operator-framework
diff --git a/‎deploy/chart/templates/0000_50_olm_01-networkpolicies.yaml‎
Lines changed: 102 additions & 0 deletions b/‎deploy/chart/templates/0000_50_olm_01-networkpolicies.yaml‎
Lines changed: 102 additions & 0 deletions
diff --git a/‎deploy/chart/templates/0000_50_olm_01-olm-operator.serviceaccount.yaml‎ renamed to ‎deploy/chart/templates/0000_50_olm_02-olm-operator.serviceaccount.yaml‎ b/‎deploy/chart/templates/0000_50_olm_01-olm-operator.serviceaccount.yaml‎ renamed to ‎deploy/chart/templates/0000_50_olm_02-olm-operator.serviceaccount.yaml‎
diff --git a/‎deploy/chart/templates/0000_50_olm_02-olmconfig.yaml‎ renamed to ‎deploy/chart/templates/0000_50_olm_03-olmconfig.yaml‎ b/‎deploy/chart/templates/0000_50_olm_02-olmconfig.yaml‎ renamed to ‎deploy/chart/templates/0000_50_olm_03-olmconfig.yaml‎
diff --git a/‎deploy/chart/templates/0000_50_olm_02-services.yaml‎ renamed to ‎deploy/chart/templates/0000_50_olm_03-services.yaml‎ b/‎deploy/chart/templates/0000_50_olm_02-services.yaml‎ renamed to ‎deploy/chart/templates/0000_50_olm_03-services.yaml‎
@@ -0,0 +1,102 @@
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+ name: default-deny-all-traffic
+ namespace: {{ .Values.namespace }}
+spec:
+ podSelector: {}
+ policyTypes:
+ - Ingress
+ - Egress
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+ name: olm-operator
+ namespace: {{ .Values.namespace }}
+spec:
+ podSelector:
+   matchLabels:
+     app: olm-operator
+ ingress:
+ - ports:
+   - protocol: TCP
+     port: 8080
+ egress:
+ - ports:
+   - protocol: TCP
+     port: 6443  # kube-api service
+   - protocol: TCP
+     port: 53  # DNS
+   - protocol: UDP
+     port: 53  # DNS
+ policyTypes:
+ - Ingress
+ - Egress
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+ name: catalog-operator
+ namespace: {{ .Values.namespace }}
+spec:
+ podSelector:
+   matchLabels:
+     app: catalog-operator
+ ingress:
+ - ports:
+   - protocol: TCP
+     port: metrics
+ egress:
+ - ports:
+   - protocol: TCP
+     port: 6443  # kube-api server
+   - protocol: TCP
+     port: 50051  # catalog service
+   - protocol: TCP
+     port: 53  # DNS
+   - protocol: UDP
+     port: 53  # DNS
+ policyTypes:
+ - Ingress
+ - Egress
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+ name: packageserver
+ namespace: {{ .Values.namespace }}
+spec:
+ podSelector:
+   matchLabels:
+     app: packageserver
+ ingress:
+ - ports:
+   - protocol: TCP
+     port: {{ .Values.package.service.internalPort }}
+ egress:
+   - ports:
+       - protocol: TCP
+         port: 50051  # catalog service
+       - protocol: TCP
+         port: 53  # DNS
+       - protocol: UDP
+         port: 53  # DNS
+ policyTypes:
+ - Ingress
+ - Egress
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: default-allow-all
+  namespace: {{ .Values.operator_namespace }}
+spec:
+  podSelector: {}
+  policyTypes:
+    - Ingress
+    - Egress
+  ingress:
+    - {}
+  egress:
+    - {}