# Automatically generated by Makefile. DO NOT EDIT --- metadata: name: echo-a labels: name: echo-a topology: any component: network-check traffic: internal quarantine: "false" type: autocheck spec: template: metadata: labels: name: echo-a spec: hostNetwork: false containers: - name: echo-a-container env: - name: PORT value: "8080" ports: - containerPort: 8080 image: quay.io/cilium/json-mock:v1.3.2@sha256:bc6c46c74efadb135bc996c2467cece6989302371ef4e3f068361460abaf39be imagePullPolicy: IfNotPresent terminationMessagePolicy: FallbackToLogsOnError readinessProbe: timeoutSeconds: 7 exec: command: - curl - -sS - --fail - --connect-timeout - "5" - -o - /dev/null - localhost:8080 livenessProbe: timeoutSeconds: 7 exec: command: - curl - -sS - --fail - --connect-timeout - "5" - -o - /dev/null - localhost:8080 selector: matchLabels: name: echo-a replicas: 1 apiVersion: apps/v1 kind: Deployment --- metadata: name: echo-b labels: name: echo-b topology: any component: services-check traffic: internal quarantine: "false" type: autocheck spec: template: metadata: labels: name: echo-b spec: hostNetwork: false containers: - name: echo-b-container env: - name: PORT value: "8080" ports: - containerPort: 8080 hostPort: 40000 image: quay.io/cilium/json-mock:v1.3.2@sha256:bc6c46c74efadb135bc996c2467cece6989302371ef4e3f068361460abaf39be imagePullPolicy: IfNotPresent terminationMessagePolicy: FallbackToLogsOnError readinessProbe: timeoutSeconds: 7 exec: command: - curl - -sS - --fail - --connect-timeout - "5" - -o - /dev/null - localhost:8080 livenessProbe: timeoutSeconds: 7 exec: command: - curl - -sS - --fail - --connect-timeout - "5" - -o - /dev/null - localhost:8080 selector: matchLabels: name: echo-b replicas: 1 apiVersion: apps/v1 kind: Deployment --- metadata: name: echo-b-host labels: name: echo-b-host topology: any component: services-check traffic: internal quarantine: "false" type: autocheck spec: template: metadata: labels: name: echo-b-host spec: hostNetwork: true containers: - name: echo-b-host-container env: - name: PORT value: "21000" ports: [] image: quay.io/cilium/json-mock:v1.3.2@sha256:bc6c46c74efadb135bc996c2467cece6989302371ef4e3f068361460abaf39be imagePullPolicy: IfNotPresent terminationMessagePolicy: FallbackToLogsOnError readinessProbe: timeoutSeconds: 7 exec: command: - curl - -sS - --fail - --connect-timeout - "5" - -o - /dev/null - localhost:21000 livenessProbe: timeoutSeconds: 7 exec: command: - curl - -sS - --fail - --connect-timeout - "5" - -o - /dev/null - localhost:21000 affinity: podAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchExpressions: - key: name operator: In values: - echo-b topologyKey: kubernetes.io/hostname selector: matchLabels: name: echo-b-host replicas: 1 apiVersion: apps/v1 kind: Deployment --- metadata: name: pod-to-a labels: name: pod-to-a topology: any component: network-check traffic: internal quarantine: "false" type: autocheck spec: template: metadata: labels: name: pod-to-a spec: hostNetwork: false containers: - name: pod-to-a-container ports: [] image: quay.io/cilium/alpine-curl:v1.5.0@sha256:7b286939730d8af1149ef88dba15739d8330bb83d7d9853a23e5ab4043e2d33c imagePullPolicy: IfNotPresent command: - /bin/ash - -c - sleep 1000000000 terminationMessagePolicy: FallbackToLogsOnError readinessProbe: timeoutSeconds: 7 exec: command: - curl - -sS - --fail - --connect-timeout - "5" - -o - /dev/null - echo-a:8080/public livenessProbe: timeoutSeconds: 7 exec: command: - curl - -sS - --fail - --connect-timeout - "5" - -o - /dev/null - echo-a:8080/public selector: matchLabels: name: pod-to-a replicas: 1 apiVersion: apps/v1 kind: Deployment --- metadata: name: pod-to-external-1111 labels: name: pod-to-external-1111 topology: any component: network-check traffic: external quarantine: "false" type: autocheck spec: template: metadata: labels: name: pod-to-external-1111 spec: hostNetwork: false containers: - name: pod-to-external-1111-container ports: [] image: quay.io/cilium/alpine-curl:v1.5.0@sha256:7b286939730d8af1149ef88dba15739d8330bb83d7d9853a23e5ab4043e2d33c imagePullPolicy: IfNotPresent command: - /bin/ash - -c - sleep 1000000000 terminationMessagePolicy: FallbackToLogsOnError readinessProbe: timeoutSeconds: 7 exec: command: - curl - -sS - --fail - --connect-timeout - "5" - -o - /dev/null - https://1.1.1.1 livenessProbe: timeoutSeconds: 7 exec: command: - curl - -sS - --fail - --connect-timeout - "5" - -o - /dev/null - https://1.1.1.1 selector: matchLabels: name: pod-to-external-1111 replicas: 1 apiVersion: apps/v1 kind: Deployment --- metadata: name: pod-to-a-denied-cnp labels: name: pod-to-a-denied-cnp topology: any component: policy-check traffic: internal quarantine: "false" type: autocheck spec: template: metadata: labels: name: pod-to-a-denied-cnp spec: hostNetwork: false containers: - name: pod-to-a-denied-cnp-container ports: [] image: quay.io/cilium/alpine-curl:v1.5.0@sha256:7b286939730d8af1149ef88dba15739d8330bb83d7d9853a23e5ab4043e2d33c imagePullPolicy: IfNotPresent command: - /bin/ash - -c - sleep 1000000000 terminationMessagePolicy: FallbackToLogsOnError readinessProbe: timeoutSeconds: 7 exec: command: - ash - -c - '! curl -s --fail --connect-timeout 5 -o /dev/null echo-a:8080/private' livenessProbe: timeoutSeconds: 7 exec: command: - ash - -c - '! curl -s --fail --connect-timeout 5 -o /dev/null echo-a:8080/private' selector: matchLabels: name: pod-to-a-denied-cnp replicas: 1 apiVersion: apps/v1 kind: Deployment --- metadata: name: pod-to-a-allowed-cnp labels: name: pod-to-a-allowed-cnp topology: any component: policy-check traffic: internal quarantine: "false" type: autocheck spec: template: metadata: labels: name: pod-to-a-allowed-cnp spec: hostNetwork: false containers: - name: pod-to-a-allowed-cnp-container ports: [] image: quay.io/cilium/alpine-curl:v1.5.0@sha256:7b286939730d8af1149ef88dba15739d8330bb83d7d9853a23e5ab4043e2d33c imagePullPolicy: IfNotPresent command: - /bin/ash - -c - sleep 1000000000 terminationMessagePolicy: FallbackToLogsOnError readinessProbe: timeoutSeconds: 7 exec: command: - curl - -sS - --fail - --connect-timeout - "5" - -o - /dev/null - echo-a:8080/public livenessProbe: timeoutSeconds: 7 exec: command: - curl - -sS - --fail - --connect-timeout - "5" - -o - /dev/null - echo-a:8080/public selector: matchLabels: name: pod-to-a-allowed-cnp replicas: 1 apiVersion: apps/v1 kind: Deployment --- metadata: name: pod-to-external-fqdn-allow-google-cnp labels: name: pod-to-external-fqdn-allow-google-cnp topology: any component: policy-check traffic: external quarantine: "false" type: autocheck spec: template: metadata: labels: name: pod-to-external-fqdn-allow-google-cnp spec: hostNetwork: false containers: - name: pod-to-external-fqdn-allow-google-cnp-container ports: [] image: quay.io/cilium/alpine-curl:v1.5.0@sha256:7b286939730d8af1149ef88dba15739d8330bb83d7d9853a23e5ab4043e2d33c imagePullPolicy: IfNotPresent command: - /bin/ash - -c - sleep 1000000000 terminationMessagePolicy: FallbackToLogsOnError readinessProbe: timeoutSeconds: 7 exec: command: - curl - -sS - --fail - --connect-timeout - "5" - -o - /dev/null - www.google.com livenessProbe: timeoutSeconds: 7 exec: command: - curl - -sS - --fail - --connect-timeout - "5" - -o - /dev/null - www.google.com selector: matchLabels: name: pod-to-external-fqdn-allow-google-cnp replicas: 1 apiVersion: apps/v1 kind: Deployment --- metadata: name: pod-to-b-multi-node-clusterip labels: name: pod-to-b-multi-node-clusterip topology: multi-node component: services-check traffic: internal quarantine: "false" type: autocheck spec: template: metadata: labels: name: pod-to-b-multi-node-clusterip spec: hostNetwork: false containers: - name: pod-to-b-multi-node-clusterip-container ports: [] image: quay.io/cilium/alpine-curl:v1.5.0@sha256:7b286939730d8af1149ef88dba15739d8330bb83d7d9853a23e5ab4043e2d33c imagePullPolicy: IfNotPresent command: - /bin/ash - -c - sleep 1000000000 terminationMessagePolicy: FallbackToLogsOnError readinessProbe: timeoutSeconds: 7 exec: command: - curl - -sS - --fail - --connect-timeout - "5" - -o - /dev/null - echo-b:8080/public livenessProbe: timeoutSeconds: 7 exec: command: - curl - -sS - --fail - --connect-timeout - "5" - -o - /dev/null - echo-b:8080/public affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchExpressions: - key: name operator: In values: - echo-b topologyKey: kubernetes.io/hostname selector: matchLabels: name: pod-to-b-multi-node-clusterip replicas: 1 apiVersion: apps/v1 kind: Deployment --- metadata: name: pod-to-b-multi-node-headless labels: name: pod-to-b-multi-node-headless topology: multi-node component: services-check traffic: internal quarantine: "false" type: autocheck spec: template: metadata: labels: name: pod-to-b-multi-node-headless spec: hostNetwork: false containers: - name: pod-to-b-multi-node-headless-container ports: [] image: quay.io/cilium/alpine-curl:v1.5.0@sha256:7b286939730d8af1149ef88dba15739d8330bb83d7d9853a23e5ab4043e2d33c imagePullPolicy: IfNotPresent command: - /bin/ash - -c - sleep 1000000000 terminationMessagePolicy: FallbackToLogsOnError readinessProbe: timeoutSeconds: 7 exec: command: - curl - -sS - --fail - --connect-timeout - "5" - -o - /dev/null - echo-b-headless:8080/public livenessProbe: timeoutSeconds: 7 exec: command: - curl - -sS - --fail - --connect-timeout - "5" - -o - /dev/null - echo-b-headless:8080/public affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchExpressions: - key: name operator: In values: - echo-b topologyKey: kubernetes.io/hostname selector: matchLabels: name: pod-to-b-multi-node-headless replicas: 1 apiVersion: apps/v1 kind: Deployment --- metadata: name: host-to-b-multi-node-clusterip labels: name: host-to-b-multi-node-clusterip topology: multi-node component: services-check traffic: internal quarantine: "false" type: autocheck spec: template: metadata: labels: name: host-to-b-multi-node-clusterip spec: hostNetwork: true containers: - name: host-to-b-multi-node-clusterip-container ports: [] image: quay.io/cilium/alpine-curl:v1.5.0@sha256:7b286939730d8af1149ef88dba15739d8330bb83d7d9853a23e5ab4043e2d33c imagePullPolicy: IfNotPresent command: - /bin/ash - -c - sleep 1000000000 terminationMessagePolicy: FallbackToLogsOnError readinessProbe: timeoutSeconds: 7 exec: command: - curl - -sS - --fail - --connect-timeout - "5" - -o - /dev/null - echo-b:8080/public livenessProbe: timeoutSeconds: 7 exec: command: - curl - -sS - --fail - --connect-timeout - "5" - -o - /dev/null - echo-b:8080/public affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchExpressions: - key: name operator: In values: - echo-b topologyKey: kubernetes.io/hostname dnsPolicy: ClusterFirstWithHostNet selector: matchLabels: name: host-to-b-multi-node-clusterip replicas: 1 apiVersion: apps/v1 kind: Deployment --- metadata: name: host-to-b-multi-node-headless labels: name: host-to-b-multi-node-headless topology: multi-node component: services-check traffic: internal quarantine: "false" type: autocheck spec: template: metadata: labels: name: host-to-b-multi-node-headless spec: hostNetwork: true containers: - name: host-to-b-multi-node-headless-container ports: [] image: quay.io/cilium/alpine-curl:v1.5.0@sha256:7b286939730d8af1149ef88dba15739d8330bb83d7d9853a23e5ab4043e2d33c imagePullPolicy: IfNotPresent command: - /bin/ash - -c - sleep 1000000000 terminationMessagePolicy: FallbackToLogsOnError readinessProbe: timeoutSeconds: 7 exec: command: - curl - -sS - --fail - --connect-timeout - "5" - -o - /dev/null - echo-b-headless:8080/public livenessProbe: timeoutSeconds: 7 exec: command: - curl - -sS - --fail - --connect-timeout - "5" - -o - /dev/null - echo-b-headless:8080/public affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchExpressions: - key: name operator: In values: - echo-b topologyKey: kubernetes.io/hostname dnsPolicy: ClusterFirstWithHostNet selector: matchLabels: name: host-to-b-multi-node-headless replicas: 1 apiVersion: apps/v1 kind: Deployment --- metadata: name: pod-to-b-multi-node-nodeport labels: name: pod-to-b-multi-node-nodeport topology: multi-node component: nodeport-check traffic: internal quarantine: "false" type: autocheck spec: template: metadata: labels: name: pod-to-b-multi-node-nodeport spec: hostNetwork: false containers: - name: pod-to-b-multi-node-nodeport-container ports: [] image: quay.io/cilium/alpine-curl:v1.5.0@sha256:7b286939730d8af1149ef88dba15739d8330bb83d7d9853a23e5ab4043e2d33c imagePullPolicy: IfNotPresent command: - /bin/ash - -c - sleep 1000000000 terminationMessagePolicy: FallbackToLogsOnError readinessProbe: timeoutSeconds: 7 exec: command: - curl - -sS - --fail - --connect-timeout - "5" - -o - /dev/null - echo-b-host-headless:31414/public livenessProbe: timeoutSeconds: 7 exec: command: - curl - -sS - --fail - --connect-timeout - "5" - -o - /dev/null - echo-b-host-headless:31414/public affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchExpressions: - key: name operator: In values: - echo-b topologyKey: kubernetes.io/hostname selector: matchLabels: name: pod-to-b-multi-node-nodeport replicas: 1 apiVersion: apps/v1 kind: Deployment --- metadata: name: pod-to-b-intra-node-nodeport labels: name: pod-to-b-intra-node-nodeport topology: intra-node component: nodeport-check traffic: internal quarantine: "false" type: autocheck spec: template: metadata: labels: name: pod-to-b-intra-node-nodeport spec: hostNetwork: false containers: - name: pod-to-b-intra-node-nodeport-container ports: [] image: quay.io/cilium/alpine-curl:v1.5.0@sha256:7b286939730d8af1149ef88dba15739d8330bb83d7d9853a23e5ab4043e2d33c imagePullPolicy: IfNotPresent command: - /bin/ash - -c - sleep 1000000000 terminationMessagePolicy: FallbackToLogsOnError readinessProbe: timeoutSeconds: 7 exec: command: - curl - -sS - --fail - --connect-timeout - "5" - -o - /dev/null - echo-b-host-headless:31414/public livenessProbe: timeoutSeconds: 7 exec: command: - curl - -sS - --fail - --connect-timeout - "5" - -o - /dev/null - echo-b-host-headless:31414/public affinity: podAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchExpressions: - key: name operator: In values: - echo-b topologyKey: kubernetes.io/hostname selector: matchLabels: name: pod-to-b-intra-node-nodeport replicas: 1 apiVersion: apps/v1 kind: Deployment --- metadata: name: echo-a labels: name: echo-a topology: any component: network-check traffic: internal quarantine: "false" type: autocheck spec: ports: - name: http port: 8080 type: ClusterIP selector: name: echo-a apiVersion: v1 kind: Service --- metadata: name: echo-b labels: name: echo-b topology: any component: services-check traffic: internal quarantine: "false" type: autocheck spec: ports: - name: http port: 8080 nodePort: 31414 type: NodePort selector: name: echo-b apiVersion: v1 kind: Service --- metadata: name: echo-b-headless labels: name: echo-b-headless topology: any component: services-check traffic: internal quarantine: "false" type: autocheck spec: ports: - name: http port: 8080 type: ClusterIP selector: name: echo-b clusterIP: None apiVersion: v1 kind: Service --- metadata: name: echo-b-host-headless labels: name: echo-b-host-headless topology: any component: services-check traffic: internal quarantine: "false" type: autocheck spec: ports: [] type: ClusterIP selector: name: echo-b-host clusterIP: None apiVersion: v1 kind: Service --- metadata: name: pod-to-a-denied-cnp labels: name: pod-to-a-denied-cnp topology: any component: policy-check traffic: internal quarantine: "false" type: autocheck spec: endpointSelector: matchLabels: name: pod-to-a-denied-cnp egress: - toPorts: - ports: - port: "53" protocol: ANY toEndpoints: - matchLabels: k8s:io.kubernetes.pod.namespace: kube-system k8s:k8s-app: kube-dns - matchLabels: k8s:io.kubernetes.pod.namespace: kube-system k8s:k8s-app: node-local-dns - toPorts: - ports: - port: "5353" protocol: UDP toEndpoints: - matchLabels: k8s:io.kubernetes.pod.namespace: openshift-dns k8s:dns.operator.openshift.io/daemonset-dns: default apiVersion: cilium.io/v2 kind: CiliumNetworkPolicy --- metadata: name: pod-to-a-allowed-cnp labels: name: pod-to-a-allowed-cnp topology: any component: policy-check traffic: internal quarantine: "false" type: autocheck spec: endpointSelector: matchLabels: name: pod-to-a-allowed-cnp egress: - toPorts: - ports: - port: "8080" protocol: TCP toEndpoints: - matchLabels: name: echo-a - toPorts: - ports: - port: "53" protocol: ANY toEndpoints: - matchLabels: k8s:io.kubernetes.pod.namespace: kube-system k8s:k8s-app: kube-dns - matchLabels: k8s:io.kubernetes.pod.namespace: kube-system k8s:k8s-app: node-local-dns - toPorts: - ports: - port: "5353" protocol: UDP toEndpoints: - matchLabels: k8s:io.kubernetes.pod.namespace: openshift-dns k8s:dns.operator.openshift.io/daemonset-dns: default apiVersion: cilium.io/v2 kind: CiliumNetworkPolicy --- metadata: name: pod-to-external-fqdn-allow-google-cnp labels: name: pod-to-external-fqdn-allow-google-cnp topology: any component: policy-check traffic: external quarantine: "false" type: autocheck spec: endpointSelector: matchLabels: name: pod-to-external-fqdn-allow-google-cnp egress: - toFQDNs: - matchPattern: '*.google.com' - toPorts: - ports: - port: "53" protocol: ANY rules: dns: - matchPattern: '*' toEndpoints: - matchLabels: k8s:io.kubernetes.pod.namespace: kube-system k8s:k8s-app: kube-dns - matchLabels: k8s:io.kubernetes.pod.namespace: kube-system k8s:k8s-app: node-local-dns - toPorts: - ports: - port: "5353" protocol: UDP rules: dns: - matchPattern: '*' toEndpoints: - matchLabels: k8s:io.kubernetes.pod.namespace: openshift-dns k8s:dns.operator.openshift.io/daemonset-dns: default apiVersion: cilium.io/v2 kind: CiliumNetworkPolicy