From 066ab44068eafa00f975ea5d4835895ebdb317d3 Mon Sep 17 00:00:00 2001
From: Jeremy Ho <jujaga@gmail.com>
Date: Tue, 16 Jan 2024 16:12:09 -0800
Subject: [PATCH] Implement more specific openshift ingress network policy

Signed-off-by: Jeremy Ho <jujaga@gmail.com>
---
 openshift/app.dc.yaml | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/openshift/app.dc.yaml b/openshift/app.dc.yaml
index e1df99f..376d780 100644
--- a/openshift/app.dc.yaml
+++ b/openshift/app.dc.yaml
@@ -21,6 +21,22 @@ labels:
   app.openshift.io/runtime: golang
   template: "${REPO_NAME}-app-template"
 objects:
+  - apiVersion: networking.k8s.io/v1
+    kind: NetworkPolicy
+    metadata:
+      name: "allow-openshift-ingress-to-${APP_NAME}-app"
+    spec:
+      podSelector:
+        matchLabels:
+          app: "${APP_NAME}-app"
+          role: app
+      ingress:
+        - from:
+            - namespaceSelector:
+                matchLabels:
+                  network.openshift.io/policy-group: ingress
+      policyTypes:
+        - Ingress
   - apiVersion: v1
     kind: ConfigMap
     metadata: