From f2f23345ef5e66bcb2b17bb9cc88a46d3bac8113 Mon Sep 17 00:00:00 2001
From: Joseph Hanson <joe@veri.dev>
Date: Mon, 8 Jan 2024 13:26:25 -0600
Subject: [PATCH] Exploring cilium netpolicies.

---
 kubernetes/apps/kube-system/cilium/app/helmrelease.yaml | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/kubernetes/apps/kube-system/cilium/app/helmrelease.yaml b/kubernetes/apps/kube-system/cilium/app/helmrelease.yaml
index 8b9bcf1..df9d472 100644
--- a/kubernetes/apps/kube-system/cilium/app/helmrelease.yaml
+++ b/kubernetes/apps/kube-system/cilium/app/helmrelease.yaml
@@ -36,6 +36,13 @@ spec:
         enabled: true
     ipam:
       mode: kubernetes
+    policyEnforcementMode: always    # enforce network policies
+    policyAuditMode: true            # do not block traffic
+    hostFirewall:
+      enabled: true                  # enable host policies
+    extraConfig:
+      allow-localhost: policy        # enable policies for localhost
+
     kubeProxyReplacement: true
     securityContext:
       capabilities: