Last active
March 21, 2024 00:17
-
-
Save ugoenyioha/161bde3f53464c9aaf2356a989c2ff1d to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Automatically generated by Makefile. DO NOT EDIT | |
| --- | |
| metadata: | |
| name: echo-a | |
| labels: | |
| name: echo-a | |
| topology: any | |
| component: network-check | |
| traffic: internal | |
| quarantine: "false" | |
| type: autocheck | |
| spec: | |
| template: | |
| metadata: | |
| labels: | |
| name: echo-a | |
| spec: | |
| hostNetwork: false | |
| containers: | |
| - name: echo-a-container | |
| env: | |
| - name: PORT | |
| value: "8080" | |
| ports: | |
| - containerPort: 8080 | |
| image: quay.io/cilium/json-mock:v1.3.2@sha256:bc6c46c74efadb135bc996c2467cece6989302371ef4e3f068361460abaf39be | |
| imagePullPolicy: IfNotPresent | |
| terminationMessagePolicy: FallbackToLogsOnError | |
| readinessProbe: | |
| timeoutSeconds: 7 | |
| exec: | |
| command: | |
| - curl | |
| - -sS | |
| - --fail | |
| - --connect-timeout | |
| - "5" | |
| - -o | |
| - /dev/null | |
| - localhost:8080 | |
| livenessProbe: | |
| timeoutSeconds: 7 | |
| exec: | |
| command: | |
| - curl | |
| - -sS | |
| - --fail | |
| - --connect-timeout | |
| - "5" | |
| - -o | |
| - /dev/null | |
| - localhost:8080 | |
| selector: | |
| matchLabels: | |
| name: echo-a | |
| replicas: 1 | |
| apiVersion: apps/v1 | |
| kind: Deployment | |
| --- | |
| metadata: | |
| name: echo-b | |
| labels: | |
| name: echo-b | |
| topology: any | |
| component: services-check | |
| traffic: internal | |
| quarantine: "false" | |
| type: autocheck | |
| spec: | |
| template: | |
| metadata: | |
| labels: | |
| name: echo-b | |
| spec: | |
| hostNetwork: false | |
| containers: | |
| - name: echo-b-container | |
| env: | |
| - name: PORT | |
| value: "8080" | |
| ports: | |
| - containerPort: 8080 | |
| hostPort: 40000 | |
| image: quay.io/cilium/json-mock:v1.3.2@sha256:bc6c46c74efadb135bc996c2467cece6989302371ef4e3f068361460abaf39be | |
| imagePullPolicy: IfNotPresent | |
| terminationMessagePolicy: FallbackToLogsOnError | |
| readinessProbe: | |
| timeoutSeconds: 7 | |
| exec: | |
| command: | |
| - curl | |
| - -sS | |
| - --fail | |
| - --connect-timeout | |
| - "5" | |
| - -o | |
| - /dev/null | |
| - localhost:8080 | |
| livenessProbe: | |
| timeoutSeconds: 7 | |
| exec: | |
| command: | |
| - curl | |
| - -sS | |
| - --fail | |
| - --connect-timeout | |
| - "5" | |
| - -o | |
| - /dev/null | |
| - localhost:8080 | |
| selector: | |
| matchLabels: | |
| name: echo-b | |
| replicas: 1 | |
| apiVersion: apps/v1 | |
| kind: Deployment | |
| --- | |
| metadata: | |
| name: echo-b-host | |
| labels: | |
| name: echo-b-host | |
| topology: any | |
| component: services-check | |
| traffic: internal | |
| quarantine: "false" | |
| type: autocheck | |
| spec: | |
| template: | |
| metadata: | |
| labels: | |
| name: echo-b-host | |
| spec: | |
| hostNetwork: true | |
| containers: | |
| - name: echo-b-host-container | |
| env: | |
| - name: PORT | |
| value: "21000" | |
| ports: [] | |
