Exploring cilium netpolicies.

2024-01-08 13:26:25 -06:00 · 2024-01-08 13:26:25 -06:00 · f2f23345ef
commit f2f23345ef
parent aae23883b7
1 changed files with 7 additions and 0 deletions
--- a/kubernetes/apps/kube-system/cilium/app/helmrelease.yaml
+++ b/kubernetes/apps/kube-system/cilium/app/helmrelease.yaml
@ -36,6 +36,13 @@ spec:
        enabled: true
    ipam:
      mode: kubernetes
+    policyEnforcementMode: always    # enforce network policies
+    policyAuditMode: true            # do not block traffic
+    hostFirewall:
+      enabled: true                  # enable host policies
+    extraConfig:
+      allow-localhost: policy        # enable policies for localhost
+
    kubeProxyReplacement: true
    securityContext:
      capabilities: