Skip to content

Commit fdf8a16

Browse files
author
Per G. da Silva
committed
Fix up ports and add default-allow-all to operators namespace
Signed-off-by: Per G. da Silva <[email protected]>
1 parent 914e765 commit fdf8a16

File tree

1 file changed

+42
-12
lines changed

1 file changed

+42
-12
lines changed

deploy/chart/templates/0000_50_olm_01-networkpolicies.yaml

Lines changed: 42 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -9,14 +9,15 @@ spec:
99
- Ingress
1010
- Egress
1111
---
12-
apiVersion: networking.k8s.io/v1
12+
---
13+
apiVersion: networking.k8s.io/v1
1314
kind: NetworkPolicy
1415
metadata:
1516
name: olm-operator
1617
namespace: {{ .Values.namespace }}
1718
spec:
1819
podSelector:
19-
matchLabels:
20+
matchLabels:
2021
app: olm-operator
2122
ingress:
2223
- ports:
@@ -25,19 +26,25 @@ spec:
2526
egress:
2627
- ports:
2728
- protocol: TCP
28-
port: 6443
29+
port: 6443 # kube-api service
30+
- protocol: TCP
31+
port: 50051 # catalog service
32+
- protocol: TCP
33+
port: 53 # DNS
34+
- protocol: UDP
35+
port: 53 # DNS
2936
policyTypes:
30-
- Ingress
37+
- Ingress
3138
- Egress
3239
---
33-
apiVersion: networking.k8s.io/v1
40+
apiVersion: networking.k8s.io/v1
3441
kind: NetworkPolicy
3542
metadata:
3643
name: catalog-operator
3744
namespace: {{ .Values.namespace }}
3845
spec:
3946
podSelector:
40-
matchLabels:
47+
matchLabels:
4148
app: catalog-operator
4249
ingress:
4350
- ports:
@@ -46,23 +53,46 @@ spec:
4653
egress:
4754
- ports:
4855
- protocol: TCP
49-
port: 6443
56+
port: 6443 # kube-api server
57+
- protocol: TCP
58+
port: 50051 # catalog service
59+
- protocol: TCP
60+
port: 53 # DNS
61+
- protocol: UDP
62+
port: 53 # DNS
63+
- protocol: TCP
64+
port: {{ .Values.package.service.internalPort }} # package service
5065
policyTypes:
51-
- Ingress
66+
- Ingress
5267
- Egress
5368
---
54-
apiVersion: networking.k8s.io/v1
69+
apiVersion: networking.k8s.io/v1
5570
kind: NetworkPolicy
5671
metadata:
5772
name: packageserver
5873
namespace: {{ .Values.namespace }}
5974
spec:
6075
podSelector:
61-
matchLabels:
76+
matchLabels:
6277
app: packageserver
6378
ingress:
6479
- ports:
6580
- protocol: TCP
66-
port: {{ .Values.package.service.internalPort }}
81+
port: {{ .Values.package.service.internalPort }}
6782
policyTypes:
68-
- Ingress
83+
- Ingress
84+
---
85+
apiVersion: networking.k8s.io/v1
86+
kind: NetworkPolicy
87+
metadata:
88+
name: default-allow-all
89+
namespace: {{ .Values.operator_namespace }}
90+
spec:
91+
podSelector: {}
92+
policyTypes:
93+
- Ingress
94+
- Egress
95+
ingress:
96+
- {}
97+
egress:
98+
- {}

0 commit comments

Comments
 (0)