Add NetworkPolicies for operator

zeeke · zeeke · commit a02b2d0849f4 · 2025-06-18T11:59:08.000+02:00
Sriov Network Operator pod needs egress traffic to the API server.
No other traffic is supposed to go in/out the pod.

Signed-off-by: Andrea Panattoni &lt;apanatto@redhat.com&gt;
diff --git a/config/default/kustomization.yaml b/config/default/kustomization.yaml
@@ -16,6 +16,7 @@ bases:
 - ../crd
 - ../rbac
 - ../manager
+- ../networkpolicies
 # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in
 # crd/kustomization.yaml
 #- ../webhook
diff --git a/config/networkpolicies/allow_egress_api_server.yaml b/config/networkpolicies/allow_egress_api_server.yaml
@@ -0,0 +1,14 @@
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+ name: operator-allow-egress-to-api-server
+spec:
+ podSelector:
+   matchLabels:
+    name: sriov-network-operator
+ egress:
+ - ports:
+   - protocol: TCP
+     port: 6443
+ policyTypes:
+ - Egress
diff --git a/config/networkpolicies/kustomization.yaml b/config/networkpolicies/kustomization.yaml
@@ -0,0 +1,2 @@
+resources:
+- allow_egress_api_server.yaml

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+resources:`
	`2`	`+- allow_egress_api_server.yaml`