| image: quay.io/cilium/json-mock:v1.3.2@sha256:bc6c46c74efadb135bc996c2467cece6989302371ef4e3f068361460abaf39be | |
| imagePullPolicy: IfNotPresent | |
| terminationMessagePolicy: FallbackToLogsOnError | |
| readinessProbe: | |
| timeoutSeconds: 7 | |
| exec: | |
| command: | |
| - curl | |
| - -sS | |
| - --fail | |
| - --connect-timeout | |
| - "5" | |
| - -o | |
| - /dev/null | |
| - localhost:21000 | |
| livenessProbe: | |
| timeoutSeconds: 7 | |
| exec: | |
| command: | |
| - curl | |
| - -sS | |
| - --fail | |
| - --connect-timeout | |
| - "5" | |
| - -o | |
| - /dev/null | |
| - localhost:21000 | |
| affinity: | |
| podAffinity: | |
| requiredDuringSchedulingIgnoredDuringExecution: | |
| - labelSelector: | |
| matchExpressions: | |
| - key: name | |
| operator: In | |
| values: | |
| - echo-b | |
| topologyKey: kubernetes.io/hostname | |
| selector: | |
| matchLabels: | |
| name: echo-b-host | |
| replicas: 1 | |
| apiVersion: apps/v1 | |
| kind: Deployment | |
| --- | |
| metadata: | |
| name: pod-to-a | |
| labels: | |
| name: pod-to-a | |
| topology: any | |
| component: network-check | |
| traffic: internal | |
| quarantine: "false" | |
| type: autocheck | |
| spec: | |
| template: | |
| metadata: | |
| labels: | |
| name: pod-to-a | |
| spec: | |
| hostNetwork: false | |
| containers: | |
| - name: pod-to-a-container | |
| ports: [] | |
| image: quay.io/cilium/alpine-curl:v1.5.0@sha256:7b286939730d8af1149ef88dba15739d8330bb83d7d9853a23e5ab4043e2d33c | |
| imagePullPolicy: IfNotPresent | |
| command: | |
| - /bin/ash | |
| - -c | |
| - sleep 1000000000 | |
| terminationMessagePolicy: FallbackToLogsOnError | |
| readinessProbe: | |
| timeoutSeconds: 7 | |
| exec: | |
| command: | |
| - curl | |
| - -sS | |
| - --fail | |
| - --connect-timeout | |
| - "5" | |
| - -o | |
| - /dev/null | |
| - echo-a:8080/public | |
| livenessProbe: | |
| timeoutSeconds: 7 | |
| exec: | |
| command: | |
| - curl | |
| - -sS | |
| - --fail | |
| - --connect-timeout | |
| - "5" | |
| - -o | |
| - /dev/null | |
| - echo-a:8080/public | |
| selector: | |
| matchLabels: | |
| name: pod-to-a | |
| replicas: 1 | |
| apiVersion: apps/v1 | |
| kind: Deployment | |
| --- | |
| metadata: | |
| name: pod-to-external-1111 | |
| labels: | |
| name: pod-to-external-1111 | |
| topology: any | |
| component: network-check | |
| traffic: external | |
| quarantine: "false" | |
| type: autocheck | |
| spec: | |
| template: | |
| metadata: | |
| labels: | |
| name: pod-to-external-1111 | |
| spec: | |
| hostNetwork: false | |
| containers: | |
| - name: pod-to-external-1111-container | |
| ports: [] | |
| image: quay.io/cilium/alpine-curl:v1.5.0@sha256:7b286939730d8af1149ef88dba15739d8330bb83d7d9853a23e5ab4043e2d33c | |
| imagePullPolicy: IfNotPresent | |
| command: | |
| - /bin/ash | |
| - -c | |
| - sleep 1000000000 | |
| terminationMessagePolicy: FallbackToLogsOnError | |
| readinessProbe: | |
| timeoutSeconds: 7 | |
| exec: | |
| command: | |
| - curl | |
| - -sS | |
| - --fail | |
| - --connect-timeout | |
| - "5" | |
| - -o | |
| - /dev/null | |
