example: add longhorn webhook server network policy yaml manifest
The traffic from/to the longhorn webhook server is the kube-apiserver. The only way we could add restriction is to add the network policy of the ingress port because we can't know each Kubernetes distro default kube-apiserver Pod's label. Therefore, we can't add the label selector in the network policy rule to restrict the traffic that comes from the kube-apiserver is able to access to the longhorn webhook server. Longhorn 3513 Signed-off-by: JenTing Hsiao <jenting.hsiao@suse.com> (cherry picked from commit 769e85bc80b6351a081a79ddf83ab181cf956e23)
This commit is contained in:
JenTing Hsiao
David Ko
parent
29b2011779
commit
246bfdb85c
15
examples/network-policy/webhook-network-policy.yaml
Normal file
15
examples/network-policy/webhook-network-policy.yaml
Normal file
@ -0,0 +1,15 @@
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: NetworkPolicy
|
||||
metadata:
|
||||
name: longhorn-webhook
|
||||
namespace: longhorn-system
|
||||
spec:
|
||||
podSelector:
|
||||
matchLabels:
|
||||
app: longhorn-webhook
|
||||
policyTypes:
|
||||
- Ingress
|
||||
ingress:
|
||||
- ports:
|
||||
- protocol: TCP
|
||||
port: 9443
|
||||
Loading…
Reference in New Issue
Block a user