Add Network Policy

 1apiVersion: kyverno.io/v1
 2kind: ClusterPolicy
 3metadata:
 4  name: add-networkpolicy
 5  annotations:
 6    policies.kyverno.io/title: Add Network Policy
 7    policies.kyverno.io/category: Multi-Tenancy, EKS Best Practices
 8    policies.kyverno.io/subject: NetworkPolicy
 9    policies.kyverno.io/minversion: 1.6.0
10    policies.kyverno.io/description: >-
11      By default, Kubernetes allows communications across all Pods within a cluster.
12      The NetworkPolicy resource and a CNI plug-in that supports NetworkPolicy must be used to restrict
13      communications. A default NetworkPolicy should be configured for each Namespace to
14      default deny all ingress and egress traffic to the Pods in the Namespace. Application
15      teams can then configure additional NetworkPolicy resources to allow desired traffic
16      to application Pods from select sources. This policy will create a new NetworkPolicy resource
17      named `default-deny` which will deny all traffic anytime a new Namespace is created.
18spec:
19  rules:
20  - name: default-deny
21    match:
22      any:
23      - resources:
24          kinds:
25          - Namespace
26    generate:
27      apiVersion: networking.k8s.io/v1
28      kind: NetworkPolicy
29      name: default-deny
30      namespace: "{{request.object.metadata.name}}"
31      synchronize: true
32      data:
33        spec:
34          # select all pods in the namespace
35          podSelector: {}
36          # deny all traffic
37          policyTypes:
38          - Ingress
39          - Egress