Skip to content

Commit

Permalink
Merge pull request #571 from kartverket/SKIP-1456
Browse files Browse the repository at this point in the history 
Include load balancer on cloud clusters in default deny netpol
  • Loading branch information
@larsore
larsore authored Dec 18, 2024
2 parents d6db244 + 032421d commit 104b321
Show file tree
Hide file tree
Showing 2 changed files with 24 additions and 0 deletions.
18 changes: 18 additions & 0 deletions pkg/resourcegenerator/networkpolicy/defaultdeny/default_deny_network_policy.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,24 @@ func Generate(r reconciliation.Reconciliation) error {
CIDR: "10.40.0.0/16",
},
},
// Egress rule for internal load balancer on atgcp1-sandbox
{
IPBlock: &networkingv1.IPBlock{
CIDR: "10.142.5.0/28",
},
},
// Egress rule for internal load balancer on atgcp1-dev
{
IPBlock: &networkingv1.IPBlock{
CIDR: "10.142.3.0/28",
},
},
// Egress rule for internal load balancer on atgcp1-prod
{
IPBlock: &networkingv1.IPBlock{
CIDR: "10.142.1.0/28",
},
},
// Egress rule for Internet
{
IPBlock: &networkingv1.IPBlock{
Expand Down
6 changes: 6 additions & 0 deletions tests/namespace/default-deny/assert.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,12 @@ spec:
- to:
- ipBlock:
cidr: 10.40.0.0/16
- ipBlock:
cidr: 10.142.5.0/28
- ipBlock:
cidr: 10.142.3.0/28
- ipBlock:
cidr: 10.142.1.0/28
- ipBlock:
cidr: 0.0.0.0/0
except:
Expand Down

0 comments on commit 104b321

Please sign in to comment.