63 lines
1.2 KiB
Bash
Executable File
63 lines
1.2 KiB
Bash
Executable File
|
|
cat << EOF > networkpolicy-base.yml
|
|
---
|
|
apiVersion: networking.k8s.io/v1
|
|
kind: NetworkPolicy
|
|
metadata:
|
|
name: kubedns
|
|
spec:
|
|
podSelector: {}
|
|
policyTypes:
|
|
- Egress
|
|
egress:
|
|
- to:
|
|
- namespaceSelector:
|
|
matchLabels:
|
|
kubernetes.io/metadata.name: kube-system
|
|
ports:
|
|
- protocol: UDP
|
|
port: 53
|
|
---
|
|
apiVersion: networking.k8s.io/v1
|
|
kind: NetworkPolicy
|
|
metadata:
|
|
name: kubeprobe
|
|
spec:
|
|
podSelector: {}
|
|
policyTypes:
|
|
- Ingress
|
|
ingress:
|
|
EOF
|
|
for j in $(kubectl get nodes -o json | jq '.items[] | .spec.podCIDR' -r | cut -d "/" -f 1 | sed -e 's/\.0$/\.1\/32/' | xargs); do
|
|
cat << EOF >> networkpolicy-base.yml
|
|
- from:
|
|
- ipBlock:
|
|
cidr: $j
|
|
EOF
|
|
done
|
|
|
|
cat << EOF >> networkpolicy-base.yml
|
|
---
|
|
apiVersion: networking.k8s.io/v1
|
|
kind: NetworkPolicy
|
|
metadata:
|
|
name: kubeapi
|
|
spec:
|
|
podSelector: {}
|
|
policyTypes:
|
|
- Egress
|
|
egress:
|
|
- ports:
|
|
- port: 6443
|
|
to:
|
|
EOF
|
|
for j in $(kubectl get ep -n default kubernetes -o json | jq '.subsets[].addresses[].ip' -r | xargs); do
|
|
cat << EOF >> networkpolicy-base.yml
|
|
- ipBlock:
|
|
cidr: $j/32
|
|
EOF
|
|
done
|
|
|
|
cp networkpolicy-base.yml ../traefik/
|
|
cp networkpolicy-base.yml ../rosdump/
|