restrict kube-apiserver and dns traffic

Per G. da Silva · Per G. da Silva · commit 717e8714feb8 · 2025-05-16T13:46:04.000+01:00
Signed-off-by: Per G. da Silva &lt;pegoncal@redhat.com&gt;
diff --git a/deploy/chart/values.yaml b/deploy/chart/values.yaml
@@ -85,10 +85,24 @@ networkPolicy:
         port: 53
       - protocol: UDP
         port: 53
+    to:
+    - namespaceSelector:
+       matchLabels:
+         kubernetes.io/metadata.name: kube-system
+      podSelector:
+       matchLabels:
+         k8s-app: kube-dns
   kubeAPIServer:
     ports:
       - protocol: TCP
         port: 6443
+    to:
+    - namespaceSelector:
+        matchLabels:
+          kubernetes.io/metadata.name: kube-system
+      podSelector:
+        matchLabels:
+          component: kube-apiserver
   metrics:
     ports:
       - protocol: TCP
