k3s-cluster/cluster/apps/game-servers/network_policy.yaml

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: deny-most-allow-some
  namespace: game-servers
spec:
  # Apply to all pods in this namespace
  podSelector: {}
  ingress:
  - from:
    # Allow all pods in this namespace
    - namespaceSelector:
        matchLabels:
          name: "game-servers"

    # Allow traefik pods
    - namespaceSelector:
        matchLabels:
          name: "traefik"

    # Allow all pods with this label
    - podSelector:
        matchLabels:
          needsGameServers: "yes"
  egress:
  - to:
    - ipBlock:
        # allow all IPs
        cidr: 0.0.0.0/0
        except:
          # except the private IP ranges: https://en.wikipedia.org/wiki/Private_network
          - 10.0.0.0/8
          - 192.168.0.0/16
          - 172.16.0.0/20
    - ipBlock:
        cidr: 192.168.87.250/24 # server
Add factorio game server 2023-04-19 19:37:53 -04:00			`apiVersion: networking.k8s.io/v1`
			`kind: NetworkPolicy`
			`metadata:`
			`name: deny-most-allow-some`
			`namespace: game-servers`
			`spec:`
			`# Apply to all pods in this namespace`
			`podSelector: {}`
			`ingress:`
			`- from:`
			`# Allow all pods in this namespace`
			`- namespaceSelector:`
			`matchLabels:`
			`name: "game-servers"`

			`# Allow traefik pods`
			`- namespaceSelector:`
			`matchLabels:`
			`name: "traefik"`

			`# Allow all pods with this label`
			`- podSelector:`
			`matchLabels:`
feat: Add Palworld as a game server 2024-01-26 23:49:45 -05:00			`needsGameServers: "yes"`
			`egress:`
			`- to:`
			`- ipBlock:`
fix(palworld): disable network policy 2024-01-27 00:59:25 -05:00			`# allow all IPs`
			`cidr: 0.0.0.0/0`
			`except:`
			`# except the private IP ranges: https://en.wikipedia.org/wiki/Private_network`
			`- 10.0.0.0/8`
			`- 192.168.0.0/16`
			`- 172.16.0.0/20`
			`- ipBlock:`
			`cidr: 192.168.87.250/24 # server`