test that host networked pods are not impacted by network policies

Author: isabella-janssen

install/0000_80_machine-config_00_networkpolicy-kube-rbac-proxy-crio.yaml

@@ -0,0 +1,16 @@
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: kube-rbac-proxy-crio-deny-all
+  namespace: openshift-machine-config-operator
+  annotations:
+    include.release.openshift.io/ibm-cloud-managed: "true"
+    include.release.openshift.io/self-managed-high-availability: "true"
+    include.release.openshift.io/single-node-developer: "true"
+spec:
+  podSelector:
+    matchLabels:
+      k8s-app: kube-rbac-proxy-crio
+  policyTypes:
+  - Ingress
+  - Egress

manifests/machineconfigdaemon/networkpolicy.yaml

@@ -0,0 +1,12 @@
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: machine-config-daemon-deny-all
+  namespace: {{.TargetNamespace}}
+spec:
+  podSelector:
+    matchLabels:
+      k8s-app: machine-config-daemon
+  policyTypes:
+  - Ingress
+  - Egress

manifests/machineconfigserver/networkpolicy.yaml

@@ -0,0 +1,12 @@
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: machine-config-server-deny-all
+  namespace: {{.TargetNamespace}}
+spec:
+  podSelector:
+    matchLabels:
+      k8s-app: machine-config-server
+  policyTypes:
+  - Ingress
+  - Egress