fix: kubeVip Network Policies

kubernetes/argocd/base/network-policy.yaml

@@ -169,6 +169,25 @@ spec:
 ---
 apiVersion: networking.k8s.io/v1
 kind: NetworkPolicy
+metadata:
+  name: allow-to-openshift-ingress
+  namespace: argocd
+  annotations:
+    argocd.argoproj.io/sync-wave: "0"
+  labels:
+    app.kubernetes.io/instance: argocd
+spec:
+  policyTypes:
+    - Egress
+  podSelector: {}
+  egress:
+    - to:
+        - namespaceSelector:
+            matchLabels:
+              network.openshift.io/policy-group: ingress
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
 metadata:
   name: allow-internet-egress
   namespace: argocd

kubernetes/gitea/base/dragonfly/network-policy.yaml

@@ -135,6 +135,29 @@ spec:
 ---
 apiVersion: networking.k8s.io/v1
 kind: NetworkPolicy
+metadata:
+  name: dragonfly-allow-to-openshift-ingress
+  namespace: gitea
+  annotations:
+    argocd.argoproj.io/sync-wave: "0"
+  labels:
+    app.kubernetes.io/instance: gitea
+spec:
+  policyTypes:
+    - Egress
+  podSelector:
+    matchLabels:
+      app: gitea-dragonfly
+      app.kubernetes.io/name: dragonfly
+      app.kubernetes.io/part-of: dragonfly
+  egress:
+    - to:
+        - namespaceSelector:
+            matchLabels:
+              network.openshift.io/policy-group: ingress
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
 metadata:
   name: dragonfly-operator-system
   namespace: gitea

kubernetes/gitea/base/network-policy.yaml

@@ -120,3 +120,26 @@ spec:
             cidr: 10.0.0.100/32 # OKD HaProxy
         - ipBlock:
             cidr: 10.0.0.131/32 # OKD KubVip
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: allow-to-openshift-ingress
+  namespace: gitea
+  annotations:
+    argocd.argoproj.io/sync-wave: "0"
+  labels:
+    app.kubernetes.io/instance: gitea
+spec:
+  policyTypes:
+    - Egress
+  podSelector:
+    matchLabels:
+      app: gitea
+      app.kubernetes.io/instance: gitea
+      app.kubernetes.io/name: gitea
+  egress:
+    - to:
+        - namespaceSelector:
+            matchLabels:
+              network.openshift.io/policy-group: ingress

kubernetes/grafana/base/network-policy.yaml

@@ -215,3 +215,22 @@ spec:
             cidr: 10.0.0.100/32 # OKD HaProxy
         - ipBlock:
             cidr: 10.0.0.131/32 # OKD KubVip
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: allow-to-openshift-ingress
+  namespace: grafana
+  annotations:
+    argocd.argoproj.io/sync-wave: "0"
+  labels:
+    app.kubernetes.io/instance: grafana
+spec:
+  policyTypes:
+    - Egress
+  podSelector: {}
+  egress:
+    - to:
+        - namespaceSelector:
+            matchLabels:
+              network.openshift.io/policy-group: ingress

kubernetes/quay/base/dragonfly/network-policy.yaml

@@ -135,6 +135,29 @@ spec:
 ---
 apiVersion: networking.k8s.io/v1
 kind: NetworkPolicy
+metadata:
+  name: dragonfly-allow-to-openshift-ingress
+  namespace: quay
+  annotations:
+    argocd.argoproj.io/sync-wave: "0"
+  labels:
+    app.kubernetes.io/instance: quay
+spec:
+  policyTypes:
+    - Egress
+  podSelector:
+    matchLabels:
+      app: quay-dragonfly
+      app.kubernetes.io/name: dragonfly
+      app.kubernetes.io/part-of: dragonfly
+  egress:
+    - to:
+        - namespaceSelector:
+            matchLabels:
+              network.openshift.io/policy-group: ingress
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
 metadata:
   name: dragonfly-operator-system
   namespace: quay

kubernetes/quay/base/network-policy.yaml

@@ -116,7 +116,25 @@ spec:
             cidr: 10.0.0.100/32 # OKD HaProxy
         - ipBlock:
             cidr: 10.0.0.131/32 # OKD KubVip
-
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: allow-to-openshift-ingress
+  namespace: quay
+  annotations:
+    argocd.argoproj.io/sync-wave: "0"
+  labels:
+    app.kubernetes.io/instance: quay
+spec:
+  policyTypes:
+    - Egress
+  podSelector: {}
+  egress:
+    - to:
+        - namespaceSelector:
+            matchLabels:
+              network.openshift.io/policy-group: ingress
 ---
 apiVersion: networking.k8s.io/v1
 kind: NetworkPolicy