Put in place Cincinatti egress policy

Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
2019-06-20 09:55:24 +02:00 · 2019-06-20 09:55:24 +02:00 · 24963d3673
commit 24963d3673
parent 43af7f9206
2 changed files with 14 additions and 0 deletions
--- a/playbooks/openshift-apps/coreos-cincinnati.yml
+++ b/playbooks/openshift-apps/coreos-cincinnati.yml
@ -20,6 +20,7 @@
    - jlebon
    - lucab
    - sanja
+    egress_policy_template: "{{ roles_path }}/openshift-apps/coreos-cincinnati/templates/egresspolicy.yml"

  - role: openshift/imagestream
    app: coreos-cincinnati
--- a/roles/openshift-apps/coreos-cincinnati/templates/egresspolicy.yml
+++ b/roles/openshift-apps/coreos-cincinnati/templates/egresspolicy.yml
@ -0,0 +1,13 @@
+---
+apiVersion: v1
+kind: EgressNetworkPolicy
+metadata:
+  name: default
+spec:
+  egress:
+  - type: Allow
+    to:
+      dnsName: builds.coreos.fedoraproject.org
+  - type: Deny
+    to:
+      cidrSelector: "0.0.0.0/0"