From e6f83b226e7d17789212dcca7d2cde91dee6dfd4 Mon Sep 17 00:00:00 2001
From: Alex Belanger <nitrix@nitrix.me>
Date: Tue, 12 Mar 2024 00:42:17 -0400
Subject: [PATCH] Block all egress traffic.

---
 k8s/candide-vm.yaml | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/k8s/candide-vm.yaml b/k8s/candide-vm.yaml
index 78ee1f77..8a42075c 100644
--- a/k8s/candide-vm.yaml
+++ b/k8s/candide-vm.yaml
@@ -25,3 +25,14 @@ spec:
             limits:
               cpu: "0.5"
               memory: 200Mi
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: default-deny-egress
+spec:
+  podSelector:
+    matchLabels:
+      app: candide-vm
+  policyTypes:
+    - Egress