--- # Allow all traffic within the kube-system namespace; block all other access kind: NetworkPolicy apiVersion: networking.k8s.io/v1 metadata: name: intra-namespace namespace: kube-system spec: podSelector: {} ingress: - from: - namespaceSelector: matchLabels: name: kube-system policyTypes: - Ingress --- # Allow all traffic within the default namespace; block all other access kind: NetworkPolicy apiVersion: networking.k8s.io/v1 metadata: name: intra-namespace namespace: default spec: podSelector: {} ingress: - from: - namespaceSelector: matchLabels: name: default policyTypes: - Ingress --- # Allow traffic within the kube-public namespace; block all other access kind: NetworkPolicy apiVersion: networking.k8s.io/v1 metadata: name: intra-namespace namespace: kube-public spec: podSelector: {} ingress: - from: - namespaceSelector: matchLabels: name: kube-public policyTypes: - Ingress --- # Allow all access to metrics-server apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: allow-all-metrics-server namespace: kube-system spec: podSelector: matchLabels: k8s-app: metrics-server ingress: - {} policyTypes: - Ingress --- # Allow all access to coredns DNS ports apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: default-network-dns-policy namespace: kube-system spec: ingress: - ports: - port: 53 protocol: TCP - port: 53 protocol: UDP podSelector: matchLabels: k8s-app: kube-dns policyTypes: - Ingress --- # Allow all access to the servicelb traefik HTTP/HTTPS ports apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: allow-all-svclb-traefik namespace: kube-system spec: podSelector: matchLabels: svccontroller.k3s.cattle.io/svcname: traefik ingress: - ports: - port: 80 protocol: TCP - port: 443 protocol: TCP policyTypes: - Ingress --- # Allow all access to traefik HTTP/HTTPS ports apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: allow-all-traefik namespace: kube-system spec: podSelector: matchLabels: app.kubernetes.io/name: traefik ingress: - ports: - port: 8000 protocol: TCP - port: 8443 protocol: TCP policyTypes: - Ingress