+1

k8s/nebula/apps/vpn/vpn-gateway/app/kustomization.yaml

reviewed

··· 4 4 resources: 5 5 - ./helm-release.yaml 6 6 - ./secret.sops.yaml 7 7 + - ./netpol.yaml

+53

k8s/nebula/apps/vpn/vpn-gateway/app/netpol.yaml

reviewed

··· 1 1 + --- 2 2 + apiVersion: cilium.io/v2 3 3 + kind: CiliumNetworkPolicy 4 4 + metadata: 5 5 + name: vpn-gateway 6 6 + labels: 7 7 + app.kubernetes.io/instance: vpn-gateway 8 8 + app.kubernetes.io/name: vpn-gateway 9 9 + spec: 10 10 + endpointSelector: 11 11 + matchLabels: 12 12 + app.kubernetes.io/instance: vpn-gateway 13 13 + app.kubernetes.io/name: vpn-gateway 14 14 + egress: 15 15 + - toCIDR: 16 16 + - 0.0.0.0/0 17 17 + - ::/0 18 18 + toPorts: 19 19 + - ports: 20 20 + - port: "1637" 21 21 + protocol: UDP 22 22 + - ports: 23 23 + - port: "53" 24 24 + protocol: TCP 25 25 + - toEntities: 26 26 + - cluster 27 27 + --- 28 28 + apiVersion: cilium.io/v2 29 29 + kind: CiliumNetworkPolicy 30 30 + metadata: 31 31 + name: vpn-gateway-vxlan 32 32 + labels: 33 33 + app.kubernetes.io/instance: vpn-gateway 34 34 + app.kubernetes.io/name: vpn-gateway 35 35 + spec: 36 36 + endpointSelector: 37 37 + matchLabels: 38 38 + app.kubernetes.io/instance: vpn-gateway 39 39 + app.kubernetes.io/name: vpn-gateway 40 40 + egress: 41 41 + - toPorts: 42 42 + - ports: 43 43 + - port: "4789" 44 44 + protocol: UDP 45 45 + ingress: 46 46 + - toPorts: 47 47 + - ports: 48 48 + - port: "4789" 49 49 + protocol: UDP 50 50 + - icmps: 51 51 + - fields: 52 52 + - type: 8 53 53 + family: IPv4