From 54cd38265016b75d07ee2a9120eb117a8fb6fca9 Mon Sep 17 00:00:00 2001 From: "Waylon S. Walker" Date: Sun, 23 Feb 2025 20:56:34 -0600 Subject: [PATCH 01/10] allow ingress from kube-system --- helm-chart/templates/networkpolicy.yaml | 3 --- 1 file changed, 3 deletions(-) diff --git a/helm-chart/templates/networkpolicy.yaml b/helm-chart/templates/networkpolicy.yaml index 0190249..b02b397 100644 --- a/helm-chart/templates/networkpolicy.yaml +++ b/helm-chart/templates/networkpolicy.yaml @@ -17,9 +17,6 @@ spec: - namespaceSelector: matchLabels: name: kube-system - podSelector: - matchLabels: - app: traefik ports: - protocol: TCP port: {{ .Values.port }} From 948efe60c79cb84f2ba32a6c9dc6c19b559d7877 Mon Sep 17 00:00:00 2001 From: "Waylon S. Walker" Date: Sun, 23 Feb 2025 20:57:15 -0600 Subject: [PATCH 02/10] disable netpol --- helm-chart/templates/networkpolicy.yaml | 48 ++++++++++++------------- 1 file changed, 24 insertions(+), 24 deletions(-) diff --git a/helm-chart/templates/networkpolicy.yaml b/helm-chart/templates/networkpolicy.yaml index b02b397..9582637 100644 --- a/helm-chart/templates/networkpolicy.yaml +++ b/helm-chart/templates/networkpolicy.yaml @@ -1,27 +1,27 @@ -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: {{ .Values.name }} - namespace: {{ .Values.namespace | default .Values.name }} - labels: - service: {{ .Values.name }} -spec: - podSelector: - matchLabels: - service: {{ .Values.name }} - policyTypes: - - Ingress - - Egress - ingress: - - from: - - namespaceSelector: - matchLabels: - name: kube-system - ports: - - protocol: TCP - port: {{ .Values.port }} - egress: - - {} +# apiVersion: networking.k8s.io/v1 +# kind: NetworkPolicy +# metadata: +# name: {{ .Values.name }} +# namespace: {{ .Values.namespace | default .Values.name }} +# labels: +# service: {{ .Values.name }} +# spec: +# podSelector: +# matchLabels: +# service: {{ .Values.name }} +# policyTypes: +# - Ingress +# - Egress +# ingress: +# - from: +# - namespaceSelector: +# matchLabels: +# name: kube-system +# ports: +# - protocol: TCP +# port: {{ .Values.port }} +# egress: +# - {} # TODO, optionally add egress restriction. # - to: # - namespaceSelector: {} From 8fdedbcd934c8af8846d83a19ce0eaefa90e4d4c Mon Sep 17 00:00:00 2001 From: "Waylon S. Walker" Date: Mon, 24 Feb 2025 07:55:20 -0600 Subject: [PATCH 03/10] wip --- helm-chart/templates/networkpolicy.yaml | 66 ++++++++++++++++--------- 1 file changed, 42 insertions(+), 24 deletions(-) diff --git a/helm-chart/templates/networkpolicy.yaml b/helm-chart/templates/networkpolicy.yaml index 9582637..a3f78ad 100644 --- a/helm-chart/templates/networkpolicy.yaml +++ b/helm-chart/templates/networkpolicy.yaml @@ -1,27 +1,27 @@ -# apiVersion: networking.k8s.io/v1 -# kind: NetworkPolicy -# metadata: -# name: {{ .Values.name }} -# namespace: {{ .Values.namespace | default .Values.name }} -# labels: -# service: {{ .Values.name }} -# spec: -# podSelector: -# matchLabels: -# service: {{ .Values.name }} -# policyTypes: -# - Ingress -# - Egress -# ingress: -# - from: -# - namespaceSelector: -# matchLabels: -# name: kube-system -# ports: -# - protocol: TCP -# port: {{ .Values.port }} -# egress: -# - {} +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: {{ .Values.name }} + namespace: {{ .Values.namespace | default .Values.name }} + labels: + service: {{ .Values.name }} +spec: + podSelector: + matchLabels: + service: {{ .Values.name }} + policyTypes: + - Ingress + - Egress + ingress: + - from: + - namespaceSelector: + matchLabels: + name: kube-system + ports: + - protocol: TCP + port: {{ .Values.port }} + egress: + - {} # TODO, optionally add egress restriction. # - to: # - namespaceSelector: {} @@ -31,3 +31,21 @@ # port: 53 # - protocol: UDP # port: 53 +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: default-network-dns-policy + namespace: {{ .Values.namespace | default .Values.name }} +spec: + ingress: + - ports: + - port: 53 + protocol: TCP + - port: 53 + protocol: UDP + podSelector: + matchLabels: + k8s-app: kube-dns + policyTypes: + - Ingress From 32806ea7b1cf0eec64b1877fecadef67cf8a1864 Mon Sep 17 00:00:00 2001 From: "Waylon S. Walker" Date: Mon, 24 Feb 2025 07:56:10 -0600 Subject: [PATCH 04/10] wip --- helm-chart/templates/networkpolicy.yaml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/helm-chart/templates/networkpolicy.yaml