# Automatically generated by Makefile. DO NOT EDIT apiVersion: v1 kind: Service metadata: name: echo-a spec: type: ClusterIP ports: - port: 80 selector: name: echo-a --- apiVersion: apps/v1 kind: Deployment metadata: name: echo-a spec: selector: matchLabels: name: echo-a replicas: 1 template: metadata: labels: name: echo-a spec: containers: - name: echo-container image: docker.io/cilium/json-mock:1.0 imagePullPolicy: IfNotPresent readinessProbe: exec: command: ["curl", "-sS", "-o", "/dev/null", "localhost"] --- apiVersion: v1 kind: Service metadata: name: echo-b spec: type: ClusterIP ports: - port: 80 selector: name: echo-b --- apiVersion: v1 kind: Service metadata: name: echo-b-headless spec: type: ClusterIP clusterIP: None ports: - port: 80 selector: name: echo-b --- apiVersion: apps/v1 kind: Deployment metadata: name: echo-b spec: selector: matchLabels: name: echo-b replicas: 1 template: metadata: labels: name: echo-b spec: containers: - name: echo-container image: docker.io/cilium/json-mock:1.0 imagePullPolicy: IfNotPresent readinessProbe: exec: command: ["curl", "-sS", "-o", "/dev/null", "localhost"] --- apiVersion: apps/v1 kind: Deployment metadata: name: host-to-b-multi-node-clusterip spec: selector: matchLabels: name: host-to-b-multi-node-clusterip replicas: 1 template: metadata: labels: name: host-to-b-multi-node-clusterip spec: hostNetwork: true dnsPolicy: ClusterFirstWithHostNet containers: - name: host-to-b-multi-node-container imagePullPolicy: IfNotPresent image: docker.io/byrnedo/alpine-curl:0.1.8 command: ["/bin/ash", "-c", "sleep 1000000000"] livenessProbe: exec: command: ["curl", "-sS", "-o", "/dev/null", "echo-b"] affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchExpressions: - key: name operator: In values: - echo-b topologyKey: "kubernetes.io/hostname" --- apiVersion: apps/v1 kind: Deployment metadata: name: host-to-b-multi-node-headless spec: selector: matchLabels: name: host-to-b-multi-node-headless replicas: 1 template: metadata: labels: name: host-to-b-multi-node-headless spec: hostNetwork: true dnsPolicy: ClusterFirstWithHostNet containers: - name: host-to-b-multi-node-container imagePullPolicy: IfNotPresent image: docker.io/byrnedo/alpine-curl:0.1.8 command: ["/bin/ash", "-c", "sleep 1000000000"] livenessProbe: exec: command: ["curl", "-sS", "-o", "/dev/null", "echo-b-headless"] affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchExpressions: - key: name operator: In values: - echo-b topologyKey: "kubernetes.io/hostname" --- apiVersion: apps/v1 kind: Deployment metadata: name: pod-to-a-allowed-cnp spec: selector: matchLabels: name: pod-to-a-allowed-cnp replicas: 1 template: metadata: labels: name: pod-to-a-allowed-cnp spec: containers: - name: pod-to-a-allowed-cnp-container image: docker.io/byrnedo/alpine-curl:0.1.8 command: ["/bin/ash", "-c", "sleep 1000000000"] imagePullPolicy: IfNotPresent livenessProbe: exec: command: ["curl", "-sS", "-o", "/dev/null", "echo-a"] readinessProbe: exec: command: ["curl", "-sS", "-o", "/dev/null", "echo-a"] --- apiVersion: "cilium.io/v2" kind: CiliumNetworkPolicy metadata: name: "pod-to-a-allowed-cnp" spec: endpointSelector: matchLabels: name: pod-to-a-allowed-cnp egress: - toEndpoints: - matchLabels: name: echo-a toPorts: - ports: - port: "80" protocol: TCP - toEndpoints: - matchLabels: k8s:io.kubernetes.pod.namespace: kube-system k8s:k8s-app: kube-dns toPorts: - ports: - port: "53" protocol: UDP --- apiVersion: apps/v1 kind: Deployment metadata: name: pod-to-a-l3-denied-cnp spec: selector: matchLabels: name: pod-to-a-l3-denied-cnp replicas: 1 template: metadata: labels: name: pod-to-a-l3-denied-cnp spec: containers: - name: pod-to-a-l3-denied-cnp-container image: docker.io/byrnedo/alpine-curl:0.1.8 command: ["/bin/ash", "-c", "sleep 1000000000"] imagePullPolicy: IfNotPresent livenessProbe: exec: command: ["ash", "-c", "! curl -sS --connect-timeout 5 -o /dev/null echo-a"] readinessProbe: exec: command: ["ash", "-c", "! curl -sS --connect-timeout 5 -o /dev/null echo-a"] --- apiVersion: "cilium.io/v2" kind: CiliumNetworkPolicy metadata: name: "pod-to-a-l3-denied-cnp" spec: endpointSelector: matchLabels: name: pod-to-a-l3-denied-cnp egress: - toEndpoints: - matchLabels: k8s:io.kubernetes.pod.namespace: kube-system k8s:k8s-app: kube-dns toPorts: - ports: - port: "53" protocol: UDP --- apiVersion: apps/v1 kind: Deployment metadata: name: pod-to-a spec: selector: matchLabels: name: pod-to-a replicas: 1 template: metadata: labels: name: pod-to-a spec: containers: - name: pod-to-a-container image: docker.io/byrnedo/alpine-curl:0.1.8 command: ["/bin/ash", "-c", "sleep 1000000000"] imagePullPolicy: IfNotPresent livenessProbe: exec: command: ["curl", "-sS", "-o", "/dev/null", "echo-a"] --- apiVersion: apps/v1 kind: Deployment metadata: name: pod-to-b-intra-node spec: selector: matchLabels: name: pod-to-b-intra-node replicas: 1 template: metadata: labels: name: pod-to-b-intra-node spec: containers: - name: pod-to-b-intra-node-container image: docker.io/byrnedo/alpine-curl:0.1.8 command: ["/bin/ash", "-c", "sleep 1000000000"] imagePullPolicy: IfNotPresent livenessProbe: exec: command: ["curl", "-sS", "-o", "/dev/null", "echo-b"] affinity: podAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchExpressions: - key: name operator: In values: - echo-b topologyKey: "kubernetes.io/hostname" --- apiVersion: apps/v1 kind: Deployment metadata: name: pod-to-b-multi-node-clusterip spec: selector: matchLabels: name: pod-to-b-multi-node-clusterip replicas: 1 template: metadata: labels: name: pod-to-b-multi-node-clusterip spec: containers: - name: pod-to-b-multi-node-container image: docker.io/byrnedo/alpine-curl:0.1.8 command: ["/bin/ash", "-c", "sleep 1000000000"] imagePullPolicy: IfNotPresent livenessProbe: exec: command: ["curl", "-sS", "-o", "/dev/null", "echo-b"] affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchExpressions: - key: name operator: In values: - echo-b topologyKey: "kubernetes.io/hostname" --- apiVersion: apps/v1 kind: Deployment metadata: name: pod-to-b-multi-node-headless spec: selector: matchLabels: name: pod-to-b-multi-node-headless replicas: 1 template: metadata: labels: name: pod-to-b-multi-node-headless spec: containers: - name: pod-to-b-multi-node-container image: docker.io/byrnedo/alpine-curl:0.1.8 command: ["/bin/ash", "-c", "sleep 1000000000"] imagePullPolicy: IfNotPresent livenessProbe: exec: command: ["curl", "-sS", "-o", "/dev/null", "echo-b-headless"] affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchExpressions: - key: name operator: In values: - echo-b topologyKey: "kubernetes.io/hostname" --- apiVersion: apps/v1 kind: Deployment metadata: name: pod-to-a-external-1111 spec: selector: matchLabels: name: pod-to-a-external-1111 replicas: 1 template: metadata: labels: name: pod-to-a-external-1111 spec: containers: - name: pod-to-a-external-1111-container image: docker.io/byrnedo/alpine-curl:0.1.8 command: ["/bin/ash", "-c", "sleep 1000000000"] imagePullPolicy: IfNotPresent livenessProbe: exec: command: ["curl", "-sS", "--connect-timeout", "5", "-o", "/dev/null", "1.1.1.1"] readinessProbe: exec: command: ["curl", "-sS", "--connect-timeout", "5", "-o", "/dev/null", "1.1.1.1"] --- apiVersion: apps/v1 kind: Deployment metadata: name: pod-to-external-fqdn-allow-google-cnp spec: selector: matchLabels: name: pod-to-external-fqdn-allow-google-cnp replicas: 1 template: metadata: labels: name: pod-to-external-fqdn-allow-google-cnp spec: containers: - name: pod-to-external-fqdn-allow-google-cnp-container image: docker.io/byrnedo/alpine-curl:0.1.8 command: ["/bin/ash", "-c", "sleep 1000000000"] imagePullPolicy: IfNotPresent livenessProbe: exec: command: ["curl", "-sS", "--connect-timeout", "5", "-o", "/dev/null", "www.google.com"] readinessProbe: exec: command: ["curl", "-sS", "--connect-timeout", "5", "-o", "/dev/null", "www.google.com"] --- apiVersion: "cilium.io/v2" kind: CiliumNetworkPolicy metadata: name: "pod-to-external-fqdn-allow-google-cnp" spec: endpointSelector: matchLabels: name: pod-to-external-fqdn-allow-google-cnp egress: - toEndpoints: - matchLabels: "k8s:io.kubernetes.pod.namespace": kube-system "k8s:k8s-app": kube-dns toPorts: - ports: - port: "53" protocol: ANY rules: dns: - matchPattern: "*" - toFQDNs: - matchPattern: "*.google.com" ---