From 567effd1a681ed11d2f43a6843254928e2600d6a Mon Sep 17 00:00:00 2001
From: Jason Gilfoil <jgilfoil@gmail.com>
Date: Mon, 26 Feb 2024 20:43:57 +0000
Subject: [PATCH] add network policy for pod-gateway

---
 .../kube-system/cilium/app/kustomization.yaml |  1 +
 .../kube-system/cilium/app/networkpolicy.yaml | 24 +++++++++++++++++++
 2 files changed, 25 insertions(+)
 create mode 100644 kubernetes/apps/kube-system/cilium/app/networkpolicy.yaml

diff --git a/kubernetes/apps/kube-system/cilium/app/kustomization.yaml b/kubernetes/apps/kube-system/cilium/app/kustomization.yaml
index 082cd4b6..a88b6e55 100644
--- a/kubernetes/apps/kube-system/cilium/app/kustomization.yaml
+++ b/kubernetes/apps/kube-system/cilium/app/kustomization.yaml
@@ -4,3 +4,4 @@ kind: Kustomization
 resources:
   - ./cilium-l2.yaml
   - ./helmrelease.yaml
+  - ./networkpolicy.yaml
diff --git a/kubernetes/apps/kube-system/cilium/app/networkpolicy.yaml b/kubernetes/apps/kube-system/cilium/app/networkpolicy.yaml
new file mode 100644
index 00000000..a872d4bb
--- /dev/null
+++ b/kubernetes/apps/kube-system/cilium/app/networkpolicy.yaml
@@ -0,0 +1,24 @@
+---
+apiVersion: cilium.io/v2
+kind: CiliumNetworkPolicy
+metadata:
+  name: vpn-pod-gateway
+  namespace: vpn
+  labels:
+    app.kubernetes.io/instance: pod-gateway
+    app.kubernetes.io/name: pod-gateway
+spec:
+  endpointSelector:
+    matchLabels:
+      app.kubernetes.io/instance: pod-gateway
+      app.kubernetes.io/name: pod-gateway
+
+  egress:
+    - toCIDR:
+        - 0.0.0.0/0
+      toPorts:
+        - ports:
+            - port: "1637"
+              protocol: UDP
+    - toEntities:
+        - cluster