" . }} spec: - endpointSelector: - matchExpressions: - - key: policy.cozystack.io/allow-external-communication - operator: NotIn - values: ["false"] + endpointSelector: {} ingress: - fromEntities: - world diff --git a/packages/apps/virtual-machine/templates/service.yaml b/packages/apps/virtual-machine/templates/service.yaml index d9d77825..f212db62 100644 --- a/packages/apps/virtual-machine/templates/service.yaml +++ b/packages/apps/virtual-machine/templates/service.yaml @@ -28,27 +28,3 @@ spec: {{- end }} {{- end }} {{- end }} ---- -apiVersion: cilium.io/v2 -kind: CiliumNetworkPolicy -metadata: - name: {{ include "virtual-machine.fullname" . }} -spec: - endpointSelector: - matchLabels: - {{- include "virtual-machine.selectorLabels" . | nindent 6 }} - ingress: - - fromEntities: - - cluster - - fromEntities: - - world - {{- if eq .Values.externalMethod "PortList" }} - toPorts: - - ports: - {{- range .Values.externalPorts }} - - port: {{ quote . }} - {{- end }} - {{- end }} - egress: - - toEntities: - - world diff --git a/packages/apps/virtual-machine/templates/vm.yaml b/packages/apps/virtual-machine/templates/vm.yaml index 1d7652e8..92084acb 100644 --- a/packages/apps/virtual-machine/templates/vm.yaml +++ b/packages/apps/virtual-machine/templates/vm.yaml @@ -62,7 +62,6 @@ spec: template: metadata: annotations: - policy.cozystack.io/allow-external-communication: "false" kubevirt.io/allow-pod-bridge-network-live-migration: "true" labels: {{- include "virtual-machine.labels" . | nindent 8 }} diff --git a/packages/apps/vm-instance/templates/service.yaml b/packages/apps/vm-instance/templates/service.yaml index d1ef4df9..f212db62 100644 --- a/packages/apps/vm-instance/templates/service.yaml +++ b/packages/apps/vm-instance/templates/service.yaml @@ -28,27 +28,3 @@ spec: {{- end }} {{- end }} {{- end }} ---- -apiVersion: cilium.io/v2 -kind: CiliumNetworkPolicy -metadata: - name: {{ include "virtual-machine.fullname" . }} -spec: - endpointSelector: - matchLabels: - {{- include "virtual-machine.selectorLabels" . | nindent 6 }} - ingress: - - fromEntities: - - cluster - - fromEntities: - - world - {{- if eq .Values.externalMethod "PortList" }} - toPorts: - - ports: - {{- range .Values.externalPorts }} - - port: {{ quote . }} - {{- end }} - {{- end }} - egress: - - toEntities: - - world diff --git a/packages/apps/vm-instance/templates/vm.yaml b/packages/apps/vm-instance/templates/vm.yaml index e64ec2f6..61fc65a7 100644 --- a/packages/apps/vm-instance/templates/vm.yaml +++ b/packages/apps/vm-instance/templates/vm.yaml @@ -26,7 +26,6 @@ spec: template: metadata: annotations: - policy.cozystack.io/allow-external-communication: "false" kubevirt.io/allow-pod-bridge-network-live-migration: "true" labels: {{- include "virtual-machine.labels" . | nindent 8 }}