| - https://1.1.1.1 | |
| livenessProbe: | |
| timeoutSeconds: 7 | |
| exec: | |
| command: | |
| - curl | |
| - -sS | |
| - --fail | |
| - --connect-timeout | |
| - "5" | |
| - -o | |
| - /dev/null | |
| - https://1.1.1.1 | |
| selector: | |
| matchLabels: | |
| name: pod-to-external-1111 | |
| replicas: 1 | |
| apiVersion: apps/v1 | |
| kind: Deployment | |
| --- | |
| metadata: | |
| name: pod-to-a-denied-cnp | |
| labels: | |
| name: pod-to-a-denied-cnp | |
| topology: any | |
| component: policy-check | |
| traffic: internal | |
| quarantine: "false" | |
| type: autocheck | |
| spec: | |
| template: | |
| metadata: | |
| labels: | |
| name: pod-to-a-denied-cnp | |
| spec: | |
| hostNetwork: false | |
| containers: | |
| - name: pod-to-a-denied-cnp-container | |
| ports: [] | |
| image: quay.io/cilium/alpine-curl:v1.5.0@sha256:7b286939730d8af1149ef88dba15739d8330bb83d7d9853a23e5ab4043e2d33c | |
| imagePullPolicy: IfNotPresent | |
| command: | |
| - /bin/ash | |
| - -c | |
| - sleep 1000000000 | |
| terminationMessagePolicy: FallbackToLogsOnError | |
| readinessProbe: | |
| timeoutSeconds: 7 | |
| exec: | |
| command: | |
| - ash | |
| - -c | |
| - '! curl -s --fail --connect-timeout 5 -o /dev/null echo-a:8080/private' | |
| livenessProbe: | |
| timeoutSeconds: 7 | |
| exec: | |
| command: | |
| - ash | |
| - -c | |
| - '! curl -s --fail --connect-timeout 5 -o /dev/null echo-a:8080/private' | |
| selector: | |
| matchLabels: | |
| name: pod-to-a-denied-cnp | |
| replicas: 1 | |
| apiVersion: apps/v1 | |
| kind: Deployment | |
| --- | |
| metadata: | |
| name: pod-to-a-allowed-cnp | |
| labels: | |
| name: pod-to-a-allowed-cnp | |
| topology: any | |
| component: policy-check | |
| traffic: internal | |
| quarantine: "false" | |
| type: autocheck | |
| spec: | |
| template: | |
| metadata: | |
| labels: | |
| name: pod-to-a-allowed-cnp | |
| spec: | |
| hostNetwork: false | |
| containers: | |
| - name: pod-to-a-allowed-cnp-container | |
| ports: [] | |
| image: quay.io/cilium/alpine-curl:v1.5.0@sha256:7b286939730d8af1149ef88dba15739d8330bb83d7d9853a23e5ab4043e2d33c | |
| imagePullPolicy: IfNotPresent | |
| command: | |
| - /bin/ash | |
| - -c | |
| - sleep 1000000000 | |
| terminationMessagePolicy: FallbackToLogsOnError | |
| readinessProbe: | |
| timeoutSeconds: 7 | |
| exec: | |
| command: | |
| - curl | |
| - -sS | |
| - --fail | |
| - --connect-timeout | |
| - "5" | |
| - -o | |
| - /dev/null | |
| - echo-a:8080/public | |
| livenessProbe: | |
| timeoutSeconds: 7 | |
| exec: | |
| command: | |
| - curl | |
| - -sS | |
| - --fail | |
| - --connect-timeout | |
| - "5" | |
| - -o | |
| - /dev/null | |
| - echo-a:8080/public | |
| selector: | |
| matchLabels: | |
| name: pod-to-a-allowed-cnp | |
| replicas: 1 | |
| apiVersion: apps/v1 | |
| kind: Deployment | |
| --- | |
| metadata: | |
| name: pod-to-external-fqdn-allow-google-cnp | |
| labels: | |
| name: pod-to-external-fqdn-allow-google-cnp | |
| topology: any | |
| component: policy-check | |
| traffic: external | |
| quarantine: "false" | |
| type: autocheck | |
| spec: | |
| template: | |
| metadata: | |
| labels: | |
| name: pod-to-external-fqdn-allow-google-cnp | |
| spec: | |
| hostNetwork: false | |
| containers: | |
| - name: pod-to-external-fqdn-allow-google-cnp-container | |
| ports: [] | |
| image: quay.io/cilium/alpine-curl:v1.5.0@sha256:7b286939730d8af1149ef88dba15739d8330bb83d7d9853a23e5ab4043e2d33c | |
| imagePullPolicy: IfNotPresent | |
| command: | |
| - /bin/ash | |
| - -c | |
| - sleep 1000000000 | |
| terminationMessagePolicy: FallbackToLogsOnError | |
| readinessProbe: | |
| timeoutSeconds: 7 | |
| exec: | |
| command: | |
| - curl | |
| - -sS | |
| - --fail | |
| - --connect-timeout | |
| - "5" | |
| - -o | |
| - /dev/null | |
| - www.google.com | |
| livenessProbe: | |
| timeoutSeconds: 7 | |
| exec: | |
| command: | |
| - curl | |
| - -sS | |
| - --fail | |
| - --connect-timeout | |
| - "5" | |
| - -o | |
| - /dev/null | |
| - www.google.com | |
| selector: | |
| matchLabels: | |
| name: pod-to-external-fqdn-allow-google-cnp | |
| replicas: 1 | |
| apiVersion: apps/v1 | |
| kind: Deployment | |
| --- | |
| metadata: | |
| name: pod-to-b-multi-node-clusterip | |
| labels: | |
| name: pod-to-b-multi-node-clusterip | |
| topology: multi-node | |
| component: services-check | |
| traffic: internal | |
| quarantine: "false" | |
| type: autocheck | |
| spec: | |
| template: | |
| metadata: | |
| labels: | |
| name: pod-to-b-multi-node-clusterip | |
| spec: | |
| hostNetwork: false | |
| containers: | |
| - name: pod-to-b-multi-node-clusterip-container | |
| ports: [] | |
| image: quay.io/cilium/alpine-curl:v1.5.0@sha256:7b286939730d8af1149ef88dba15739d8330bb83d7d9853a23e5ab4043e2d33c | |
| imagePullPolicy: IfNotPresent | |
| command: | |
| - /bin/ash | |
| - -c | |
| - sleep 1000000000 | |
| terminationMessagePolicy: FallbackToLogsOnError | |
| readinessProbe: | |
| timeoutSeconds: 7 | |
| exec: | |
| command: | |
| - curl | |
| - -sS | |
| - --fail | |
| - --connect-timeout | |
| - "5" | |
| - -o | |
| - /dev/null | |
| - echo-b:8080/public | |
| livenessProbe: | |
| timeoutSeconds: 7 | |
| exec: | |
| command: | |
| - curl | |
| - -sS | |
| - --fail | |
| - --connect-timeout | |
| - "5" | |
| - -o | |
| - /dev/null | |
| - echo-b:8080/public | |
| affinity: | |
| podAntiAffinity: | |
| requiredDuringSchedulingIgnoredDuringExecution: | |
| - labelSelector: | |
| matchExpressions: | |
| - key: name | |
| operator: In | |
| values: | |
| - echo-b | |
| topologyKey: kubernetes.io/hostname | |
| selector: | |
| matchLabels: | |
| name: pod-to-b-multi-node-clusterip | |
| replicas: 1 | |
| apiVersion: apps/v1 | |
| kind: Deployment | |
| --- | |
| metadata: | |
| name: pod-to-b-multi-node-headless | |
| labels: | |
| name: pod-to-b-multi-node-headless | |
| topology: multi-node | |
| component: services-check | |
| traffic: internal | |
| quarantine: "false" | |
| type: autocheck | |
| spec: | |
| template: | |
| metadata: | |
| labels: | |
| name: pod-to-b-multi-node-headless | |
| spec: | |
| hostNetwork: false | |
| containers: | |
| - name: pod-to-b-multi-node-headless-container | |
| ports: [] | |
| image: quay.io/cilium/alpine-curl:v1.5.0@sha256:7b286939730d8af1149ef88dba15739d8330bb83d7d9853a23e5ab4043e2d33c | |
| imagePullPolicy: IfNotPresent | |
| command: | |
| - /bin/ash | |
| - -c | |
| - sleep 1000000000 | |
| terminationMessagePolicy: FallbackToLogsOnError | |
| readinessProbe: | |
| timeoutSeconds: 7 | |
| exec: | |
| command: | |
| - curl | |
| - -sS | |
| - --fail | |
| - --connect-timeout | |
| - "5" | |
| - -o | |
| - /dev/null | |
| - echo-b-headless:8080/public | |
| livenessProbe: | |
| timeoutSeconds: 7 | |
| exec: | |
| command: | |
| - curl | |
| - -sS | |
| - --fail | |
| - --connect-timeout | |
| - "5" | |
| - -o | |
| - /dev/null | |
| - echo-b-headless:8080/public | |
| affinity: | |
| podAntiAffinity: | |
| requiredDuringSchedulingIgnoredDuringExecution: | |
| - labelSelector: | |
| matchExpressions: | |
| - key: name | |
| operator: In | |
| values: | |
| - echo-b | |
| topologyKey: kubernetes.io/hostname | |
| selector: | |
| matchLabels: | |
| name: pod-to-b-multi-node-headless | |
| replicas: 1 | |
| apiVersion: apps/v1 | |
| kind: Deployment | |
| --- | |
| metadata: | |
| name: host-to-b-multi-node-clusterip | |
| labels: | |
| name: host-to-b-multi-node-clusterip | |
| topology: multi-node | |
| component: services-check | |
| traffic: internal | |
| quarantine: "false" | |
| type: autocheck | |
| spec: | |
| template: | |
| metadata: | |
| labels: | |
| name: host-to-b-multi-node-clusterip | |
| spec: | |
| hostNetwork: true | |
| containers: | |
| - name: host-to-b-multi-node-clusterip-container | |
| ports: [] | |
| image: quay.io/cilium/alpine-curl:v1.5.0@sha256:7b286939730d8af1149ef88dba15739d8330bb83d7d9853a23e5ab4043e2d33c | |
| imagePullPolicy: IfNotPresent | |
| command: | |
| - /bin/ash | |
| - -c | |
| - sleep 1000000000 | |
| terminationMessagePolicy: FallbackToLogsOnError | |
| readinessProbe: | |
| timeoutSeconds: 7 | |
| exec: | |
| command: | |
| - curl | |
| - -sS | |
| - --fail | |
| - --connect-timeout | |
| - "5" | |
| - -o | |
| - /dev/null | |
| - echo-b:8080/public | |
| livenessProbe: | |
| timeoutSeconds: 7 | |
| exec: | |
| command: | |
| - curl | |
| - -sS | |
| - --fail | |
| - --connect-timeout | |
| - "5" | |
| - -o | |
| - /dev/null | |
| - echo-b:8080/public | |
| affinity: | |
| podAntiAffinity: | |
| requiredDuringSchedulingIgnoredDuringExecution: | |
| - labelSelector: | |
| matchExpressions: | |
| - key: name | |
| operator: In | |
| values: | |
| - echo-b | |
| topologyKey: kubernetes.io/hostname | |
| dnsPolicy: ClusterFirstWithHostNet | |
| selector: | |
| matchLabels: | |
| name: host-to-b-multi-node-clusterip | |
| replicas: 1 | |
| apiVersion: apps/v1 | |
| kind: Deployment | |
| --- | |
| metadata: | |
| name: host-to-b-multi-node-headless | |
| labels: | |
| name: host-to-b-multi-node-headless | |
| topology: multi-node | |
| component: services-check | |
| traffic: internal | |
| quarantine: "false" | |
| type: autocheck | |
| spec: | |
| template: | |
| metadata: | |
| labels: | |
| name: host-to-b-multi-node-headless | |
| spec: | |
| hostNetwork: true | |
| containers: | |
| - name: host-to-b-multi-node-headless-container | |
| ports: [] | |
| image: quay.io/cilium/alpine-curl:v1.5.0@sha256:7b286939730d8af1149ef88dba15739d8330bb83d7d9853a23e5ab4043e2d33c | |
| imagePullPolicy: IfNotPresent | |
| command: | |
| - /bin/ash | |
| - -c | |
| - sleep 1000000000 | |
| terminationMessagePolicy: FallbackToLogsOnError | |
| readinessProbe: | |
| timeoutSeconds: 7 | |
| exec: | |
| command: | |
| - curl | |
| - -sS | |
| - --fail | |
| - --connect-timeout | |
| - "5" | |
| - -o | |
| - /dev/null | |
| - echo-b-headless:8080/public | |
| livenessProbe: | |
| timeoutSeconds: 7 | |
| exec: | |
| command: | |
| - curl | |
| - -sS | |
| - --fail | |
| - --connect-timeout | |
| - "5" | |
| - -o | |
| - /dev/null | |
| - echo-b-headless:8080/public | |
| affinity: | |
| podAntiAffinity: | |
| requiredDuringSchedulingIgnoredDuringExecution: | |
| - labelSelector: | |
| matchExpressions: | |
| - key: name | |
| operator: In | |
| values: | |
| - echo-b | |
| topologyKey: kubernetes.io/hostname | |
| dnsPolicy: ClusterFirstWithHostNet | |
| selector: | |
| matchLabels: | |
| name: host-to-b-multi-node-headless | |
| replicas: 1 | |
| apiVersion: apps/v1 | |
| kind: Deployment | |
| --- | |
| metadata: | |
| name: pod-to-b-multi-node-nodeport | |
| labels: | |
| name: pod-to-b-multi-node-nodeport | |
| topology: multi-node | |
| component: nodeport-check | |
| traffic: internal | |
| quarantine: "false" | |
| type: autocheck | |
| spec: | |
| template: | |
| metadata: | |
| labels: | |
| name: pod-to-b-multi-node-nodeport | |
| spec: | |
| hostNetwork: false | |
| containers: | |
| - name: pod-to-b-multi-node-nodeport-container | |
| ports: [] | |
| image: quay.io/cilium/alpine-curl:v1.5.0@sha256:7b286939730d8af1149ef88dba15739d8330bb83d7d9853a23e5ab4043e2d33c | |
| imagePullPolicy: IfNotPresent | |
| command: | |
| - /bin/ash | |
| - -c | |
| - sleep 1000000000 | |
| terminationMessagePolicy: FallbackToLogsOnError | |
| readinessProbe: | |
| timeoutSeconds: 7 | |
| exec: | |
| command: | |
| - curl | |
| - -sS | |
| - --fail | |
| - --connect-timeout | |
| - "5" | |
| - -o | |
| - /dev/null | |
| - echo-b-host-headless:31414/public | |
| livenessProbe: | |
| timeoutSeconds: 7 | |
| exec: | |
| command: | |
| - curl | |
| - -sS | |
| - --fail | |
| - --connect-timeout | |
| - "5" | |
| - -o | |
| - /dev/null | |
| - echo-b-host-headless:31414/public | |
| affinity: | |
| podAntiAffinity: | |
| requiredDuringSchedulingIgnoredDuringExecution: | |
| - labelSelector: | |
| matchExpressions: | |
| - key: name | |
| operator: In | |
| values: | |
| - echo-b | |
| topologyKey: kubernetes.io/hostname | |
| selector: | |
| matchLabels: | |
| name: pod-to-b-multi-node-nodeport | |
| replicas: 1 | |
| apiVersion: apps/v1 | |
| kind: Deployment | |
| --- | |
| metadata: | |
| name: pod-to-b-intra-node-nodeport | |
| labels: | |
| name: pod-to-b-intra-node-nodeport | |
| topology: intra-node | |
