K8s Objects

allow-apps-egress-ent-svc.yaml

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: allow-apps-egress-ent-svc
spec:
  podSelector: {}
  policyTypes:
    - Egress
  egress:
    - to:
        - ipBlock:
            cidr: image-registry-ip-cidr
      ports:
        - protocol: TCP
          port: 443
    - to:
        - ipBlock:
            cidr: ldap-ip-cidr
      ports:
        - protocol: TCP
          port: 389
    - to:
        - ipBlock:
            cidr: twistlock-ip-cidr
      ports:
        - protocol: TCP
          port: 8084
    - to:
        - ipBlock:
            cidr: dns1-ip-cidr
        - ipBlock:
            cidr: dns2-ip-cidr
        - ipBlock:
            cidr: dns3-ip-cidr
      ports:
        - protocol: TCP
          port: 53
        - protocol: UDP
          port: 53

allow-kube-sys-egress-ent-svc.yaml

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: allow-egress-ent-svc
  namespace: kube-system
spec:
  podSelector: {}
  policyTypes:
    - Egress
  egress:
    - to:
        - ipBlock:
            cidr: pks-controller-ip
      ports:
        - protocol: TCP
          port: 24224
    - to:
        - ipBlock:
            cidr: dns1-ip-cidr
        - ipBlock:
            cidr: dns2-ip-cidr
        - ipBlock:
            cidr: dns3-ip-cidr
      ports:
        - protocol: TCP
          port: 53
        - protocol: UDP
          port: 53

allow-pks-sys-egress-ent-svc.yaml

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: allow-egress-ent-svc
  namespace: pks-system
spec:
  podSelector: {}
  policyTypes:
    - Egress
  egress:
    - to:
        - ipBlock:
            cidr: pks-controller-ip
      ports:
        - protocol: TCP
          port: 24224
    - to:
        - ipBlock:
            cidr: dns1-ip-cidr
        - ipBlock:
            cidr: dns2-ip-cidr
        - ipBlock:
            cidr: dns3-ip-cidr
      ports:
        - protocol: TCP
          port: 53
        - protocol: UDP
          port: 53