github.com/cilium/cilium@v1.16.2/test/k8s/manifests/ccnp-host-policy-nodeport-tests.yaml

github.com/cilium/cilium@v1.16.2/test/k8s/manifests/ccnp-host-policy-nodeport-tests.yaml (about)

     1  apiVersion: "cilium.io/v2"
     2  kind: CiliumClusterwideNetworkPolicy
     3  metadata:
     4    name: "host-policy-nodeport-tests"
     5  spec:
     6    nodeSelector: {}
     7    ingress:
     8    # Access from outside world
     9    - fromEntities:
    10      - world
    11      toPorts:
    12      - ports:
    13        - port: "22"
    14          protocol: TCP
    15        - port: "6443"
    16          protocol: TCP
    17    # VXLAN tunnels and health checks
    18    - fromEntities:
    19      - remote-node
    20  
    21    egress:
    22    # VXLAN tunnels, kubelet, and health checks
    23    - toEntities:
    24      - remote-node
    25      - health
    26    # Kubelet to node without Cilium
    27    - toCIDR:
    28      - NODE_WITHOUT_CILIUM_IP/32
    29      toPorts:
    30      - ports:
    31        - port: "10250"
    32          protocol: TCP
    33    # NodePort test from host namespace
    34    - toEndpoints:
    35      - matchLabels:
    36          zgroup: testDS
    37      toPorts:
    38      - ports:
    39        - port: "80"
    40          protocol: TCP
    41        - port: "69"
    42          protocol: UDP
    43    # kube-dns probes
    44    - toEndpoints:
    45      - matchLabels:
    46          k8s-app: kube-dns
    47    # cilium-monitoring probes
    48    - toEndpoints:
    49      - matchLabels:
    50          "k8s:io.kubernetes.pod.namespace": cilium-monitoring
    51    # Upstream DNS requests
    52    - toEntities:
    53      - world
    54      toPorts:
    55      - ports:
    56        - port: "53"
    57          protocol: UDP