From 3ec62d042ec2caeafc818a080cadf20e7eda36e1 Mon Sep 17 00:00:00 2001
From: JJGadgets <git@jjgadgets.tech>
Date: Mon, 27 Jan 2025 22:52:10 +0800
Subject: [PATCH] fix(sandstorm): netpols

---
 kube/deploy/apps/insurgency-sandstorm/app/hr.yaml    |  5 +++--
 .../deploy/apps/insurgency-sandstorm/app/netpol.yaml | 12 ++++++++++++
 2 files changed, 15 insertions(+), 2 deletions(-)
 create mode 100644 kube/deploy/apps/insurgency-sandstorm/app/netpol.yaml

diff --git a/kube/deploy/apps/insurgency-sandstorm/app/hr.yaml b/kube/deploy/apps/insurgency-sandstorm/app/hr.yaml
index 98dd8afa9f..f5748991bd 100644
--- a/kube/deploy/apps/insurgency-sandstorm/app/hr.yaml
+++ b/kube/deploy/apps/insurgency-sandstorm/app/hr.yaml
@@ -23,6 +23,7 @@ spec:
         pod:
           labels:
             ingress.home.arpa/world: allow
+            dns.home.arpa/l7: "true"
         containers:
           main:
             image: &img
@@ -47,7 +48,7 @@ spec:
                 drop: ["ALL"]
             resources:
               requests:
-                cpu: "10m"
+                cpu: "100m"
               limits:
                 cpu: "2"
                 memory: "2Gi"
@@ -78,7 +79,7 @@ spec:
                 cpu: "300m"
               limits:
                 cpu: "1"
-                memory: "128Mi"
+                memory: "256Mi"
     service:
       insurgency-sandstorm:
         controller: insurgency-sandstorm
diff --git a/kube/deploy/apps/insurgency-sandstorm/app/netpol.yaml b/kube/deploy/apps/insurgency-sandstorm/app/netpol.yaml
new file mode 100644
index 0000000000..5bf12b20e5
--- /dev/null
+++ b/kube/deploy/apps/insurgency-sandstorm/app/netpol.yaml
@@ -0,0 +1,12 @@
+---
+# yaml-language-server: $schema=https://crds.jank.ing/cilium.io/ciliumnetworkpolicy_v2.json
+apiVersion: cilium.io/v2
+kind: CiliumNetworkPolicy
+metadata:
+  name: &app insurgency-sandstorm
+  namespace: *app
+spec:
+  endpointSelector: {}
+  egress:
+    - toFQDNs:
+        - matchPattern: "*.mod.io"