UNCLASSIFIED
{{- if .Values.networkPolicies.enabled }} apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata:
name: egress-kube-api
namespace: {{ .Release.Namespace }} spec:
podSelector: {}
egress: - to: - ipBlock: cidr: {{ .Values.networkPolicies.controlPlaneCidr }} {{- if eq .Values.networkPolicies.controlPlaneCidr "0.0.0.0/0" }} # ONLY Block requests to cloud metadata IP except: - 169.254.169.254/32 {{- end }} policyTypes: - Egress {{- end }}
