Last active
March 21, 2024 00:17
-
-
Save ugoenyioha/161bde3f53464c9aaf2356a989c2ff1d to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Automatically generated by Makefile. DO NOT EDIT | |
--- | |
metadata: | |
name: echo-a | |
labels: | |
name: echo-a | |
topology: any | |
component: network-check | |
traffic: internal | |
quarantine: "false" | |
type: autocheck | |
spec: | |
template: | |
metadata: | |
labels: | |
name: echo-a | |
spec: | |
hostNetwork: false | |
containers: | |
- name: echo-a-container | |
env: | |
- name: PORT | |
value: "8080" | |
ports: | |
- containerPort: 8080 | |
image: quay.io/cilium/json-mock:v1.3.2@sha256:bc6c46c74efadb135bc996c2467cece6989302371ef4e3f068361460abaf39be | |
imagePullPolicy: IfNotPresent | |
terminationMessagePolicy: FallbackToLogsOnError | |
readinessProbe: | |
timeoutSeconds: 7 | |
exec: | |
command: | |
- curl | |
- -sS | |
- --fail | |
- --connect-timeout | |
- "5" | |
- -o | |
- /dev/null | |
- localhost:8080 | |
livenessProbe: | |
timeoutSeconds: 7 | |
exec: | |
command: | |
- curl | |
- -sS | |
- --fail | |
- --connect-timeout | |
- "5" | |
- -o | |
- /dev/null | |
- localhost:8080 | |
selector: | |
matchLabels: | |
name: echo-a | |
replicas: 1 | |
apiVersion: apps/v1 | |
kind: Deployment | |
--- | |
metadata: | |
name: echo-b | |
labels: | |
name: echo-b | |
topology: any | |
component: services-check | |
traffic: internal | |
quarantine: "false" | |
type: autocheck | |
spec: | |
template: | |
metadata: | |
labels: | |
name: echo-b | |
spec: | |
hostNetwork: false | |
containers: | |
- name: echo-b-container | |
env: | |
- name: PORT | |
value: "8080" | |
ports: | |
- containerPort: 8080 | |
hostPort: 40000 | |
image: quay.io/cilium/json-mock:v1.3.2@sha256:bc6c46c74efadb135bc996c2467cece6989302371ef4e3f068361460abaf39be | |
imagePullPolicy: IfNotPresent | |
terminationMessagePolicy: FallbackToLogsOnError | |
readinessProbe: | |
timeoutSeconds: 7 | |
exec: | |
command: | |
- curl | |
- -sS | |
- --fail | |
- --connect-timeout | |
- "5" | |
- -o | |
- /dev/null | |
- localhost:8080 | |
livenessProbe: | |
timeoutSeconds: 7 | |
exec: | |
command: | |
- curl | |
- -sS | |
- --fail | |
- --connect-timeout | |
- "5" | |
- -o | |
- /dev/null | |
- localhost:8080 | |
selector: | |
matchLabels: | |
name: echo-b | |
replicas: 1 | |
apiVersion: apps/v1 | |
kind: Deployment | |
--- | |
metadata: | |
name: echo-b-host | |
labels: | |
name: echo-b-host | |
topology: any | |
component: services-check | |
traffic: internal | |
quarantine: "false" | |
type: autocheck | |
spec: | |
template: | |
metadata: | |
labels: | |
name: echo-b-host | |
spec: | |
hostNetwork: true | |
containers: | |
- name: echo-b-host-container | |
env: | |
- name: PORT | |
value: "21000" | |
ports: [] | |
image: quay.io/cilium/json-mock:v1.3.2@sha256:bc6c46c74efadb135bc996c2467cece6989302371ef4e3f068361460abaf39be | |
imagePullPolicy: IfNotPresent | |
terminationMessagePolicy: FallbackToLogsOnError | |
readinessProbe: | |
timeoutSeconds: 7 | |
exec: | |
command: | |
- curl | |
- -sS | |
- --fail | |
- --connect-timeout | |
- "5" | |
- -o | |
- /dev/null | |
- localhost:21000 | |
livenessProbe: | |
timeoutSeconds: 7 | |
exec: | |
