feat(deployment): add network access allowlist for pod identity webhook

jastBytes · jastBytes · commit 9faa06a7ade3 · 2026-03-30T11:01:18.000+02:00
diff --git a/charts/internal/seed-controlplane/charts/stackit-pod-identity-webhook/templates/deployment.yaml b/charts/internal/seed-controlplane/charts/stackit-pod-identity-webhook/templates/deployment.yaml
@@ -17,6 +17,8 @@ spec:
         app.kubernetes.io/name: stackit-pod-identity-webhook
         workload-identity.stackit.cloud/skip-pod-identity-webhook: "true"
         gardener.cloud/role: controlplane
+        networking.gardener.cloud/to-dns: allowed
+        networking.resources.gardener.cloud/to-kube-apiserver-tcp-443: allowed
     spec:
       topologySpreadConstraints:
         - maxSkew: 1
