add network policy back with tweaks

the other policy only allows the vpn to connect out to the internet through the vpn.
jgilfoil · Feb 29, 2024 · 84ff7df · 84ff7df
1 parent 2405338
commit 84ff7df
Showing 1 changed file with 10 additions and 3 deletions.
diff --git a/kubernetes/apps/network/vpn-gateway/app/helmrelease.yaml b/kubernetes/apps/network/vpn-gateway/app/helmrelease.yaml
@@ -91,7 +91,14 @@ spec:
             memory: 10M
 
         networkPolicy:
-          enabled: false
+          enabled: true
+          egress:
+            - to:
+              - ipBlock:
+                  cidr: 10.0.0.0/8
+            - to:
+              - ipBlock:
+                  cidr: 192.168.1.0/24
 
     settings:
       # -- If using a VPN, interface name created by it
@@ -101,8 +108,8 @@ spec:
       # -- If VPN_BLOCK_OTHER_TRAFFIC is true, allow VPN traffic over this port
       VPN_TRAFFIC_PORT: ${SECRET_VPN_GATEWAY_PORT}
       # -- Traffic to these IPs will be sent through the K8S gateway
-      VPN_LOCAL_CIDRS: "10.0.0.0/8 192.168.1.0/24"
-      NOT_ROUTED_TO_GATEWAY_CIDRS: "10.0.0.0/8 192.168.0.0/24"
+      VPN_LOCAL_CIDRS: "10.69.0.0/16 10.96.0.0/16 192.168.1.0/24"
+      NOT_ROUTED_TO_GATEWAY_CIDRS: "10.0.0.0/8 10.96.0.0/16 192.168.0.0/24"
 
     # -- settings to expose ports, usually through a VPN provider.
     # NOTE: if you change it you will need to manually restart the gateway POD