| component: nodeport-check | |
| traffic: internal | |
| quarantine: "false" | |
| type: autocheck | |
| spec: | |
| template: | |
| metadata: | |
| labels: | |
| name: pod-to-b-intra-node-nodeport | |
| spec: | |
| hostNetwork: false | |
| containers: | |
| - name: pod-to-b-intra-node-nodeport-container | |
| ports: [] | |
| image: quay.io/cilium/alpine-curl:v1.5.0@sha256:7b286939730d8af1149ef88dba15739d8330bb83d7d9853a23e5ab4043e2d33c | |
| imagePullPolicy: IfNotPresent | |
| command: | |
| - /bin/ash | |
| - -c | |
| - sleep 1000000000 | |
| terminationMessagePolicy: FallbackToLogsOnError | |
| readinessProbe: | |
| timeoutSeconds: 7 | |
| exec: | |
| command: | |
| - curl | |
| - -sS | |
| - --fail | |
| - --connect-timeout | |
| - "5" | |
| - -o | |
| - /dev/null | |
| - echo-b-host-headless:31414/public | |
| livenessProbe: | |
| timeoutSeconds: 7 | |
| exec: | |
| command: | |
| - curl | |
| - -sS | |
| - --fail | |
| - --connect-timeout | |
| - "5" | |
| - -o | |
| - /dev/null | |
| - echo-b-host-headless:31414/public | |
| affinity: | |
| podAffinity: | |
| requiredDuringSchedulingIgnoredDuringExecution: | |
| - labelSelector: | |
| matchExpressions: | |
| - key: name | |
| operator: In | |
| values: | |
| - echo-b | |
| topologyKey: kubernetes.io/hostname | |
| selector: | |
| matchLabels: | |
| name: pod-to-b-intra-node-nodeport | |
| replicas: 1 | |
| apiVersion: apps/v1 | |
| kind: Deployment | |
| --- | |
| metadata: | |
| name: echo-a | |
| labels: | |
| name: echo-a | |
| topology: any | |
| component: network-check | |
| traffic: internal | |
| quarantine: "false" | |
| type: autocheck | |
| spec: | |
| ports: | |
| - name: http | |
| port: 8080 | |
| type: ClusterIP | |
| selector: | |
| name: echo-a | |
| apiVersion: v1 | |
| kind: Service | |
| --- | |
| metadata: | |
| name: echo-b | |
| labels: | |
| name: echo-b | |
| topology: any | |
| component: services-check | |
| traffic: internal | |
| quarantine: "false" | |
| type: autocheck | |
| spec: | |
| ports: | |
| - name: http | |
| port: 8080 | |
| nodePort: 31414 | |
| type: NodePort | |
| selector: | |
| name: echo-b | |
| apiVersion: v1 | |
| kind: Service | |
| --- | |
| metadata: | |
| name: echo-b-headless | |
| labels: | |
| name: echo-b-headless | |
| topology: any | |
| component: services-check | |
| traffic: internal | |
| quarantine: "false" | |
| type: autocheck | |
| spec: | |
| ports: | |
| - name: http | |
| port: 8080 | |
| type: ClusterIP | |
| selector: | |
| name: echo-b | |
| clusterIP: None | |
| apiVersion: v1 | |
| kind: Service | |
| --- | |
| metadata: | |
| name: echo-b-host-headless | |
| labels: | |
| name: echo-b-host-headless | |
| topology: any | |
| component: services-check | |
| traffic: internal | |
| quarantine: "false" | |
| type: autocheck | |
| spec: | |
| ports: [] | |
| type: ClusterIP | |
| selector: | |
| name: echo-b-host | |
| clusterIP: None | |
| apiVersion: v1 | |
| kind: Service | |
| --- | |
| metadata: | |
| name: pod-to-a-denied-cnp | |
| namespace: cilium-test | |
| labels: | |
