Put in place Cincinatti egress policy

Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>

playbooks/openshift-apps/coreos-cincinnati.yml

@@ -20,6 +20,7 @@
     - jlebon
     - lucab
     - sanja
+    egress_policy_template: "{{ roles_path }}/openshift-apps/coreos-cincinnati/templates/egresspolicy.yml"
 
   - role: openshift/imagestream
     app: coreos-cincinnati

roles/openshift-apps/coreos-cincinnati/templates/egresspolicy.yml

@@ -0,0 +1,13 @@
+---
+apiVersion: v1
+kind: EgressNetworkPolicy
+metadata:
+  name: default
+spec:
+  egress:
+  - type: Allow
+    to:
+      dnsName: builds.coreos.fedoraproject.org
+  - type: Deny
+    to:
+      cidrSelector: "0.0.0.0/0"