homelab-gitops/apps/soulsync/network-policy.yaml
gwg313 67a2318a96
add soulsync
Signed-off-by: gwg313 <gwg313@pm.me>
2026-06-18 15:19:38 -04:00

45 lines
1 KiB
YAML

# ----------------------------------------------------
# Ingress only from Gateway API
# ----------------------------------------------------
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
name: allow-ingress
namespace: slskd
spec:
endpointSelector:
matchLabels:
app: slskd
ingress:
- fromEntities:
- ingress
toPorts:
- ports:
- port: "5030"
protocol: TCP
- port: "8080"
protocol: TCP
---
# ----------------------------------------------------
# VPN killswitch — only allow egress to ProtonVPN endpoint
# All other internet traffic is blocked, forcing it through the tunnel
# ----------------------------------------------------
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
name: vpn-killswitch
namespace: slskd
spec:
endpointSelector:
matchLabels:
app: slskd
egress:
- toCIDR:
- "149.50.216.205/32"
toPorts:
- ports:
- port: "51820"
protocol: UDP