| name: pod-to-a-denied-cnp | |
| topology: any | |
| component: policy-check | |
| traffic: internal | |
| quarantine: "false" | |
| type: autocheck | |
| spec: | |
| endpointSelector: | |
| matchLabels: | |
| name: pod-to-a-denied-cnp | |
| egress: | |
| - toPorts: | |
| - ports: | |
| - port: "53" | |
| protocol: ANY | |
| toEndpoints: | |
| - matchLabels: | |
| k8s:io.kubernetes.pod.namespace: kube-system | |
| k8s:k8s-app: kube-dns | |
| - matchLabels: | |
| k8s:io.kubernetes.pod.namespace: kube-system | |
| k8s:k8s-app: node-local-dns | |
| - toPorts: | |
| - ports: | |
| - port: "5353" | |
| protocol: UDP | |
| toEndpoints: | |
| - matchLabels: | |
| k8s:io.kubernetes.pod.namespace: openshift-dns | |
| k8s:dns.operator.openshift.io/daemonset-dns: default | |
| apiVersion: cilium.io/v2 | |
| kind: CiliumNetworkPolicy | |
| --- | |
| metadata: | |
| name: pod-to-a-allowed-cnp | |
| labels: | |
| name: pod-to-a-allowed-cnp | |
| topology: any | |
| component: policy-check | |
| traffic: internal | |
| quarantine: "false" | |
| type: autocheck | |
| spec: | |
| endpointSelector: | |
| matchLabels: | |
| name: pod-to-a-allowed-cnp | |
| egress: | |
| - toPorts: | |
| - ports: | |
| - port: "8080" | |
| protocol: TCP | |
| toEndpoints: | |
| - matchLabels: | |
| name: echo-a | |
| - toPorts: | |
| - ports: | |
| - port: "53" | |
| protocol: ANY | |
| toEndpoints: | |
| - matchLabels: | |
| k8s:io.kubernetes.pod.namespace: kube-system | |
| k8s:k8s-app: kube-dns | |
| - matchLabels: | |
| k8s:io.kubernetes.pod.namespace: kube-system | |
| k8s:k8s-app: node-local-dns | |
| - toPorts: | |
| - ports: | |
| - port: "5353" | |
| protocol: UDP | |
| toEndpoints: | |
| - matchLabels: | |
| k8s:io.kubernetes.pod.namespace: openshift-dns | |
| k8s:dns.operator.openshift.io/daemonset-dns: default | |
| apiVersion: cilium.io/v2 | |
| kind: CiliumNetworkPolicy | |
| --- | |
| metadata: | |
| name: pod-to-external-fqdn-allow-google-cnp | |
| labels: | |
| name: pod-to-external-fqdn-allow-google-cnp | |
| topology: any | |
| component: policy-check | |
| traffic: external | |
| quarantine: "false" | |
| type: autocheck | |
| spec: | |
| endpointSelector: | |
| matchLabels: | |
| name: pod-to-external-fqdn-allow-google-cnp | |
| egress: | |
| - toFQDNs: | |
| - matchPattern: '*.google.com' | |
| - toPorts: | |
| - ports: | |
| - port: "53" | |
| protocol: ANY | |
| rules: | |
| dns: | |
| - matchPattern: '*' | |
| toEndpoints: | |
| - matchLabels: | |
| k8s:io.kubernetes.pod.namespace: kube-system | |
| k8s:k8s-app: kube-dns | |
| - matchLabels: | |
| k8s:io.kubernetes.pod.namespace: kube-system | |
| k8s:k8s-app: node-local-dns | |
| - toPorts: | |
| - ports: | |
| - port: "5353" | |
| protocol: UDP | |
| rules: | |
| dns: | |
| - matchPattern: '*' | |
| toEndpoints: | |
| - matchLabels: | |
| k8s:io.kubernetes.pod.namespace: openshift-dns | |
| k8s:dns.operator.openshift.io/daemonset-dns: default | |
| apiVersion: cilium.io/v2 | |
| kind: CiliumNetworkPolicy | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment