Merge pull request #67 from siddhibhor-56/network-policy-new

ESO-222: Implementation of Network Policy for external secrets Operator

Author: openshift-merge-bot[bot]

config/network-policy/allow-network-traffic.yaml

@@ -0,0 +1,24 @@
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: allow-egress-api
+  namespace: system
+spec:
+  podSelector:
+    matchLabels:
+      app: external-secrets-operator
+  policyTypes:
+    - Ingress
+    - Egress
+  egress:
+    - ports:
+        - protocol: TCP
+          port: 6443 # Required: Kubernetes API server
+  ingress:
+    # Optional: expose metrics (8443 and 8080 based on user configuration)
+    - ports:
+        - protocol: TCP
+          port: 8443
+    - ports:
+        - protocol: TCP
+          port: 8080

config/network-policy/deny-all.yaml

@@ -0,0 +1,16 @@
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  labels:
+    app: external-secrets-operator
+    app.kubernetes.io/name: external-secrets-operator
+    app.kubernetes.io/managed-by: kustomize
+  name: deny-all-traffic
+  namespace: system
+spec:
+  podSelector:
+    matchLabels:
+      app: external-secrets-operator
+  policyTypes:
+    - Ingress
+    - Egress

config/network-policy/kustomization.yaml

@@ -1,2 +1,4 @@
 resources:
 - allow-metrics-traffic.yaml
+- allow-network-traffic.yaml
+- deny-all.yaml