Agent/examples/auto_put_ad_mini/k8s/network-policy.yaml

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: auto-put-ad-mini-policy
  namespace: ad-automation
  labels:
    app: auto-put-ad-mini
spec:
  podSelector:
    matchLabels:
      app: auto-put-ad-mini
  policyTypes:
  - Egress
  - Ingress
  ingress:
  # 允许同命名空间内的 Pod 访问（例如监控、日志收集）
  - from:
    - namespaceSelector:
        matchLabels:
          name: ad-automation
    ports:
    - protocol: TCP
      port: 8080
  egress:
  # 允许访问 DNS
  - to:
    - namespaceSelector: {}
    ports:
    - protocol: UDP
      port: 53
  # 允许访问代理服务（如果需要）
  - to:
    - podSelector:
        matchLabels:
          app: proxy
    ports:
    - protocol: TCP
      port: 8080
  # 允许访问外部 HTTPS（腾讯广告 API、飞书 API等）
  - to:
    - namespaceSelector: {}
    ports:
    - protocol: TCP
      port: 443
    - protocol: TCP
      port: 80