From 2681fc9eeda7ab1b2f8748721ea856e20d86cab3 Mon Sep 17 00:00:00 2001
From: Dennis Witt <94747795+wittdennis@users.noreply.github.com>
Date: Fri, 27 Dec 2024 09:39:47 +0100
Subject: [PATCH] feat: egress netpols

---
 .../allow-kube-apiserver-traffic.yaml         | 42 +++++++-------
 .../network-policies/default-deny-egress.yaml | 56 +++++++++----------
 2 files changed, 49 insertions(+), 49 deletions(-)

diff --git a/cloud/networking/network-policies/allow-kube-apiserver-traffic.yaml b/cloud/networking/network-policies/allow-kube-apiserver-traffic.yaml
index 71231df..d5bf5e0 100644
--- a/cloud/networking/network-policies/allow-kube-apiserver-traffic.yaml
+++ b/cloud/networking/network-policies/allow-kube-apiserver-traffic.yaml
@@ -1,21 +1,21 @@
-# ---
-# apiVersion: cilium.io/v2
-# kind: CiliumNetworkPolicy
-# metadata:
-#   name: allow-kube-apiserver-traffic
-# spec:
-#   endpointSelector:
-#     matchLabels:
-#       network-policy/allow-kube-apiserver-traffic: apply
-#   ingress:
-#     - fromEntities:
-#         - kube-apiserver
-#   egress:
-#     - toEntities:
-#         - kube-apiserver
-#       toPorts:
-#         - ports:
-#             - port: "443"
-#               protocol: TCP
-#           rules:
-#             http: [{}]
+---
+apiVersion: cilium.io/v2
+kind: CiliumNetworkPolicy
+metadata:
+  name: allow-kube-apiserver-traffic
+spec:
+  endpointSelector:
+    matchLabels:
+      network-policy/allow-kube-apiserver-traffic: apply
+  ingress:
+    - fromEntities:
+        - kube-apiserver
+  egress:
+    - toEntities:
+        - kube-apiserver
+      # toPorts:
+      #   - ports:
+      #       - port: "443"
+      #         protocol: TCP
+      #     rules:
+      #       http: [{}]
diff --git a/cloud/networking/network-policies/default-deny-egress.yaml b/cloud/networking/network-policies/default-deny-egress.yaml
index 4fd2ae1..90ece9e 100644
--- a/cloud/networking/network-policies/default-deny-egress.yaml
+++ b/cloud/networking/network-policies/default-deny-egress.yaml
@@ -1,28 +1,28 @@
-# ---
-# apiVersion: cilium.io/v2
-# kind: CiliumNetworkPolicy
-# metadata:
-#   name: default-deny-egress
-#   namespace: foundry
-# spec:
-#   endpointSelector: {}
-#   egress:
-#     # DNS
-#     - toEndpoints:
-#         - matchLabels:
-#             io.kubernetes.pod.namespace: kube-system
-#             k8s-app: kube-dns
-#       toPorts:
-#         - ports:
-#             - port: "53"
-#               protocol: UDP
-#           rules:
-#             dns:
-#               - matchPattern: "*"
-#     # ingress-nginx
-#     - toEndpoints:
-#         - matchLabels:
-#             app.kubernetes.io/name: ingress-nginx
-#             app.kubernetes.io/instance: ingress-nginx
-#             app.kubernetes.io/component: controller
-#             io.kubernetes.pod.namespace: ingress-nginx
+---
+apiVersion: cilium.io/v2
+kind: CiliumNetworkPolicy
+metadata:
+    name: default-deny-egress
+    namespace: foundry
+spec:
+    endpointSelector: {}
+    egress:
+        # DNS
+        - toEndpoints:
+              - matchLabels:
+                    io.kubernetes.pod.namespace: kube-system
+                    k8s-app: kube-dns
+          toPorts:
+              - ports:
+                    - port: "53"
+                      protocol: UDP
+                rules:
+                    dns:
+                        - matchPattern: "*"
+        # ingress-nginx
+        - toEndpoints:
+              - matchLabels:
+                    app.kubernetes.io/name: ingress-nginx
+                    app.kubernetes.io/instance: ingress-nginx
+                    app.kubernetes.io/component: controller
+                    io.kubernetes.pod.namespace: ingress-nginx