From e8df03cd18272813d45696eb17bb3c79073c276b Mon Sep 17 00:00:00 2001 From: pgijsbertsen <117165507+pgijsbertsen@users.noreply.github.com> Date: Fri, 8 May 2026 11:47:53 +0200 Subject: [PATCH] add policies --- .../renovate-operator/kustomization.yaml | 2 +- k8s-peterg/renovate-operator/policies.yaml | 20 +++++++++++++++++++ k8s-peterg/renovate-operator/secrets.yaml | 2 +- 3 files changed, 22 insertions(+), 2 deletions(-) diff --git a/k8s-peterg/renovate-operator/kustomization.yaml b/k8s-peterg/renovate-operator/kustomization.yaml index 17e99a5..ad54284 100644 --- a/k8s-peterg/renovate-operator/kustomization.yaml +++ b/k8s-peterg/renovate-operator/kustomization.yaml @@ -6,7 +6,7 @@ namespace: renovate-operator resources: - configmap.yaml - namespace.yaml - # - policies.yaml + - policies.yaml - renovate-job.yaml - secrets.yaml diff --git a/k8s-peterg/renovate-operator/policies.yaml b/k8s-peterg/renovate-operator/policies.yaml index 2516fa9..fde5a8e 100644 --- a/k8s-peterg/renovate-operator/policies.yaml +++ b/k8s-peterg/renovate-operator/policies.yaml @@ -15,3 +15,23 @@ spec: - 10.0.0.0/8 - 192.168.0.0/16 - 172.16.0.0/12 +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: api-server-egress +spec: + podSelector: {} + policyTypes: + - Egress + egress: + - to: + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: kube-system + - podSelector: + matchLabels: + k8s-app: kube-apiserver + - ports: + - protocol: TCP + port: 6443 diff --git a/k8s-peterg/renovate-operator/secrets.yaml b/k8s-peterg/renovate-operator/secrets.yaml index 538fc3e..8dba422 100644 --- a/k8s-peterg/renovate-operator/secrets.yaml +++ b/k8s-peterg/renovate-operator/secrets.yaml @@ -16,7 +16,7 @@ spec: remoteRef: key: /secrets/managed/renovate/token property: RENOVATE_TOKEN - - secretKey: GITHUB_TOKEN + - secretKey: GITHUB_COM_TOKEN remoteRef: key: /secrets/managed/renovate/token property: GITHUB_COM_TOKEN