From f9a86f79173ee73cd60ab4b2ff04d49764e53644 Mon Sep 17 00:00:00 2001
From: Aleksandr Nogikh <nogikh@google.com>
Date: Tue, 11 Mar 2025 20:28:06 +0100
Subject: syz-cluster: add a web dashboard network policy

The app should be accessible from everywhere.
---
 syz-cluster/overlays/common/kustomization.yaml        |  1 +
 .../overlays/common/network-policy-web-dashboard.yaml | 19 +++++++++++++++++++
 2 files changed, 20 insertions(+)
 create mode 100644 syz-cluster/overlays/common/network-policy-web-dashboard.yaml

diff --git a/syz-cluster/overlays/common/kustomization.yaml b/syz-cluster/overlays/common/kustomization.yaml
index 23982f7b5..432dfbb90 100644
--- a/syz-cluster/overlays/common/kustomization.yaml
+++ b/syz-cluster/overlays/common/kustomization.yaml
@@ -12,6 +12,7 @@ resources:
   - network-deny-all.yaml
   - network-policy-controller.yaml
   - network-policy-git-access.yaml
+  - network-policy-web-dashboard.yaml
   - workflow-roles.yaml
 
 patchesStrategicMerge:
diff --git a/syz-cluster/overlays/common/network-policy-web-dashboard.yaml b/syz-cluster/overlays/common/network-policy-web-dashboard.yaml
new file mode 100644
index 000000000..a9c36d884
--- /dev/null
+++ b/syz-cluster/overlays/common/network-policy-web-dashboard.yaml
@@ -0,0 +1,19 @@
+# Copyright 2025 syzkaller project authors. All rights reserved.
+# Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file.
+
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: access-to-web-dashboard
+  namespace: default
+spec:
+  podSelector:
+    matchLabels:
+      app: web-dashboard
+  policyTypes:
+  - Ingress
+  ingress:
+  - from: []
+    ports:
+    - protocol: TCP
+      port: 8081
-- 
cgit mrf-deployment