Merge pull request #125 from bcgov/sec/networkpolicy

Add explicit Network Policy for Openshift Ingress

openshift/app.dc.yaml

@@ -12,6 +12,24 @@ labels:
 metadata:
   name: "${REPO_NAME}-app-dc"
 objects:
+  - apiVersion: networking.k8s.io/v1
+    kind: NetworkPolicy
+    metadata:
+      name: allow-openshift-ingress-to-${APP_NAME}-app-${JOB_NAME}
+    spec:
+      ingress:
+        - from:
+            - namespaceSelector:
+                matchLabels:
+                  network.openshift.io/policy-group: ingress
+          ports:
+            - port: 3000
+              protocol: TCP
+      podSelector:
+        matchLabels:
+          app: "${APP_NAME}-${JOB_NAME}"
+          deploymentconfig: "${APP_NAME}-app-${JOB_NAME}"
+          role: app
   - apiVersion: networking.k8s.io/v1
     kind: NetworkPolicy
     metadata: