From 1f1ef5aa7f885563fe33bd40618cf3e8ceab8deb Mon Sep 17 00:00:00 2001
From: Edward Cheng <edward@cheng.sydney>
Date: Sat, 15 Jun 2024 02:00:40 +1000
Subject: [PATCH] update network policies for pods

---
 kubernetes/apps/adguard-home/app/deployment.yaml | 4 ++++
 kubernetes/apps/capacitor/app/manifest.yaml      | 4 ++++
 2 files changed, 8 insertions(+)

diff --git a/kubernetes/apps/adguard-home/app/deployment.yaml b/kubernetes/apps/adguard-home/app/deployment.yaml
index 3624a04..b83dcb0 100644
--- a/kubernetes/apps/adguard-home/app/deployment.yaml
+++ b/kubernetes/apps/adguard-home/app/deployment.yaml
@@ -13,6 +13,10 @@ spec:
     metadata:
       labels:
         app.kubernetes.io/name: adguard-home
+        rpi5.cluster.policy/egress-kubeapi: "true"
+        rpi5.cluster.policy/egress-namespace: "true"
+        rpi5.cluster.policy/egress-world: "true"
+        rpi5.cluster.policy/ingress-nodes: "true"
     spec:
       containers:
         - name: adguard-home
diff --git a/kubernetes/apps/capacitor/app/manifest.yaml b/kubernetes/apps/capacitor/app/manifest.yaml
index 66a83df..6d2d80a 100644
--- a/kubernetes/apps/capacitor/app/manifest.yaml
+++ b/kubernetes/apps/capacitor/app/manifest.yaml
@@ -47,6 +47,10 @@ spec:
       labels:
         app.kubernetes.io/name: onechart
         app.kubernetes.io/instance: capacitor
+        rpi5.cluster.policy/egress-kubeapi: "true"
+        rpi5.cluster.policy/egress-namespace: "true"
+        rpi5.cluster.policy/egress-world: "true"
+        rpi5.cluster.policy/ingress-nodes: "true"
     spec:
       containers:
         - image: ghcr.io/gimlet-io/capacitor:v0.4.2