Skip to content

Commit

Permalink
Enable access to kube-dns
Browse files Browse the repository at this point in the history
  • Loading branch information
@aledbf @roboquat
aledbf authored and roboquat committed Mar 4, 2022
1 parent 2e44194 commit 6d59526
Show file tree
Hide file tree
Showing 2 changed files with 18 additions and 30 deletions.
47 changes: 17 additions & 30 deletions install/installer/pkg/components/image-builder-mk3/networkpolicy.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,38 +16,25 @@ import (
func networkpolicy(ctx *common.RenderContext) ([]runtime.Object, error) {
labels := common.DefaultLabels(Component)

return []runtime.Object{&networkingv1.NetworkPolicy{
TypeMeta: common.TypeMetaNetworkPolicy,
ObjectMeta: metav1.ObjectMeta{
Name: Component,
Namespace: ctx.Namespace,
Labels: labels,
},
Spec: networkingv1.NetworkPolicySpec{
PodSelector: metav1.LabelSelector{MatchLabels: labels},
PolicyTypes: []networkingv1.PolicyType{"Ingress", "Egress"},
Ingress: []networkingv1.NetworkPolicyIngressRule{{
From: []networkingv1.NetworkPolicyPeer{{
PodSelector: &metav1.LabelSelector{MatchLabels: map[string]string{
"component": server.Component,
return []runtime.Object{
&networkingv1.NetworkPolicy{
TypeMeta: common.TypeMetaNetworkPolicy,
ObjectMeta: metav1.ObjectMeta{
Name: Component,
Namespace: ctx.Namespace,
Labels: labels,
},
Spec: networkingv1.NetworkPolicySpec{
PodSelector: metav1.LabelSelector{MatchLabels: labels},
PolicyTypes: []networkingv1.PolicyType{"Ingress"},
Ingress: []networkingv1.NetworkPolicyIngressRule{{
From: []networkingv1.NetworkPolicyPeer{{
PodSelector: &metav1.LabelSelector{MatchLabels: map[string]string{
"component": server.Component,
}},
}},
}},
}},
Egress: []networkingv1.NetworkPolicyEgressRule{
{
To: []networkingv1.NetworkPolicyPeer{{
IPBlock: &networkingv1.IPBlock{
CIDR: "0.0.0.0/0",
Except: []string{
// Google Compute engine special, reserved VM metadata IP
"169.254.169.254/32",
},
},
}},
},
common.AllowKubeDnsEgressRule(),
common.AllowWSManagerEgressRule(),
},
},
}}, nil
}, nil
}
1 change: 1 addition & 0 deletions install/installer/pkg/components/workspace/networkpolicy.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -101,6 +101,7 @@ func networkpolicy(ctx *common.RenderContext) ([]runtime.Object, error) {
},
},
},
common.AllowKubeDnsEgressRule(),
},
},
}}, nil
Expand Down

0 comments on commit 6d59526

Please sign in to comment.