k3s-cluster/kubernetes/main/apps/authentik/app/network_policy.yaml

38 lines
815 B
YAML
Raw Permalink Normal View History

2023-04-07 03:01:51 +00:00
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: deny-most-allow-some
namespace: authentik
spec:
# Apply to all pods in this namespace
podSelector: {}
ingress:
- from:
# Allow all pods in this namespace
- namespaceSelector:
matchLabels:
name: "authentik"
# - podSelector: {}
# Allow traefik pods
- namespaceSelector:
matchLabels:
name: "traefik"
# Not sure if this is required, but just to make sure
- namespaceSelector:
matchLabels:
name: "database"
- namespaceSelector:
matchLabels:
name: "media"
- namespaceSelector:
matchLabels:
name: "irc"
2023-04-07 03:01:51 +00:00
# Allow all pods with this label
- podSelector:
matchLabels:
needsAuthentik: "yes"