specify namespace with selectors

anik120 · anik120 · commit d43b00942cf5 · 2025-05-15T15:04:49.000-04:00
diff --git a/deploy/chart/templates/0000_50_olm_01-networkpolicies.yaml b/deploy/chart/templates/0000_50_olm_01-networkpolicies.yaml
@@ -22,17 +22,17 @@ spec:
  - ports:
    - protocol: TCP
      port: 8080
- egress:
- - ports:
-   - protocol: TCP
-     port: 6443  # kube-api service
-   - protocol: TCP
-     port: 53  # DNS
-   - protocol: UDP
-     port: 53  # DNS
+#  egress:
+#  - ports:
+#    - protocol: TCP
+#      port: 6443  # kube-api service
+#    - protocol: TCP
+#      port: 53  # DNS
+#    - protocol: UDP
+#      port: 53  # DNS
  policyTypes:
  - Ingress
- - Egress
+#  - Egress
 ---
 apiVersion: networking.k8s.io/v1
 kind: NetworkPolicy
@@ -47,19 +47,19 @@ spec:
  - ports:
    - protocol: TCP
      port: metrics
- egress:
- - ports:
-   - protocol: TCP
-     port: 6443  # kube-api server
-   - protocol: TCP
-     port: 50051  # catalog service
-   - protocol: TCP
-     port: 53  # DNS
-   - protocol: UDP
-     port: 53  # DNS
+#  egress:
+#  - ports:
+#    - protocol: TCP
+#      port: 6443  # kube-api server
+#    - protocol: TCP
+#      port: 50051  # registry pods' service port
+#    - protocol: TCP
+#      port: 53  # DNS
+#    - protocol: UDP
+#      port: 53  # DNS
  policyTypes:
  - Ingress
- - Egress
+#  - Egress
 ---
 apiVersion: networking.k8s.io/v1
 kind: NetworkPolicy
@@ -75,13 +75,22 @@ spec:
    - protocol: TCP
      port: {{ .Values.package.service.internalPort }}
  egress:
-   - ports:
-       - protocol: TCP
-         port: 50051  # catalog service
-       - protocol: TCP
-         port: 53  # DNS
-       - protocol: UDP
-         port: 53  # DNS
+   - to:
+     - namespaceSelector:
+        matchLabels:
+            kubernetes.io/metadata.name: {{ .Values.catalog_namespace }}  # For registry resolution
+     ports:
+      - protocol: TCP
+        port: 50051  # registry pods' service port
+   - to:
+     - namespaceSelector:
+        matchLabels:
+          kubernetes.io/metadata.name: kube-system  # For DNS resolution (CoreDNS runs here)
+     ports:
+      - protocol: UDP
+        port: 53  # DNS
+      - protocol: TCP
+        port: 53  # DNS
  policyTypes:
  - Ingress
  - Egress
