k3s-cluster/cluster/apps/media/network_policy.yaml

25 lines
531 B
YAML
Raw Normal View History

2023-04-04 06:01:25 +00:00
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: deny-most-allow-some
namespace: media
spec:
# Apply to all pods in this namespace
2023-04-04 06:03:23 +00:00
podSelector: {}
2023-04-04 06:01:25 +00:00
ingress:
- from:
# Allow all pods in this namespace
2023-04-04 06:31:40 +00:00
- namespaceSelector:
matchLabels:
name: "media"
# - podSelector: {}
2023-04-04 06:01:25 +00:00
2023-04-04 22:47:23 +00:00
# Allow traefik pods
- namespaceSelector:
matchLabels:
name: "traefik"
2023-04-04 06:01:25 +00:00
# Allow all pods with this label
2023-04-04 06:31:40 +00:00
- podSelector:
matchLabels:
needsMedia: "yes"