openshift/nsp.yaml
---
apiVersion: v1
kind: Template
objects:
- apiVersion: security.devops.gov.bc.ca/v1alpha1
kind: NetworkSecurityPolicy
metadata:
name: "sa-deployer-k8s-api-comms"
spec:
description: |
Allow deployer pods to talk to the internal k8s api
source:
- - "$namespace=${NAMESPACE}"
- "@app:k8s:serviceaccountname=deployer"
destination:
- - int:network=internal-cluster-api-endpoint
parameters:
- name: NAMESPACE
description: Target namespace reference (i.e. 'wfezkf-dev')
displayName: Target Namespace
required: true