39 lines
925 B
YAML
39 lines
925 B
YAML
apiVersion: projectcalico.org/v3
|
|
kind: NetworkPolicy
|
|
metadata:
|
|
name: default-deny
|
|
namespace: unifi-network-operator-system
|
|
spec:
|
|
ingress:
|
|
- action: Deny
|
|
egress:
|
|
- action: Deny
|
|
---
|
|
apiVersion: projectcalico.org/v3
|
|
kind: NetworkPolicy
|
|
metadata:
|
|
name: allow-all-in-namespace
|
|
namespace: unifi-network-operator-system # Change this to your namespace
|
|
spec:
|
|
ingress:
|
|
- action: Allow
|
|
source:
|
|
namespaceSelector: kubernetes.io/metadata.name == "unifi-network-operator-system"
|
|
egress:
|
|
- action: Allow
|
|
destination:
|
|
namespaceSelector: kubernetes.io/metadata.name == "unifi-network-operator-system"
|
|
selector: all() # Applies this policy to all pods in the namespace
|
|
---
|
|
apiVersion: projectcalico.org/v3
|
|
kind: NetworkPolicy
|
|
metadata:
|
|
name: allow-all-temporary
|
|
namespace: unifi-network-operator-system
|
|
spec:
|
|
egress:
|
|
- action: Allow
|
|
ingress:
|
|
- action: Allow
|
|
---
|