command: | |
- curl | |
- -sS | |
- --fail | |
- --connect-timeout | |
- "5" | |
- -o | |
- /dev/null | |
- localhost:21000 | |
affinity: | |
podAffinity: | |
requiredDuringSchedulingIgnoredDuringExecution: | |
- labelSelector: | |
matchExpressions: | |
- key: name | |
operator: In | |
values: | |
- echo-b | |
topologyKey: kubernetes.io/hostname | |
selector: | |
matchLabels: | |
name: echo-b-host | |
replicas: 1 | |
apiVersion: apps/v1 | |
kind: Deployment | |
--- | |
metadata: | |
name: pod-to-a | |
labels: | |
name: pod-to-a | |
topology: any | |
component: network-check | |
traffic: internal | |
quarantine: "false" | |
type: autocheck | |
spec: | |
template: | |
metadata: | |
labels: | |
name: pod-to-a | |
spec: | |
hostNetwork: false | |
containers: | |
- name: pod-to-a-container | |
ports: [] | |
image: quay.io/cilium/alpine-curl:v1.5.0@sha256:7b286939730d8af1149ef88dba15739d8330bb83d7d9853a23e5ab4043e2d33c | |
imagePullPolicy: IfNotPresent | |
command: | |
- /bin/ash | |
- -c | |
- sleep 1000000000 | |
terminationMessagePolicy: FallbackToLogsOnError | |
readinessProbe: | |
timeoutSeconds: 7 | |
exec: | |
command: | |
- curl | |
- -sS | |
- --fail | |
- --connect-timeout | |
- "5" | |
- -o | |
- /dev/null | |
- echo-a:8080/public | |
livenessProbe: | |
timeoutSeconds: 7 | |
exec: | |
command: | |
- curl | |
- -sS | |
- --fail | |
- --connect-timeout | |
- "5" | |
- -o | |
- /dev/null | |
- echo-a:8080/public | |
selector: | |
matchLabels: | |
name: pod-to-a | |
replicas: 1 | |
apiVersion: apps/v1 | |
kind: Deployment | |
--- | |
metadata: | |
name: pod-to-external-1111 | |
labels: | |
name: pod-to-external-1111 | |
topology: any | |
component: network-check | |
traffic: external | |
quarantine: "false" | |
type: autocheck | |
spec: | |
template: | |
metadata: | |
labels: | |
name: pod-to-external-1111 | |
spec: | |
hostNetwork: false | |
containers: | |
- name: pod-to-external-1111-container | |
ports: [] | |
image: quay.io/cilium/alpine-curl:v1.5.0@sha256:7b286939730d8af1149ef88dba15739d8330bb83d7d9853a23e5ab4043e2d33c | |
imagePullPolicy: IfNotPresent | |
command: | |
- /bin/ash | |
- -c | |
- sleep 1000000000 | |
terminationMessagePolicy: FallbackToLogsOnError | |
readinessProbe: | |
timeoutSeconds: 7 | |
exec: | |
command: | |
- curl | |
- -sS | |
- --fail | |
- --connect-timeout | |
- "5" | |
- -o | |
- /dev/null | |
- https://1.1.1.1 | |
livenessProbe: | |
timeoutSeconds: 7 | |
exec: | |
command: | |
- curl | |
- -sS | |
- --fail | |
- --connect-timeout | |
- "5" | |
- -o | |
- /dev/null | |
- https://1.1.1.1 | |
selector: | |
matchLabels: | |
name: pod-to-external-1111 | |
replicas: 1 | |
apiVersion: apps/v1 | |
kind: Deployment | |
--- | |
metadata: | |
name: pod-to-a-denied-cnp | |
labels: | |
name: pod-to-a-denied-cnp | |
topology: any | |
component: policy-check | |
traffic: internal | |
quarantine: "false" | |
type: autocheck | |
spec: | |
template: | |
metadata: | |
labels: | |
name: pod-to-a-denied-cnp | |
spec: | |
hostNetwork: false | |
containers: | |
- name: pod-to-a-denied-cnp-container | |
ports: [] | |
image: quay.io/cilium/alpine-curl:v1.5.0@sha256:7b286939730d8af1149ef88dba15739d8330bb83d7d9853a23e5ab4043e2d33c | |
imagePullPolicy: IfNotPresent | |
command: | |
- /bin/ash | |
- -c | |
- sleep 1000000000 | |
terminationMessagePolicy: FallbackToLogsOnError | |
readinessProbe: | |
timeoutSeconds: 7 | |
exec: | |
command: | |
- ash | |
- -c | |
- '! curl -s --fail --connect-timeout 5 -o /dev/null echo-a:8080/private' | |
livenessProbe: | |
timeoutSeconds: 7 | |
exec: | |
command: | |
- ash | |
- -c | |
- '! curl -s --fail --connect-timeout 5 -o /dev/null echo-a:8080/private' | |
selector: | |
matchLabels: | |
name: pod-to-a-denied-cnp | |
replicas: 1 | |
apiVersion: apps/v1 | |
kind: Deployment | |
--- | |
metadata: | |
name: pod-to-a-allowed-cnp | |
labels: | |
name: pod-to-a-allowed-cnp | |
topology: any | |
component: policy-check | |
traffic: internal | |
quarantine: "false" | |
type: autocheck | |
spec: | |
template: | |
metadata: | |
labels: | |
name: pod-to-a-allowed-cnp | |
spec: | |
hostNetwork: false | |
containers: | |
- name: pod-to-a-allowed-cnp-container | |
ports: [] | |
image: quay.io/cilium/alpine-curl:v1.5.0@sha256:7b286939730d8af1149ef88dba15739d8330bb83d7d9853a23e5ab4043e2d33c | |
imagePullPolicy: IfNotPresent | |
command: | |
- /bin/ash | |
- -c | |
- sleep 1000000000 | |
terminationMessagePolicy: FallbackToLogsOnError | |
readinessProbe: | |
timeoutSeconds: 7 | |
exec: | |
command: | |
- curl | |
- -sS | |
- --fail | |
- --connect-timeout | |
- "5" | |
- -o | |
- /dev/null | |
- echo-a:8080/public | |
livenessProbe: | |
timeoutSeconds: 7 | |
exec: | |
command: | |
- curl | |
- -sS | |
- --fail | |
- --connect-timeout | |
- "5" | |
- -o | |
- /dev/null | |
- echo-a:8080/public | |
selector: | |
matchLabels: | |
name: pod-to-a-allowed-cnp | |
replicas: 1 | |
apiVersion: apps/v1 | |
kind: Deployment | |
--- | |
metadata: | |
name: pod-to-external-fqdn-allow-google-cnp | |
labels: | |
name: pod-to-external-fqdn-allow-google-cnp | |
topology: any | |
component: policy-check | |
traffic: external | |
quarantine: "false" | |
type: autocheck | |
spec: | |
template: | |
metadata: | |
labels: | |
name: pod-to-external-fqdn-allow-google-cnp | |
spec: | |
hostNetwork: false | |
containers: | |
- name: pod-to-external-fqdn-allow-google-cnp-container | |
ports: [] | |
image: quay.io/cilium/alpine-curl:v1.5.0@sha256:7b286939730d8af1149ef88dba15739d8330bb83d7d9853a23e5ab4043e2d33c | |
imagePullPolicy: IfNotPresent | |
command: | |
- /bin/ash | |
- -c | |
- sleep 1000000000 | |
terminationMessagePolicy: FallbackToLogsOnError | |
readinessProbe: | |
timeoutSeconds: 7 | |
exec: | |
command: | |
- curl | |
- -sS | |
- --fail | |
- --connect-timeout | |
- "5" | |
- -o | |
- /dev/null | |
- www.google.com | |
livenessProbe: | |
timeoutSeconds: 7 | |
exec: | |
command: | |
- curl | |
- -sS | |
- --fail | |
- --connect-timeout | |
- "5" | |
- -o | |
- /dev/null | |
- www.google.com | |
selector: | |
matchLabels: | |
name: pod-to-external-fqdn-allow-google-cnp | |
replicas: 1 | |
apiVersion: apps/v1 | |
kind: Deployment | |
--- | |
metadata: | |
name: pod-to-b-multi-node-clusterip | |
labels: | |
name: pod-to-b-multi-node-clusterip | |
topology: multi-node | |
component: services-check | |
traffic: internal | |
quarantine: "false" | |
type: autocheck | |
spec: | |
template: | |
metadata: | |
labels: | |
name: pod-to-b-multi-node-clusterip | |
spec: | |
hostNetwork: false | |
containers: | |
- name: pod-to-b-multi-node-clusterip-container | |
ports: [] | |
image: quay.io/cilium/alpine-curl:v1.5.0@sha256:7b286939730d8af1149ef88dba15739d8330bb83d7d9853a23e5ab4043e2d33c | |
imagePullPolicy: IfNotPresent | |
command: | |
- /bin/ash | |
- -c | |
- sleep 1000000000 | |
terminationMessagePolicy: FallbackToLogsOnError | |
readinessProbe: | |
timeoutSeconds: 7 | |
exec: | |
command: | |
- curl | |
- -sS | |
- --fail | |
- --connect-timeout | |
- "5" | |
- -o | |
- /dev/null | |
- echo-b:8080/public | |
livenessProbe: | |
timeoutSeconds: 7 | |
exec: | |
command: | |
- curl | |
- -sS | |
- --fail | |
- --connect-timeout | |
- "5" | |
- -o | |
- /dev/null | |
- echo-b:8080/public | |
affinity: | |
podAntiAffinity: | |
requiredDuringSchedulingIgnoredDuringExecution: | |
- labelSelector: | |
matchExpressions: | |
- key: name | |
operator: In | |
values: | |
- echo-b | |
topologyKey: kubernetes.io/hostname | |
selector: | |
matchLabels: | |
name: pod-to-b-multi-node-clusterip | |
replicas: 1 | |
apiVersion: apps/v1 | |
kind: Deployment | |
--- | |
metadata: | |
name: pod-to-b-multi-node-headless | |
labels: | |
name: pod-to-b-multi-node-headless | |
topology: multi-node | |
component: services-check | |
traffic: internal | |
quarantine: "false" | |
type: autocheck | |
spec: | |
template: | |
metadata: | |
labels: | |
name: pod-to-b-multi-node-headless | |
spec: | |
hostNetwork: false | |
containers: | |
- name: pod-to-b-multi-node-headless-container | |
ports: [] | |
image: quay.io/cilium/alpine-curl:v1.5.0@sha256:7b286939730d8af1149ef88dba15739d8330bb83d7d9853a23e5ab4043e2d33c | |
imagePullPolicy: IfNotPresent | |
command: | |
- /bin/ash | |
- -c | |
- sleep 1000000000 | |
terminationMessagePolicy: FallbackToLogsOnError | |
readinessProbe: | |
timeoutSeconds: 7 | |
exec: | |
command: | |
- curl | |
- -sS | |
- --fail | |
- --connect-timeout | |
- "5" | |
- -o | |
- /dev/null | |
- echo-b-headless:8080/public | |
livenessProbe: | |
timeoutSeconds: 7 | |
exec: | |
command: | |
- curl | |
- -sS | |
- --fail | |
- --connect-timeout | |
- "5" | |
- -o | |
- /dev/null | |
- echo-b-headless:8080/public | |
affinity: | |
podAntiAffinity: | |
requiredDuringSchedulingIgnoredDuringExecution: | |
- labelSelector: | |
matchExpressions: | |
- key: name | |
operator: In | |
values: | |
- echo-b | |
topologyKey: kubernetes.io/hostname | |
selector: | |
matchLabels: | |
name: pod-to-b-multi-node-headless | |
replicas: 1 | |
apiVersion: apps/v1 | |
kind: Deployment | |
--- | |
metadata: | |
name: host-to-b-multi-node-clusterip | |
labels: | |
name: host-to-b-multi-node-clusterip | |
topology: multi-node | |
component: services-check | |
traffic: internal | |
quarantine: "false" | |
type: autocheck | |
spec: | |
template: | |
metadata: | |
labels: | |
name: host-to-b-multi-node-clusterip | |
spec: | |
hostNetwork: true | |
containers: | |
- name: host-to-b-multi-node-clusterip-container | |
ports: [] | |
image: quay.io/cilium/alpine-curl:v1.5.0@sha256:7b286939730d8af1149ef88dba15739d8330bb83d7d9853a23e5ab4043e2d33c | |
imagePullPolicy: IfNotPresent | |
command: | |
- /bin/ash | |
- -c | |
- sleep 1000000000 | |
terminationMessagePolicy: FallbackToLogsOnError | |
readinessProbe: | |
timeoutSeconds: 7 | |
exec: | |
command: | |
- curl | |
- -sS | |
- --fail | |
- --connect-timeout | |
- "5" | |
- -o | |
- /dev/null | |
- echo-b:8080/public | |
livenessProbe: | |
timeoutSeconds: 7 | |
exec: | |
command: | |
- curl | |
- -sS | |
- --fail | |
- --connect-timeout | |
- "5" | |
- -o | |
- /dev/null | |
- echo-b:8080/public | |
affinity: | |
podAntiAffinity: | |
requiredDuringSchedulingIgnoredDuringExecution: | |
- labelSelector: | |
matchExpressions: | |
- key: name | |
operator: In | |
values: | |
- echo-b | |
topologyKey: kubernetes.io/hostname | |
dnsPolicy: ClusterFirstWithHostNet | |
selector: | |
matchLabels: | |
name: host-to-b-multi-node-clusterip | |
replicas: 1 | |
apiVersion: apps/v1 | |
kind: Deployment | |
--- | |
metadata: | |
name: host-to-b-multi-node-headless | |
labels: | |
name: host-to-b-multi-node-headless | |
topology: multi-node | |
component: services-check | |
traffic: internal | |
quarantine: "false" | |
type: autocheck | |
spec: | |
template: | |
metadata: | |
labels: | |
name: host-to-b-multi-node-headless | |
spec: | |
hostNetwork: true | |
containers: | |
- name: host-to-b-multi-node-headless-container | |
ports: [] | |
image: quay.io/cilium/alpine-curl:v1.5.0@sha256:7b286939730d8af1149ef88dba15739d8330bb83d7d9853a23e5ab4043e2d33c | |
imagePullPolicy: IfNotPresent | |
command: | |
- /bin/ash | |
- -c | |
- sleep 1000000000 | |
terminationMessagePolicy: FallbackToLogsOnError | |
readinessProbe: | |
timeoutSeconds: 7 | |
exec: | |
command: | |
- curl | |
- -sS | |
- --fail | |
- --connect-timeout | |
- "5" | |
- -o | |
- /dev/null | |
- echo-b-headless:8080/public | |
livenessProbe: | |
timeoutSeconds: 7 | |
exec: | |
command: | |
- curl | |
- -sS | |
- --fail | |
- --connect-timeout | |
- "5" | |
- -o | |
- /dev/null | |
- echo-b-headless:8080/public | |
affinity: | |
podAntiAffinity: | |
requiredDuringSchedulingIgnoredDuringExecution: | |
- labelSelector: | |
matchExpressions: | |
- key: name | |
operator: In | |
values: | |
- echo-b | |
topologyKey: kubernetes.io/hostname | |
dnsPolicy: ClusterFirstWithHostNet | |
selector: | |
matchLabels: | |
name: host-to-b-multi-node-headless | |
replicas: 1 | |
apiVersion: apps/v1 | |
kind: Deployment | |
--- | |
metadata: | |
name: pod-to-b-multi-node-nodeport | |
labels: | |
name: pod-to-b-multi-node-nodeport | |
topology: multi-node | |
component: nodeport-check | |
traffic: internal | |
quarantine: "false" | |
type: autocheck | |
spec: | |
template: | |
metadata: | |
labels: | |
name: pod-to-b-multi-node-nodeport | |
spec: | |
hostNetwork: false | |
containers: | |
- name: pod-to-b-multi-node-nodeport-container | |
ports: [] | |
image: quay.io/cilium/alpine-curl:v1.5.0@sha256:7b286939730d8af1149ef88dba15739d8330bb83d7d9853a23e5ab4043e2d33c | |
imagePullPolicy: IfNotPresent | |
command: | |
- /bin/ash | |
- -c | |
- sleep 1000000000 | |
terminationMessagePolicy: FallbackToLogsOnError | |
readinessProbe: | |
timeoutSeconds: 7 | |
exec: | |
command: | |
- curl | |
- -sS | |
- --fail | |
- --connect-timeout | |
- "5" | |
- -o | |
- /dev/null | |
- echo-b-host-headless:31414/public | |
livenessProbe: | |
timeoutSeconds: 7 | |
exec: | |
command: | |
- curl | |
- -sS | |
- --fail | |
- --connect-timeout | |
- "5" | |
- -o | |
- /dev/null | |
- echo-b-host-headless:31414/public | |
affinity: | |
podAntiAffinity: | |
requiredDuringSchedulingIgnoredDuringExecution: | |
- labelSelector: | |
matchExpressions: | |
- key: name | |
operator: In | |
values: | |
- echo-b | |
topologyKey: kubernetes.io/hostname | |
selector: | |
matchLabels: | |
name: pod-to-b-multi-node-nodeport | |
replicas: 1 | |
apiVersion: apps/v1 | |
kind: Deployment | |
--- | |
metadata: | |
name: pod-to-b-intra-node-nodeport | |
labels: | |
name: pod-to-b-intra-node-nodeport | |
topology: intra-node | |
component: nodeport-check | |
traffic: internal | |
quarantine: "false" | |
type: autocheck | |
spec: | |
template: | |
metadata: | |
labels: | |
name: pod-to-b-intra-node-nodeport | |
spec: | |
hostNetwork: false | |
containers: | |
- name: pod-to-b-intra-node-nodeport-container | |
ports: [] | |
image: quay.io/cilium/alpine-curl:v1.5.0@sha256:7b286939730d8af1149ef88dba15739d8330bb83d7d9853a23e5ab4043e2d33c | |
imagePullPolicy: IfNotPresent | |
command: | |
- /bin/ash | |
- -c | |
- sleep 1000000000 | |
terminationMessagePolicy: FallbackToLogsOnError | |
readinessProbe: | |
timeoutSeconds: 7 | |
exec: | |
command: | |
- curl | |
- -sS | |
- --fail | |
- --connect-timeout | |
- "5" | |
- -o | |
- /dev/null | |
- echo-b-host-headless:31414/public | |
livenessProbe: | |
timeoutSeconds: 7 | |
exec: | |
command: | |
- curl | |
- -sS | |
- --fail | |
- --connect-timeout | |
- "5" | |
- -o | |
- /dev/null | |
- echo-b-host-headless:31414/public | |
affinity: | |
podAffinity: | |
requiredDuringSchedulingIgnoredDuringExecution: | |
- labelSelector: | |
matchExpressions: | |
- key: name | |
operator: In | |
values: | |
- echo-b | |
topologyKey: kubernetes.io/hostname | |
selector: | |
matchLabels: | |
name: pod-to-b-intra-node-nodeport | |
replicas: 1 | |
apiVersion: apps/v1 | |
kind: Deployment | |
--- | |
metadata: | |
name: echo-a | |
labels: | |
name: echo-a | |
topology: any | |
component: network-check | |
traffic: internal | |
quarantine: "false" | |
type: autocheck | |
spec: | |
ports: | |
- name: http | |
port: 8080 | |
type: ClusterIP | |
selector: | |
name: echo-a | |
apiVersion: v1 | |
kind: Service | |
--- | |
metadata: | |
name: echo-b | |
labels: | |
name: echo-b | |
topology: any | |
component: services-check | |
traffic: internal | |
quarantine: "false" | |
type: autocheck | |
spec: | |
ports: | |
- name: http | |
port: 8080 | |
nodePort: 31414 | |
type: NodePort | |
selector: | |
name: echo-b | |
apiVersion: v1 | |
kind: Service | |
--- | |
metadata: | |
name: echo-b-headless | |
labels: | |
name: echo-b-headless | |
topology: any | |
component: services-check | |
traffic: internal | |
quarantine: "false" | |
type: autocheck | |
spec: | |
ports: | |
- name: http | |
port: 8080 | |
type: ClusterIP | |
selector: | |
name: echo-b | |
clusterIP: None | |
apiVersion: v1 | |
kind: Service | |
--- | |
metadata: | |
name: echo-b-host-headless | |
labels: | |
name: echo-b-host-headless | |
topology: any | |
component: services-check | |
traffic: internal | |
quarantine: "false" | |
type: autocheck | |
spec: | |
ports: [] | |
type: ClusterIP | |
selector: | |
name: echo-b-host | |
clusterIP: None | |
apiVersion: v1 | |
kind: Service | |
--- | |
metadata: | |
name: pod-to-a-denied-cnp | |
namespace: cilium-test | |
labels: | |
name: pod-to-a-denied-cnp | |
topology: any | |
component: policy-check | |
traffic: internal | |
quarantine: "false" | |
type: autocheck | |
spec: | |
endpointSelector: | |
matchLabels: | |
name: pod-to-a-denied-cnp | |
egress: | |
- toPorts: | |
- ports: | |
- port: "53" | |
protocol: ANY | |
toEndpoints: | |
- matchLabels: | |
k8s:io.kubernetes.pod.namespace: kube-system | |
k8s:k8s-app: kube-dns | |
- matchLabels: | |
k8s:io.kubernetes.pod.namespace: kube-system | |
k8s:k8s-app: node-local-dns | |
- toPorts: | |
- ports: | |
- port: "5353" | |
protocol: UDP | |
toEndpoints: | |
- matchLabels: | |
k8s:io.kubernetes.pod.namespace: openshift-dns | |
k8s:dns.operator.openshift.io/daemonset-dns: default | |
apiVersion: cilium.io/v2 | |
kind: CiliumNetworkPolicy | |
--- | |
metadata: | |
name: pod-to-a-allowed-cnp | |
labels: | |
name: pod-to-a-allowed-cnp | |
topology: any | |
component: policy-check | |
traffic: internal | |
quarantine: "false" | |
type: autocheck | |
spec: | |
endpointSelector: | |
matchLabels: | |
name: pod-to-a-allowed-cnp | |
egress: | |
- toPorts: | |
- ports: | |
- port: "8080" | |
protocol: TCP | |
toEndpoints: | |
- matchLabels: | |
name: echo-a | |
- toPorts: | |
- ports: | |
- port: "53" | |
protocol: ANY | |
toEndpoints: | |
- matchLabels: | |
k8s:io.kubernetes.pod.namespace: kube-system | |
k8s:k8s-app: kube-dns | |
- matchLabels: | |
k8s:io.kubernetes.pod.namespace: kube-system | |
k8s:k8s-app: node-local-dns | |
- toPorts: | |
- ports: | |
- port: "5353" | |
protocol: UDP | |
toEndpoints: | |
- matchLabels: | |
k8s:io.kubernetes.pod.namespace: openshift-dns | |
k8s:dns.operator.openshift.io/daemonset-dns: default | |
apiVersion: cilium.io/v2 | |
kind: CiliumNetworkPolicy | |
--- | |
metadata: | |
name: pod-to-external-fqdn-allow-google-cnp | |
labels: | |
name: pod-to-external-fqdn-allow-google-cnp | |
topology: any | |
component: policy-check | |
traffic: external | |
quarantine: "false" | |
type: autocheck | |
spec: | |
endpointSelector: | |
matchLabels: | |
name: pod-to-external-fqdn-allow-google-cnp | |
egress: | |
- toFQDNs: | |
- matchPattern: '*.google.com' | |
- toPorts: | |
- ports: | |
- port: "53" | |
protocol: ANY | |
rules: | |
dns: | |
- matchPattern: '*' | |
toEndpoints: | |
- matchLabels: | |
k8s:io.kubernetes.pod.namespace: kube-system | |
k8s:k8s-app: kube-dns | |
- matchLabels: | |
k8s:io.kubernetes.pod.namespace: kube-system | |
k8s:k8s-app: node-local-dns | |
- toPorts: | |
- ports: | |
- port: "5353" | |
protocol: UDP | |
rules: | |
dns: | |
- matchPattern: '*' | |
toEndpoints: | |
- matchLabels: | |
k8s:io.kubernetes.pod.namespace: openshift-dns | |
k8s:dns.operator.openshift.io/daemonset-dns: default | |
apiVersion: cilium.io/v2 | |
kind: CiliumNetworkPolicy | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment