kyverno/samples/best_practices/require_default_network_policy.yaml

apiVersion: kyverno.io/v1alpha1
kind: ClusterPolicy
metadata:
  name: default-deny-ingress-networkpolicy
  annotations:
    policies.kyverno.io/category: NetworkPolicy
    policies.kyverno.io/description: |
      By default, Kubernetes allows all ingress and egress traffic to and from pods within a cluster. A "default" NetworkPolicy resource for a namespace should be used to deny all ingress traffic to the pods in that namespace. Additional NetworkPolicy resources can then be configured to allow desired traffic to application pods.
spec:
  rules:
  - name: "default-deny-ingress"
    match:
      resources: 
        kinds:
        - Namespace
        name: "*"
    generate: 
      kind: NetworkPolicy
      name: default-deny-ingress
      data:
        spec:
          # select all pods in the namespace
          podSelector: {}
          policyTypes: 
          - Ingress
add samples/best_practices/require_default_network_policy.yaml 2019-10-09 18:52:48 -07:00			`apiVersion: kyverno.io/v1alpha1`
			`kind: ClusterPolicy`
			`metadata:`
update default network policy to deny all ingress traffic 2019-10-10 11:08:20 -07:00			`name: default-deny-ingress-networkpolicy`
Provide descriptions for policies 2019-10-11 18:57:16 -07:00			`annotations:`
			`policies.kyverno.io/category: NetworkPolicy`
update description 2019-10-14 13:58:47 -07:00			`policies.kyverno.io/description: \|`
			`By default, Kubernetes allows all ingress and egress traffic to and from pods within a cluster. A "default" NetworkPolicy resource for a namespace should be used to deny all ingress traffic to the pods in that namespace. Additional NetworkPolicy resources can then be configured to allow desired traffic to application pods.`
add samples/best_practices/require_default_network_policy.yaml 2019-10-09 18:52:48 -07:00			`spec:`
			`rules:`
update default network policy to deny all ingress traffic 2019-10-10 11:08:20 -07:00			`- name: "default-deny-ingress"`
add samples/best_practices/require_default_network_policy.yaml 2019-10-09 18:52:48 -07:00			`match:`
			`resources:`
			`kinds:`
			`- Namespace`
update readme 2019-10-09 23:46:18 -07:00			`name: "*"`
add samples/best_practices/require_default_network_policy.yaml 2019-10-09 18:52:48 -07:00			`generate:`
			`kind: NetworkPolicy`
update default network policy to deny all ingress traffic 2019-10-10 11:08:20 -07:00			`name: default-deny-ingress`
add samples/best_practices/require_default_network_policy.yaml 2019-10-09 18:52:48 -07:00			`data:`
			`spec:`
			`# select all pods in the namespace`
			`podSelector: {}`
			`policyTypes:`
documentation updates 2019-10-14 10:47:54 -07:00			`- Ingress`