Prevent outbound traffic from executors

Fixes: https://github.com/ballerina-platform/playground/issues/25 `
ballerina-attic · Nov 22, 2019 · d91b774 · d91b774
1 parent 215c6c1
commit d91b774
Show file tree

Hide file tree

Showing 2 changed files with 34 additions and 0 deletions.
diff --git a/k8s/network/Readme.md b/k8s/network/Readme.md
@@ -0,0 +1,12 @@
+# Enable
+gcloud container clusters create [CLUSTER_NAME] --enable-network-policy
+
+or 
+
+gcloud container clusters update [CLUSTER_NAME] --update-addons=NetworkPolicy=ENABLED
+gcloud container clusters update [CLUSTER_NAME] --enable-network-policy
+
+
+# Disable
+
+gcloud container clusters update [CLUSTER_NAME] --no-enable-network-policy
diff --git a/k8s/network/egress-block.yaml b/k8s/network/egress-block.yaml
@@ -0,0 +1,22 @@
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: deny-egress-traffic
+  namespace: ballerina-playground-v2
+spec:
+  policyTypes:
+  - Egress
+  podSelector:
+    matchLabels:
+      app: ballerina-playground-executor
+  egress:
+  - to:
+    - podSelector:
+        matchLabels:
+          app: ballerina-playground-controller
+  - ports:
+    - port: 53
+      protocol: TCP
+    - port: 53
+      protocol: UDP
+