open-edge-platform · jokuniew · Jun 9, 2025 · Jun 9, 2025 · Jun 10, 2025 · Jun 10, 2025
@@ -37,6 +37,7 @@ ignore_no_source_tarball=" \
   hyphen-mn \
   initramfs \
   javapackages-tools-meta \
+  k3s-network-policy \
   kata-packages-uvm \
   kde-filesystem \
   kernel-uki \

@@ -2270,6 +2270,7 @@
                 "intel-lms",
                 "intel-npu-firmware",
                 "intel-xpu-smi",
+                "k3s-network-policy",
                 "node-agent",
                 "nvidia-data-center-driver",
                 "os-ab-update",

@@ -0,0 +1,18 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: restrict-kube-system-ingress
+  namespace: kube-system
+spec:
+  podSelector: {}  # Apply to all pods in kube-system
+  policyTypes:
+    - Ingress
+  ingress:
+    - ports:
+        - protocol: UDP
+          port: 53    # DNS
+        - protocol: TCP
+          port: 10250 # kubelet metrics
+        - protocol: TCP
+          port: 6443   # kube-apiserver
@@ -0,0 +1,5 @@
+{
+  "Signatures": {
+    "00-kube-system.yaml": "63d1c8297aec98a841100b3d6f53db79d287f4898bf0dc45ec8a4e700b4a9f8f"
+  }
+}
@@ -0,0 +1,27 @@
+Summary:        network-policy for k3s
+Name:           k3s-network-policy
+Version:        0.1.0
+Release:        1%{?dist}
+License:        Apache-2.0
+Vendor:         Intel Corporation
+Distribution:   Edge Microvisor Toolkit
+URL:            https://github.com/open-edge-platform/edge-microvisor-toolkit
+Source0:        00-kube-system.yaml
+
+BuildArch:      noarch
+
+%description
+This package provides a comprehensive set of Kubernetes network policies 
+designed to ensure reliable k3s cluster operation within the Edge Microvisor Toolkit environment.
+
+%install
+# copy manifests and install them under /var/lib/rancher/k3s/server/manifests/network-policy/*.yaml
+mkdir -p  %{buildroot}/var/lib/rancher/k3s/server/manifests/network-policy
+install %{_sourcedir}/00-kube-system.yaml  %{buildroot}/var/lib/rancher/k3s/server/manifests/network-policy
+
+%files
+/var/lib/rancher/k3s/server/manifests/network-policy/00-kube-system.yaml
+
+%changelog
+* Tue Jun 17 2025 Julia Okuniewska <julia.okuniewska@intel.com> - 0.1.0
+- Original version for Edge Microvisor Toolkit. License verified.
@@ -76,7 +76,8 @@
                 "packagelists/intel-wireless.json",
                 "packagelists/os-ab-update.json",
                 "packagelists/vpro-amt-packages.json",
-                "packagelists/docker.json"
+                "packagelists/docker.json",
+                "packagelists/k3s-standard.json"
             ],
             "AdditionalFiles": {
                 "additionalconfigs/layout.env": "/etc/layout.env",

@@ -76,7 +76,8 @@
                 "packagelists/intel-wireless.json",
                 "packagelists/os-ab-update.json",
                 "packagelists/vpro-amt-packages.json",
-                "packagelists/docker.json"
+                "packagelists/docker.json",
+                "packagelists/k3s-standard.json"
             ],
             "AdditionalFiles": {
                 "additionalconfigs/layout.env": "/etc/layout.env",

@@ -0,0 +1,5 @@
+{
+    "packages": [
+        "k3s-network-policy"
+    ]
+}