b/helm-chart/templates/networkpolicy.yaml index a3f78ad..0d91ca2 100644 --- a/helm-chart/templates/networkpolicy.yaml +++ b/helm-chart/templates/networkpolicy.yaml @@ -11,7 +11,6 @@ spec: service: {{ .Values.name }} policyTypes: - Ingress - - Egress ingress: - from: - namespaceSelector: @@ -20,8 +19,7 @@ spec: ports: - protocol: TCP port: {{ .Values.port }} - egress: - - {} + # egress: # TODO, optionally add egress restriction. # - to: # - namespaceSelector: {} From 20ef47ccc76676217c0d4510c6b92249d86e4954 Mon Sep 17 00:00:00 2001 From: "Waylon S. Walker" Date: Mon, 24 Feb 2025 07:57:51 -0600 Subject: [PATCH 05/10] wip --- helm-chart/templates/networkpolicy.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/helm-chart/templates/networkpolicy.yaml b/helm-chart/templates/networkpolicy.yaml index 0d91ca2..d89bd4f 100644 --- a/helm-chart/templates/networkpolicy.yaml +++ b/helm-chart/templates/networkpolicy.yaml @@ -16,9 +16,9 @@ spec: - namespaceSelector: matchLabels: name: kube-system - ports: - - protocol: TCP - port: {{ .Values.port }} + # ports: + # - protocol: TCP + # port: {{ .Values.port }} # egress: # TODO, optionally add egress restriction. # - to: From 126920d48d0c6aa3188701ccc3618973505664e4 Mon Sep 17 00:00:00 2001 From: "Waylon S. Walker" Date: Mon, 24 Feb 2025 08:02:12 -0600 Subject: [PATCH 06/10] wip --- helm-chart/templates/networkpolicy.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm-chart/templates/networkpolicy.yaml b/helm-chart/templates/networkpolicy.yaml index d89bd4f..33f0314 100644 --- a/helm-chart/templates/networkpolicy.yaml +++ b/helm-chart/templates/networkpolicy.yaml @@ -15,7 +15,7 @@ spec: - from: - namespaceSelector: matchLabels: - name: kube-system + kubernetes.io/metadata.name: kube-system # ports: # - protocol: TCP # port: {{ .Values.port }} From 8b63fe702c83ce4c4646a1bcd810e109b0fbe50d Mon Sep 17 00:00:00 2001 From: "Waylon S. Walker" Date: Mon, 14 Apr 2025 08:46:24 -0500 Subject: [PATCH 07/10] enable diun --- helm-chart/templates/deployment.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/helm-chart/templates/deployment.yaml b/helm-chart/templates/deployment.yaml index 5cfb98b..11f3b2a 100644 --- a/helm-chart/templates/deployment.yaml +++ b/helm-chart/templates/deployment.yaml @@ -14,6 +14,7 @@ spec: metadata: labels: service: {{ .Values.name }} + diun.enable: "true" spec: securityContext: {{ toYaml .Values.podSecurityContext | indent 8 }} From 344e79c73c62d9d092b8e7e2acd43ae68ead25d8 Mon Sep 17 00:00:00 2001 From: "Waylon S. Walker" Date: Mon, 14 Apr 2025 08:47:43 -0500 Subject: [PATCH 08/10] bump version --- helm-chart/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm-chart/Chart.yaml b/helm-chart/Chart.yaml index ca8d107..b78eb0b 100644 --- a/helm-chart/Chart.yaml +++ b/helm-chart/Chart.yaml @@ -7,5 +7,5 @@ icon: https://raw.githubusercontent.com/waylon/k8s-basic/master/helm-chart/logo. name: k8s-basic description: A helm chart for basic container deployment type: application -version: 1.0.0 +version: 1.0.1 appVersion: "1.0" From fa9e0f3f4d8ff5ec90e1971ef02b1e44743c66f8 Mon Sep 17 00:00:00 2001 From: "Waylon S. Walker" Date: Mon, 14 Apr 2025 08:53:59 -0500 Subject: [PATCH 09/10] annotations not label --- helm-chart/templates/deployment.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/helm-chart/templates/deployment.yaml b/helm-chart/templates/deployment.yaml index 11f3b2a..31a8d41 100644 --- a/helm-chart/templates/deployment.yaml +++ b/helm-chart/templates/deployment.yaml @@ -14,6 +14,7 @@ spec: metadata: labels: service: {{ .Values.name }} + annotations: diun.enable: "true" spec: securityContext: From 573f8c082c43690a89a64389978d00864f6373aa Mon Sep 17 00:00:00 2001 From: "Waylon S. Walker" Date: Mon, 14 Apr 2025 08:54:14 -0500 Subject: [PATCH 10/10] bump version --- helm-chart/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm-chart/Chart.yaml b/helm-chart/Chart.yaml index b78eb0b..e0aa7e5 100644 --- a/helm-chart/Chart.yaml +++ b/helm-chart/Chart.yaml @@ -7,5 +7,5 @@ icon: https://raw.githubusercontent.com/waylon/k8s-basic/master/helm-chart/logo. name: k8s-basic description: A helm chart for basic container deployment type: application -version: 1.0.1 +version: 1.0.2 appVersion: "1.0"