From 10aa720cb94d14ac983cc93f8ae41bde97bd7d6a Mon Sep 17 00:00:00 2001
From: Erik Sundell <erik.i.sundell@gmail.com>
Date: Tue, 30 Jul 2024 21:09:33 +0200
Subject: [PATCH] basehub: trim away redundant egress network policy addition

---
 helm-charts/basehub/values.yaml | 15 +++------------
 1 file changed, 3 insertions(+), 12 deletions(-)

diff --git a/helm-charts/basehub/values.yaml b/helm-charts/basehub/values.yaml
index 228f9033a9..bee3b6d34f 100644
--- a/helm-charts/basehub/values.yaml
+++ b/helm-charts/basehub/values.yaml
@@ -819,20 +819,11 @@ jupyterhub:
       #    this guarantee doesn't actually change our scheduling.
       guarantee: 0.05
     networkPolicy:
-      # Allow unrestricted access to the internet but not local cluster network
       enabled: true
+      # Egress to internet is allowed by default via z2jh's egressAllowRules,
+      # but we need to add a few custom rules for the cluster internal
+      # networking.
       egress:
-        - to:
-            - ipBlock:
-                cidr: 0.0.0.0/0
-                except:
-                  # Don't allow network access to private IP ranges
-                  # Listed in https://datatracker.ietf.org/doc/html/rfc1918
-                  - 10.0.0.0/8
-                  - 172.16.0.0/12
-                  - 192.168.0.0/16
-                  # Don't allow network access to the metadata IP
-                  - 169.254.169.254/32
         # Allow code in hubs to talk to ingress provider, so they can talk to
         # the hub via its public URL
         - to: