Securing k3s deployment

2024-09-01 14:36:15 +02:00 · 2024-09-01 14:36:15 +02:00 · 5717cca04d
commit 5717cca04d
parent 3fd4c7dee0
7 changed files with 153 additions and 6 deletions
--- a/templates/var/lib/rancher/k3s/server/manifests/np-03-metrics-server-traefik.yaml.j2
+++ b/templates/var/lib/rancher/k3s/server/manifests/np-03-metrics-server-traefik.yaml.j2
@ -0,0 +1,42 @@
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: allow-all-metrics-server
+  namespace: kube-system
+spec:
+  podSelector:
+    matchLabels:
+      k8s-app: metrics-server
+  ingress:
+  - {}
+  policyTypes:
+  - Ingress
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: allow-all-svclbtraefik-ingress
+  namespace: kube-system
+spec:
+  podSelector: 
+    matchLabels:
+      svccontroller.k3s.cattle.io/svcname: traefik
+  ingress:
+  - {}
+  policyTypes:
+  - Ingress
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: allow-all-traefik-v121-ingress
+  namespace: kube-system
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: traefik
+  ingress:
+  - {}
+  policyTypes:
+  - Ingress
+---