2025-06-29 18:51:56 +03:00
..
2022-08-25 11:22:50 +03:00
2025-04-20 19:01:39 +03:00
2025-04-20 19:01:39 +03:00
2025-04-20 19:01:39 +03:00
2025-04-20 19:01:39 +03:00
2022-08-25 11:22:50 +03:00
2025-06-29 18:51:56 +03:00

To regenerate base network policies

It's quite odd there is no better way to generate these.

cat << EOF > networkpolicy-base.yml
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: kubedns
spec:
  podSelector: {}
  policyTypes:
  - Egress
  egress:
  - to:
    - namespaceSelector:
        matchLabels:
          kubernetes.io/metadata.name: kube-system
    ports:
    - protocol: UDP
      port: 53
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: kubeprobe
spec:
  podSelector: {}
  policyTypes:
  - Ingress
  ingress:
EOF
for j in $(kubectl get nodes -o json   | jq '.items[] | .spec.podCIDR' -r | cut -d "/" -f 1 | sed -e 's/\.0$/\.1\/32/' | xargs); do
cat << EOF >> networkpolicy-base.yml
  - from:
    - ipBlock:
        cidr: $j
EOF
done

cat << EOF >> networkpolicy-base.yml
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: kubeapi
spec:
  podSelector: {}
  policyTypes:
  - Egress
  egress:
  - ports:
    - port: 6443
    to:
EOF
for j in $(kubectl get ep -n default kubernetes -o json | jq '.subsets[].addresses[].ip' -r | xargs); do
cat << EOF >> networkpolicy-base.yml
    - ipBlock:
        cidr: $j/32
EOF
done

cp networkpolicy-base.yml ../traefik/