github.com/cilium/cilium@v1.16.2/test/k8s/manifests/echo-policy.yaml

github.com/cilium/cilium@v1.16.2/test/k8s/manifests/echo-policy.yaml (about)

     1  apiVersion: "cilium.io/v2"
     2  kind: CiliumNetworkPolicy
     3  metadata:
     4    name: "hairpin-validation-policy"
     5  spec:
     6    endpointSelector:
     7      matchLabels:
     8        name: echo
     9    # L3 egress policy validates that policy enforcement is skipped for hairpin
    10    # traffic that's SNAT'd. Ingress hairpin traffic can match on L3, but still
    11    # fail on L4 policy, hence define an L4 policy on ingress for validation.
    12    egress:
    13      - toEndpoints:
    14          - matchLabels:
    15              "k8s:io.kubernetes.pod.namespace": default
    16    ingress:
    17      - toPorts:
    18          - ports:
    19              - port: "80"
    20                protocol: TCP
    21              - port: "69"
    22                protocol: UDP