84 lines
1.5 KiB
YAML
84 lines
1.5 KiB
YAML
---
|
|
apiVersion: networking.k8s.io/v1
|
|
kind: NetworkPolicy
|
|
metadata:
|
|
name: rustdesk-network-policy
|
|
spec:
|
|
podSelector:
|
|
matchLabels:
|
|
app: rustdesk-hbbs
|
|
policyTypes:
|
|
- Ingress
|
|
- Egress
|
|
ingress:
|
|
# Allow all incoming connections to RustDesk ports
|
|
- from: []
|
|
ports:
|
|
- protocol: TCP
|
|
port: 21115
|
|
- protocol: TCP
|
|
port: 21116
|
|
- protocol: UDP
|
|
port: 21116
|
|
- protocol: TCP
|
|
port: 21114
|
|
# Allow Traefik ingress for web interface
|
|
- from:
|
|
- namespaceSelector:
|
|
matchLabels:
|
|
name: kube-system
|
|
ports:
|
|
- protocol: TCP
|
|
port: 21114
|
|
egress:
|
|
# Allow DNS
|
|
- to: []
|
|
ports:
|
|
- protocol: UDP
|
|
port: 53
|
|
- protocol: TCP
|
|
port: 53
|
|
# Allow communication between HBBS and HBBR
|
|
- to:
|
|
- podSelector:
|
|
matchLabels:
|
|
app: rustdesk-hbbr
|
|
ports:
|
|
- protocol: TCP
|
|
port: 21117
|
|
|
|
---
|
|
apiVersion: networking.k8s.io/v1
|
|
kind: NetworkPolicy
|
|
metadata:
|
|
name: rustdesk-hbbr-network-policy
|
|
spec:
|
|
podSelector:
|
|
matchLabels:
|
|
app: rustdesk-hbbr
|
|
policyTypes:
|
|
- Ingress
|
|
- Egress
|
|
ingress:
|
|
# Allow all incoming connections to relay port
|
|
- from: []
|
|
ports:
|
|
- protocol: TCP
|
|
port: 21117
|
|
# Allow connections from HBBS
|
|
- from:
|
|
- podSelector:
|
|
matchLabels:
|
|
app: rustdesk-hbbs
|
|
ports:
|
|
- protocol: TCP
|
|
port: 21117
|
|
egress:
|
|
# Allow DNS
|
|
- to: []
|
|
ports:
|
|
- protocol: UDP
|
|
port: 53
|
|
- protocol: TCP
|
|
port: 53
|