cilium

1
apiVersion: "cilium.io/v2"
2
kind: CiliumClusterwideNetworkPolicy
3
metadata:
4
  name: "lock-down-ingress-worker-node"
5
spec:
6
  description: "Allow a minimum set of required ports on ingress of worker nodes"
7
  nodeSelector:
8
    matchLabels:
9
      type: ingress-worker
10
  ingress:
11
  - fromEntities:
12
    - remote-node
13
    - health
14
  - toPorts:
15
    - ports:
16
      - port: "6443"
17
        protocol: TCP
18
      - port: "22"
19
        protocol: TCP
20
      - port: "2379"
21
        protocol: TCP
22
      - port: "4240"
23
        protocol: TCP
24
      - port: "8472"
25
        protocol: UDP
26
      - port: "REMOVE_ME_AFTER_DOUBLE_CHECKING_PORTS"
27
        protocol: TCP
28