add policies

k8s-peterg/renovate-operator/kustomization.yaml

@@ -6,7 +6,7 @@ namespace: renovate-operator
 resources:
   - configmap.yaml
   - namespace.yaml
-  # - policies.yaml
+  - policies.yaml
   - renovate-job.yaml
   - secrets.yaml
 

k8s-peterg/renovate-operator/policies.yaml

@@ -15,3 +15,23 @@ spec:
               - 10.0.0.0/8
               - 192.168.0.0/16
               - 172.16.0.0/12
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: api-server-egress
+spec:
+  podSelector: {}
+  policyTypes:
+    - Egress
+  egress:
+    - to:
+        - namespaceSelector:
+            matchLabels:
+              kubernetes.io/metadata.name: kube-system
+        - podSelector:
+            matchLabels:
+              k8s-app: kube-apiserver
+    - ports:
+        - protocol: TCP
+          port: 6443

k8s-peterg/renovate-operator/secrets.yaml

@@ -16,7 +16,7 @@ spec:
       remoteRef:
         key: /secrets/managed/renovate/token
         property: RENOVATE_TOKEN
-    - secretKey: GITHUB_TOKEN
+    - secretKey: GITHUB_COM_TOKEN
       remoteRef:
         key: /secrets/managed/renovate/token
         property: GITHUB_COM_TOKEN