Merge pull request #865 from kinvolk/invidian/add-network-policy-to-a…

…ws-ebs-csi-driver aws-ebs-csi-driver: add NetworkPolicy allowing access to metadata
kinvolk · Aug 27, 2020 · b319cab · b319cab
2 parents a57d1aa + da93cb0
commit b319cab
Show file tree

Hide file tree

Showing 2 changed files with 26 additions and 0 deletions.
diff --git a/assets/charts/components/aws-ebs-csi-driver/templates/networkpolicy.yaml b/assets/charts/components/aws-ebs-csi-driver/templates/networkpolicy.yaml
@@ -0,0 +1,18 @@
+# Lokomotive-specific change.
+#
+# Bypass Global Network Policy blocking access to EC2 instance metadata
+# endpoint by allowing controller pods to connect to everything, as
+# other pods can.
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: ebs-csi-controller-allow-all-egress
+spec:
+  podSelector:
+    matchLabels:
+      app: ebs-csi-controller
+      {{- include "aws-ebs-csi-driver.selectorLabels" . | nindent 6 }}
+  egress:
+  - {}
+  policyTypes:
+  - Egress
diff --git a/pkg/assets/generated_assets.go b/pkg/assets/generated_assets.go