1apiVersion: networking.k8s.io/v1
2kind: NetworkPolicy
3metadata:
4 name: default-deny-ingress
5 namespace: vpn
6 labels:
7 platform.edge.ncr.com/component: wireguard-relay
8spec:
9 ingress:
10 - {}
11 podSelector: {}
12 policyTypes:
13 - Ingress
14---
15apiVersion: networking.k8s.io/v1
16kind: NetworkPolicy
17metadata:
18 name: default-deny-egress
19 namespace: vpn
20 labels:
21 platform.edge.ncr.com/component: wireguard-relay
22spec:
23 egress:
24 - {}
25 podSelector: {}
26 policyTypes:
27 - Egress
28---
29apiVersion: networking.k8s.io/v1
30kind: NetworkPolicy
31metadata:
32 name: wireguard-relay
33 namespace: vpn
34 labels:
35 platform.edge.ncr.com/component: wireguard-relay
36spec:
37 ingress:
38 - ports:
39 - protocol: UDP
40 port: 51820
41 from:
42 - ports:
43 - protocol: TCP
44 port: 9586
45 from:
46 - namespaceSelector:
47 matchLabels:
48 kubernetes.io/metadata.name: prometheus
49 podSelector:
50 matchLabels:
51 platform.edge.ncr.com/component: wireguard-relay
52 policyTypes:
53 - Ingress
View as plain text