shift network policy back to stand alone

[jgilfoil]

there were important differences in the policy that affected it's function.

[github-actions]

--- HelmRelease: network/vpn-gateway ConfigMap: testing/vpn-gateway-pod-gateway

+++ HelmRelease: network/vpn-gateway ConfigMap: testing/vpn-gateway-pod-gateway

@@ -20,9 +20,10 @@

     VPN_TRAFFIC_PORT="${SECRET_VPN_GATEWAY_PORT}"
     VXLAN_GATEWAY_FIRST_DYNAMIC_IP="20"
     VXLAN_ID="42"
     VXLAN_IP_NETWORK="172.16.0"
   nat.conf: |
     # Generated by vpn-gateway-pod-gateway
+    transmission 10 udp:27071,tcp:27071
   nat6.conf: |
     # Generated by vpn-gateway-pod-gateway
 
--- HelmRelease: network/vpn-gateway ConfigMap: network/vpn-gateway-pod-gateway

+++ HelmRelease: network/vpn-gateway ConfigMap: network/vpn-gateway-pod-gateway

@@ -20,9 +20,10 @@

     VPN_TRAFFIC_PORT="${SECRET_VPN_GATEWAY_PORT}"
     VXLAN_GATEWAY_FIRST_DYNAMIC_IP="20"
     VXLAN_ID="42"
     VXLAN_IP_NETWORK="172.16.0"
   nat.conf: |
     # Generated by vpn-gateway-pod-gateway
+    transmission 10 udp:27071,tcp:27071
   nat6.conf: |
     # Generated by vpn-gateway-pod-gateway
 

[github-actions]

--- kubernetes/apps/network/vpn-gateway/app Kustomization: flux-system/vpn-gateway HelmRelease: network/vpn-gateway

+++ kubernetes/apps/network/vpn-gateway/app Kustomization: flux-system/vpn-gateway HelmRelease: network/vpn-gateway

@@ -21,23 +21,13 @@

   interval: 5m
   values:
     addons:
       netshoot:
         enabled: true
         networkPolicy:
-          egress:
-          - ports:
-            - port: ${SECRET_VPN_GATEWAY_PORT}
-              protocol: UDP
-            to:
-            - ipBlock:
-                cidr: 0.0.0.0/0
-          - to:
-            - ipBlock:
-                cidr: 10.0.0.0/8
-          enabled: true
+          enabled: false
         resources:
           limits:
             memory: 10M
           requests:
             cpu: 5m
             memory: 10M
@@ -86,12 +76,20 @@

         type: gluetun
     image:
       repository: ghcr.io/angelnu/pod-gateway
       tag: v1.8.1@sha256:690b6365728fe9012ad4cdfca38334992664596513dca187d1b93d2025205776
     podAnnotations:
       reloader.stakater.com/auto: 'true'
+    publicPorts:
+    - IP: 10
+      hostname: transmission
+      ports:
+      - port: 27071
+        type: udp
+      - port: 27071
+        type: tcp
     routed_namespaces:
     - testing
     settings:
       NOT_ROUTED_TO_GATEWAY_CIDRS: 10.0.0.0/8 192.168.0.0/24
       VPN_BLOCK_OTHER_TRAFFIC: true
       VPN_INTERFACE: wg0
--- kubernetes/apps/network/vpn-gateway/app Kustomization: flux-system/vpn-gateway CiliumNetworkPolicy: network/vpn-pod-gateway

+++ kubernetes/apps/network/vpn-gateway/app Kustomization: flux-system/vpn-gateway CiliumNetworkPolicy: network/vpn-pod-gateway

@@ -0,0 +1,26 @@

+---
+apiVersion: cilium.io/v2
+kind: CiliumNetworkPolicy
+metadata:
+  labels:
+    app.kubernetes.io/instance: vpn-gateway
+    app.kubernetes.io/name: vpn-gateway
+    kustomize.toolkit.fluxcd.io/name: vpn-gateway
+    kustomize.toolkit.fluxcd.io/namespace: flux-system
+  name: vpn-pod-gateway
+  namespace: network
+spec:
+  egress:
+  - toCIDR:
+    - 0.0.0.0/0
+    toPorts:
+    - ports:
+      - port: ${SECRET_VPN_GATEWAY_PORT}
+        protocol: UDP
+  - toEntities:
+    - cluster
+  endpointSelector:
+    matchLabels:
+      app.kubernetes.io/instance: vpn-gateway
+      app.kubernetes.io/name: pod-gateway
+