autojanet/k8s/policies/networkpolicy.yaml

---
# Default-deny all ingress and egress in autojanet namespace
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: default-deny-all
  namespace: autojanet
spec:
  podSelector: {}
  policyTypes:
    - Ingress
    - Egress
---
# Allow agents to reach the internet (APIs: Vikunja, Forgejo, LiteLLM, OpenBao, Grafana, etc.)
# All external services are HTTPS on 443; OpenBao internal is 8200
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: allow-egress-external
  namespace: autojanet
spec:
  podSelector:
    matchLabels:
      autojanet/type: agent
  policyTypes:
    - Egress
  egress:
    # HTTPS to external services
    - ports:
        - port: 443
          protocol: TCP
    # Internal cluster DNS
    - ports:
        - port: 53
          protocol: UDP
        - port: 53
          protocol: TCP
    # OpenBao in-cluster (openbao namespace)
    - to:
        - namespaceSelector:
            matchLabels:
              kubernetes.io/metadata.name: openbao
      ports:
        - port: 8200
          protocol: TCP
    # k8s API server (for kubectl-capable agents)
    - to:
        - ipBlock:
            cidr: 0.0.0.0/0
      ports:
        - port: 6443
          protocol: TCP
---
# Allow dispatcher egress to k8s API and OpenBao only
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: allow-dispatcher-egress
  namespace: autojanet
spec:
  podSelector:
    matchLabels:
      autojanet/role: dispatcher
  policyTypes:
    - Egress
  egress:
    - ports:
        - port: 443
          protocol: TCP
        - port: 53
          protocol: UDP
        - port: 53
          protocol: TCP
    - to:
        - namespaceSelector:
            matchLabels:
              kubernetes.io/metadata.name: openbao
      ports:
        - port: 8200
          protocol: TCP