why

2025-09-13 21:15:35 -04:00
parent 1b827c05a6
commit 2c538a1cf9
3 changed files with 48 additions and 1 deletions
@@ -0,0 +1,26 @@
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+    name: allow-common-egress
+    namespace: ai
+spec:
+    podSelector: {}
+    policyTypes: ["Egress"]
+    egress:
+        # Allow DNS to kube-dns/CoreDNS in kube-system
+        - to:
+              - namespaceSelector:
+                    matchLabels:
+                        kubernetes.io/metadata.name: kube-system
+          ports:
+              - { protocol: UDP, port: 53 }
+              - { protocol: TCP, port: 53 }
+
+        # Allow PostgreSQL to services/pods in namespace ai on 5432
+        - to:
+              - namespaceSelector:
+                    matchLabels:
+                        kubernetes.io/metadata.name: ai
+          ports:
+              - { protocol: TCP, port: 5432 }
+